Slashdot Mirror
Gates on Spam
pvt_medic writes "Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project. There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp. (story has great picture of Bill Gates as well)" Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
This has been discussed before, and i replied to this before. Allow others to make calculations on your computer, eh? Would those calculations happen to be the spam solution MS Research came up with? Why don't they stick to that solution?! Strap it to SpamAssassin like these guys do but replacing the C/R, it's gold!
Similar to Seti@Home, sure... Except you pay Microsoft to have the calculations considered.
Also, what is Gates holding in that picture? A joint? Is that was he's smoking thinking people will accept this idea as part of their daily email lives so that microsoft can make even more barrels of cash?
story has great picture of Bill Gates as well
.02,
Is he praising Mel Gibson for Passion of Christ? Is he smoking one incredibly fat doober that would make even Tommy Chong jealous? Is he trying to convince the Pope that Longhorn isn't named after a pornstar? Or is he really just THAT great?
You decide.
Seriously:
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle. The exercise would merely serve as proof of the sender's good faith.
And how the fuck would this make a difference? So what? The computer that is supposed to do the work is going to be like Johnny Badass in 2nd grade math class... They are not going to do their homework and just try to bluff it through class. If they do end up having to hand it in to be graded they are just going to get around it some other way. We will end up blocking just as many hosts as before.
Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
No kidding. Gates came up w/it why would you be surprised he wouldn't want to protect his idea? No conspiracy here... Was the comment necessary?
Just my worthless
I always knew he was smoking something!
We use his personal bank accounts to pay for the postage.
~S
The proceeds of a stamp would likely find its way into his pocket, I'm sure.
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
According to the Info World article about Microsoft's Caller ID patents, Microsoft's license "... will encourage all parties involved to allow the Caller ID technology to develop and improve without being hindered by license restrictions or royalty schemes"; and "Microsoft wants to do more than merely give (Caller ID) away, they also want to make sure nobody else can profit from it."
:-)
Seems like a perfect application for the GPL to me.
No.
Love, Tom.
Charging for email doesn't discourage spam. It discourages mass email. But there are many legitimate uses of mass email, like discussion lists, automated order confirmation emails, etc. - and increasing the costs of sending this type of mail will hurt open-source developers and small businesses the most.
.org? Yeah, right!
It's not surprising that Microsoft doesn't see the problem with this. They can afford to buy a few more mail servers to handle all of microsoft.com's outgoing mail, and they'd love it if people had to buy more servers (each running a copy of Windows, of course) just to handle all of the added computational costs of sending mail.
In the article, "Goodmail chief executive Richard Gingras said individuals might get to send a limited number for free, while mailing lists and nonprofit organizations might get price breaks." But how do you know who's a nonprofit? Someone with a
I believe that SPF currently has the potential to put the biggest dent in spam, since it directly addresses forged email addresses without needing to replace SMTP. It's not a complete solution, but it's a lot more realistic than Microsoft's idea.
It might cut down on those damn chain letters and stupid Internet jokes that get passed around 5000 times.
Can I bum a sig?
The rest will burn in the Final Conflagration between the Dark Prince's OS and the upstart Penguin!
Muwahahahahahahahaha!!!!!
It pains me to think that MS will have IP hooks into this stuff, but one thing, however, is clear... A system isn't far away, and when it's in place, the spam and virus f*cks will be screwed--and I can't wait to see them fold (it least, to a large degree). For once, virus authors will have to make *real* exploits (rather than take advantage of Outlooks click-and-run garbage) and spam people will have to pursue legit forms of mass mailing.
One thing's for sure, as a receiver of 500-1000 spam and virus emails a day, I welcome the not-too-distant future.
G-Force music visualization
Requiring people to let the sender or some third party execute instructions on the sending machine is so fraught with problems, it's hard to know where to start. Unless this software is Free, you simply can't expect everyone to install on their systems; of course MS wants them to, but hey let's be realistic here: they won't. If it's only available in binary, it would lock out anyone using an unsupported OS (or version thereof). It'd be a new security hole in the sender's machine just begging (with a big neon sign) to be exploited, and would complicate the use of firewalls, especially those using NAT. It'd have a regressive fee structure, because those with expensive, high-powered machines could afford to "spend" more CPU cycles (heck, build a beowulf cluster of discarded 486's to buy more spamming rights), while some poor sod using a Pentium/150 can hardly afford to give up any.
http://alternatives.rzero.com/
Would buying the premium version, grant you so many 'tokens'?
I'd rather have a token based system than a system that taxes my system, SETI ain't the fastest you know...
The most explosive growth for Internet usage (including the almighty email, of course) is coming from third world nations. A penny here or there may not affect someone from the first world, but it sure would make a difference in poorer parts of the globe.
I always save my last mod point to mod up a good troll. You people are too serious.
Email needs to be free....
Spam as a tool works as per the previous articles. It is a pain just like anything else, but instead of making me pay money to use email, why not spend you high budgets with an educational compaign to stop people from buying spammed products? No money made means no motivation. Problem solved. We voted with our dollars on banner ads and look how that market fell out. Rinse and apply to spam.
Also, what happens when we are forced to move away from email because we invite Microsoft to take over and control it?
Dear Mr. Gates,
Fuck you.
Thank you for your time.
True believers seek redemption from the sin of death.
I think I'd rather put spam filters on backbone routers. That sounds a lot cheaper for everyone.
Finding God in a Dog
The only great picture of Bill Gates that I know of are ones of this incident
"Freedom means freedom for everybody" -- Dick Cheney
How does this help in the case of spammers creating massive networks of compromised hosts which are then used to send spam in a distributed manner? Such a "pay-with-cycles" technique is useless in this case, since you can still send a *massive* amount of spam with a few million compromised computers, even if each one can only send, say, one email per hour.
We're not quite sure who you are, but we're with you. Love, Steve and Linus
I've got more mod points and GMail invi
I was reading about this when Gates first suggested it a few weeks ago and I found one of the ideas pretty interesting. You would be charged by the person you sent the email to (in a paypal-like way, I suppose) and the person who recieves the email has the ability to decline the payment if it's from someone you know... and like.
Aren't most spams sent using hijacked PCs anyway?
Why wouldn't the spammer be willing to sell cycles on the zombie PCs?
If this were the case, I would have little to no incentive to send e-mails at that point. I don't use my cell phone's text messages for the same reason. Who wants to pay for a service that is already free? Besides, I still get junk mail, and that costs postage too, but it doesn't stop the companies from sending it to me.
As long as the money is going to a good cause, preventing spam, and not going to Microsoft, then this sounds like a really great idea!
Given the current exchange rate, you could send 1,000,000 emails on a China server for 1 cent. Perfect!
Why hasn't anybody come up with a certificate based anti-spam solution? Ie, the sender has to be registered with Verisign (or some other registrar) who issues a certificate that the sender includes with each email. If the certificate doesn't match certain parms (ie. IP address, domain name, etc...) then the email's invalid and blocked. I realize this doesn't actually prevent spam but it certainly goes a long way to making it a managable problem.
I do agree that this could be potentially troublesome for companies like amazon that send out large quantities of confirmation emails. But I imagine those would still be received and stored somewhere -- the user would just have to go poke around for emails they were expecting but hadn't specifically authorized.
Wouldn't current methods trivially circumvent this?
1) Spamhouse uses viruses to own assorted desktops (just like they do now).
2) Instead of just using those boxes as oen relays (like the do now) they first have them 'pay' this postage.
That charging for email means that *nobody* will be able to run a free mailing list service anymore. Or, alternatively, be just as easy to get around as the current system. Or, even better, have a new set of quirks and possibilities for abuse that would further ruin our email systems.
The problem is, the main reason why the Internet has worked and CIS, GEnie, ISDN, Teletex, etc. have all fallen by the wayside is because you pay for bandwidth, not services.
No, the problem is, there's no good way to kick somebody off of the Internet.
Gentoo Sucks
I don't see this as a feasible solution. How would something like this be implemented? It won't. Sure, Microsoft can setup Outlook to do some calculations or "pay" for sending email, but what's to stop someone else from simply using a different email program?
I pay for my internet service, I pay for my pc, my taxes ( way too much ), my electrical bill... and my time isn't free.. ( though my software is )
Why should I have to pay more just because the government refuses to enforce laws that already exist.. Remember the no fax spam laws that pre-date this 'internet thing'? They prohibited sending faxes due to the fact the receiver had to foot the bill for the 'privilege' of getting the spam, due to expenses of paper and ink.
This doesn't even touch the fact that a large percentage of spam is pornographic, and being sent to minors.. also a crime in this country....
So fact Bill is in it to profit ( go figure ) has nothing to do with my statement...I f-ing pay enough now.. And im sick of it.
---- Booth was a patriot ----
Does anyone -really- believe the cost would stay 1 cent? It would stay there for a while, until everyone considers paying for emails normal, then it'll rise and never come back, guaranteed.
Has anyone else noticed the alternate spellings Microsoft uses on their site for their name? So many ways to spell Mircosoft to choose from...
(yes sorry, slightly off topic, but I just noted this after NTK gave a similar link about the Guardian)
Which would you rather see: Gates on Spam, or Spam on Gates?
"Freedom means freedom for everybody" -- Dick Cheney
This is spam.
This is Gates on spam.
Any questions?
Are you Corn Fed?
While saying this requires users to "pay to send emails" may be technically accurate, the practical cost to most users will be zero since they're not using those cycles anyway (and the consumed wattage will be virtually nonexistent). Adding a computational burden to email may not be a good idea under MS's implementation -- fine -- but don't lead people to think it's going to take money out of their pockets to send email.
I don't care about spam.
BECAUSE:
1) The Bayesian filter in Mozilla (and other clients) *does* work.
2) The Bayesian filter in Mozilla (and other clients) *does* work.
3) The Bayesian filter in Mozilla (and other clients) *does* work.
So, where is the problem? Am I forced to do annoying things because the majority of people with email don't know how to use/setup Bayesian filters properly?
If paying money/taxes/annoying procedures are the sollution then email is really doomed. Thanks, to Joe Clueless and his inability to admit his incompetency instead of whining for absurd/pervert solutions.
Microsoft makes peace with Spam, tells everyone to learn to live with it and love it.
Could you imagine the security problems we'd have if Microsoft developed software that forced us to leave machines open to remote connections in order to "pay" for mail.
I have enough security problems with downloading email and web content onto Windows machines. God only knows what would happen if people could upload shit onto my machine without my approval.
It's a novel idea. But I wouldn't trust MS to implement it.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Today, when *recieving* emails with MS Outlook, there is a small chance to have to do some "distributed computing" for others. The most commonly used tools for this task today are netsky, bagle and mydoom.
... client updates are going to be install through a feature called buffer overflow ...
In future, when *sending* emails with MS Outlook, there is a big chance that your machine will do some "distributed computing" for others
Charging people postage for letters works because there is one centralized postal service which makes all the deliveries. Charging people for sending email will never work because nobody, not even Microsoft, owns the "email service." Because there isn't one. Just the SMTP protocol, and millions of computers which comply with it.
Maybe in a few decades people will catch on to the fact that the internet is global and decentralized, and that schemes like this are doomed to failure. You can't devise a pay-for-email scheme that doesn't have a dozen ways to get around it-- especially since this plan appears to be destined for the US only. As if every unsolicited email I get can't be traced to Taiwan, Korea, or Russia.
This plan is like the automatic security gate at my apartment complex-- annoying to legitimate users, absolutely ineffective against all but the most inept criminals.
I am Sartre of the Borg. Existence is futile.
Is he fscking NUTS?
If you don't know what AltaVista is (was), get off my lawn.
That device he's holding in the picture is a slide changer for the speech he's giving... Do all executives take the same class to teach how to give a speech? Regardless of company (Microsoft, Intel, Apple, etc, as long as its a tech speech), they all seem to come out with the same horribly hunched over shoulders, and hold that damn thing with two fingers while spinning it around with their other hands fingers.
It's such a pet peeve now that I can't even watch keynote speeches anymore.
DrPascal: Not the language, the mathematician.
That sounds an awful lot like a GPL-ism to me.
"No" Of course, if Bill really gets going on this, he could just support built into MS mail clients and Exchange Server and enabled by default... and push it out as part of a Service Pack. That would cause a lot of problems.
"Redundant"??? Obviously not!!!
It seems to me that it is already becoming increasing difficult (read expensive) for the true spammers (read forged headers, opt-out-chance-in-hell) to get away with it.
I use TMDA and it cuts out 99%+ of the spam I used to receive -- try it you'll love it.
http://www.tmda.net/
Hell, even filtering via Mozilla's or others "Junk mail" filtering works well... or something fancier:
http://www.bayesian.org/
I'd personally like to know how many open relays there are out there. Is # of open relays > how many $ Bill G has? Any correlation?
Linux or die.
...now those mass mailing trojans will slow your computer down even more!!! A completely useless idea as I see it, except to pad Gates pocket book.
If MS is in charge of selling the distributed computer time, all those security holes and the trojans that take advantage of them will become their primary revenue stream.
First off requireing on supposedly time consuming math is absurd. First off it can't be too complex because it would encumber normal users and recievers (who have to check it I suppose) second spammers will develope a cheat sheet (and if Bill doesn't think so he should do a search on the web for "Microsoft Product Activation Code".
My system is beautiful and simple.
Everyone use an OpenPGP program (maybe gnuPG) to sign all their email. then recipients can easily check a public keyserver (probably would have to set up more, but ideally each large domain would have one so you can check 'keyserver.microsoft.com' for the key for an adress from microsoft.com) of course you wouldn't need to check a server for someone in your keyring, but I bet through this method anti-spam webs of trust would become very easy to protect.
This is currently standards complient, so it breaks nothing. And it allows people to decide their level of protection.... you want unsigned mail to get through more power to you. You want to see only verified email fro people YOU know, go for it. you want to accept from any one who has signed that you can get the identity of from a keyserver, sounds great.
Why don't people do this? it requires nothing more than minimal changes to mail readers, and mild diligence. once it became popular enough its very easy to eliminate all non-trusted mail (although st first you would have to slowoly build it up of course)
is this that bad of an idea?
Please remit one fully factorized 2048 bit random number.
Love, Bill.
Shouldn't we ask the spammers to set the evil bit? We know that spammers in their good faith will set this in every bit outgoing packet. That should solve all the problems.
If you could filter emails that contained links to configurable domains, it would greatly improve filters. This would illiminate over 90% of the Spam that still gets though my filters.
How do they expect to get anyone to adopt this when we've got perfectly good, freely usable, SMTP standard to send mail with?
Sure, it's got it's problems (spam, etc), but I can't see why anyone would go 'hey, I'd like to have to give away processor time so I can send mail, instead of just using the firmly entrenched SMTP standard that doesn't cost anything above my connection fees'.
It doesn't make sense. How are they planning to get people to adopt this?
Code or be coded.
Please reply with remove@abc.def
By the way, our servers charge a $5 fee per email.
They call it "Caller ID" ?
Whats next longhorn will be released as "Operating System" because "Windows" just isn't generic enough? Is microsoft the only company to has NO ONE on staff who can come up with a name? or do they use common words to seem that much more ubiquitous?
As long as I receive spam I'll know that email is still for free.
Lets all get certificates and sign our messages. Then we can configure our mail systems to not accept unsigned messages. Simple.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Okay, so I know that a client can be built for any platform, but what about the emails that I compose on my cell phone? I can just see the 10 seconds of computations performed by the latest P4 taking hours on my cell phone! Or does no one use cell phones, PDAs, etc to send and receive email?
Like we should listen to some pay-to-mail scheme from bill gates.....
Microsoft Exchange Servers configured as an open relay are probably instrumental in a majority of the spam out there being sent.
Yes i *know* that the local sysadmin should administer the mailservers better, but it is Microsofts MCSE program that sends them out in the world naive/instructed to do this, and the buggy ass software that makes it so easy/desireable to configure it this way.
iirc, they are an open relay by default.
What an arrogant jackass.
do() || do_not();
The problem with any "make you pay" schemes is that people will either bypass the check, infect someone else's machine to do it, or steal identities and get someone else to do it.
I think the conventional ways to stop spam are working. They are forcing us to fix broken software and protocols instead of patching them with something new and untested.
There are so many things wrong with this proposal it's unreal.
Forget MS encumbered technology. This proposition will only move spammers to a country where this is not implemented. So that basically leaves the non-spammers running useless "math problems" on there computer.
Also, the proposal of running a "SETI" type app to pay for it. Why should I? If you want to use my CPU cycles, pay me the cost of the electricity it takes, plus wear on the computer components, plus a profit per cpu cycle. I am not a charity.
As for the cash per e-mail idea, my ISP already charges me as part of my monthly service charge for e-mail. Would they deduct this portion of my monthly payment and then begin to bill me "a la carte" for each e-mail, or would my bill remain the same and then they would tack on a penny per e-mail? Is this a new way to up-size revenues for ISP's?
I don't buy into the argument of charging for e-mail to eliminate spam. It only leads to higher costs for the consumers, more profits for ISP's, and the spammers will circumvent the system.
maybe a scheme where an accepted email entitles the sender to send more. This could be done maybe through sending back a single or limited use token (encrypted string).
So your email progam collect tokens from people you have send an email and attach it to new emails to the same address.
Your email program filters out email with and without a token. The tokens are then checked and marked as valid or invalid. SPAM would get no token as you would never accept an email from those sourses. Tokens could be
- single use
- multiple use
- with end date
etc
It works like a kind of private stamps
Net sa best, mar it koe minder
Regardless of what the general public thinks.
Grill Bates:
Sorry.... I can't fix my SW, so here's another approach.
IT seems like Spam is largely able to exist just because of the widespread looseness in SMTP. If access to SMTP servers is restricted with accounts (either with authentication or address recognition, etc. for LAN's), and then further checking is done by other SMTP servers to validate the hostnames, addresses, etc. so that random SMTP servers can't just be set up. Then sent e-mails should always be able to easily be tracked down to the account that sent it (relevant info could be added to the header) and that account can be disabled for spam. If the reporting process were relatively streamlined objectively, then the effort of overcoming the obstacles would outweigh any benefit.
I don't try to be right, I just try to make people think
Does this include the 100 emails a day I get from bounced bagle infectee's . Maybe William should spend more time securing his OS than fiddling with digital stamps.
In order for this to work, you'd have to not just modify Outlook or any of the applications, you'd have to set up a new standard of sending email. If you realized Outlook is attaching something onto your emails that tracks the sender(s) payment info, then why hell, why not just telnet into some server and send mail the old fashioned way? Heck, why not implement your own mail client (read: open source) to circumvent things?
You'd have to globally change the way email is handled, making sure info could be backtraced to individuals with their payment info. Considering the amount of spoofing that's available, I don't see this as working at all. It's just way too easy to get around without enforcing a global standard change.
An hour before this one was posted!
Damn you, evil editors. DAMN YOU!
Ahem.
Sorry.
DAMN YOU!!!!
I'm amazing. You aren't. SUCK IT
If your system is so good, just go ahead and implement it and see who wants to use it.
I think this could actually be a very good system, if it's user configurable.
Think about it this way, you hook it into some statistical spam program and an allow list.
If the sender's on the allow list, you just accept the message.
If the sender's not on the allow list, have the statistical spam program analyze the message and produce a number which estimates how likely it is to be spam.
The user then can customize based on the number, how much computational time will it request from the sender or to reject it out right.
I.e.: Say if it's below a 10% probability of being spam on the scale, accept it outright. If it's above a 90% probability of being spam, reject it outright. If it's between 10-90%, send a request for a computational problem that would take 1 second per %.
But make this completely customizable for the end user. So they can set the top and bottom thresholds of automatic accept/reject as well as how much computational time is taken per percent.
The only problem I can see with this in the long term is eventually people see so little spam that they can't calibrate the statistical programs well. Possibly the best thing would be to keep some subset of the rejected e-mails and require the user review a certain number of them every month to re-establish the statistical spam program's accuracy.
And the next thing you know, you will be required to pay for the air you breath. Hmmmmm /me heads for the nearest Patent Office to "claim a revolutionary method of oxygen exchange used in concert with ATP (Adenosine Triphosphate) for the creation of kinetic energy."
The truth is usually just an excuse for lack of imagination.
Gawd these ideas suck, not that I have any better ideas but geez - come one guys.
Is the juice worth the sqeeze?
Money is the only thing MS understands. Their company's overall strategy is based on making money on every transaction everywhere. This is no secret. Whenever they propose a technology or "solution", this is always behind their thinking. As the revenue streams from the OS and Office are declining, MS needs to find *continuing* sources of revenue, not based on one time sales. Being used to a large revenue stream over the last several years - over one time sales and long term licenses - it is a tough job to convert it over to a continuing revenue stream. Of course, MS will make announcements assuming the market will embrace their solutions. We, the "market" are getting wiser ourselves and resist getting charged on a continuing basis if a "single pay" (or free) solution exists. If MS thinks it can go eradicate those *existing* free e-mail systems (with alternative spam reduction methods), they can spend their stockholders' money trying.
-srr
Forcing some sort of email "stamp" in any way will do one thing, fragment the email standard as those who don't want to pay/can't afford to pay will adopt a new standard of sending messages.
Then I'm sure the lawyers would muck it up even more by trying to enforce ISPs to regulate the new email/message sending system and we would get into the very thorny issue of what constitutes an email?
What about IRC chat, or Instant Messaging, or message board messaging systems? Would those fall under the email stamp tax?
Spam is annoying but I personally will not pay again for my service. I pay for my bandwidth and I know how to filter my email properly. Forcing me to pay again for email will only insure that I will be one of those who switches to another standard.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
Whatever program Gates is running on just got the Blue Screen.
Think before you speak Bill, if you sound too crazy then MSFT might start loosing money.
Then where would SCO get their funding?
I bet if we did this it wouldn't be long before almost everybody signed up with a registered email service (or purchased their own certificates) only leaving illegitimate senders in the cold. Forged headers *should* be a thing of the past, we have the technology.
Anyhow, I fear at this point its going to be decided by the first large system that comes to market. Which looks like MS is really pushing to be.
Quack, quack.
Pay for email..FU
I pay for email every time I open Outlook...
I pay every time I hear about a new flaw in your Swiss cheese software that allows spoofing, and these Trojan viruses to take over Aunt Betty's XP computer (without her knowledge) that sends most of this spam.
BILL, Spend your own (MS) money to fix YOUR problem that is causing us all grief.
This would totally screw up the internet.
But at least I would have a good excuse for not responding to some of boorish work e-mails..... "OH sorry I could not send the timeline; I did not have an e-stamp"
=:|
First they ignore you Then they laugh at you Then they fight you Then you win -Mohandas Gandhi
Comment removed based on user account deletion
This would be good if I got the money for the stamp. I would sign up for a service that charged 5 cents for a "certified" email, if I got 4 cents for every email I received.
I could just white list every email from this site. It would allow legitimate advertisers access to me through email. Access which none have right now, as I delete all spam and ADs.
The famous thing about the NP-complete problems is that they're hard to solve, but easy to check. That's presumably what's going on here. You can parcel out a rather large traveling salesman problem. But it doesn't take me 10 seconds to check it; it takes me far less than one second, even if I didn't know the answer beforehand.
I think that's kind of neat, actually.
So Johnny Badass can't bluff his way through; his work will be checked.
There are many other problems with this technique (a problem that takes 10 seconds on a 4 GHZ Pentium takes several minutes on a still-useful P133; non-upgraded computers get treated like criminals; patent terms could suddenly turn onerous) but the idea that a computer could bluff it out isn't one of them.
"where does all the sudden hostility come from?"
spam
the computer is online
i am not at it
what a waste of ressources
I own a business and we get something like a fair amount of sales leads via email.
I wonder how many people would not bother contacting us to inquire about services if they had to pay for the priviledge?
Also, I exchange A LOT of emails with existing clients...working off-site makes email the prefered mechanism of communication. I already pay for Internet Access (which currently includes access to routes between mail servers); I'd sure hate to have to pay for using a particular service on the Internet that is now free.
IMO, Spam is best fought at the source. Filters like SA are great for the user end, but the demand on the wires is still there (the recipient server has to GET the spam for it to be dropped). Go after the spammers themselves. Hard. With both barrels.
(1) Make it financially unattractive to spam. This can be either by fines or by MORE user education to NOT RESPOND to the dang things.
(2) Go after them criminally. They put an arguably unethical demand on everyone's Internet; who knows how many hardware failures are accelerated by the traffic due to spam (disks, NIC's etc). I liken spammers to someone who blows up, or at least physically blocks, a bridge on a public highway.
Computational Chemistry products and services.
You know, I get a lot of telemarketers bothering me too, but I certainly don't think that charging myself every time I want to make a phone call would constitute a "solution".
Coming soon to Slashdot: meta-meta-moderation!
Free evenings and weekends? Seriously, this isn't going to work. There will be abuses, a situation similar to the internic.net registry debale of a few years back, with everyone stumbling and fighting to be a registrar. Microsoft in charge? No thank you. Also, as companies get bigger, you know that there will be discounts for quantity. There are going to be proxy re-mailers popping up.
Secondly: There will be a skimming situation created, where your local ISP will skim off "pennies on the penny" to send emails. Also, if and when the "registrar" like situation comes into play, the large ISPs will have favorites.
Thirdly: This is just begging for government monitoring. I mean, the accounting would be in place, why would the government not want to use it?
BTW, maybe Microsoft and the gang are appealing to the government for this very reason...
Wouldn't this be solved the same way spammers get around the words-in-images problem? Offer to give someone something free (like porn) in exchange for doing the calculations
No way it's going to work. As stupid as it may sound, people will rather get spam and send mails for free rather than pay for the emails they send. And who will we be paying anyway? Our country's government? Microsoft? Who?
The solution to spam, in my humble opinion, is not in paying for the email service. One thing that came to my mind while reading this is that it would be interesting to be able to set up a sort of login/password mechanism for incoming mails. Something very generic, where you can assign logins and passwords to people (or groups of people) you know, or even public ones you could publicate on semi-private sites (like forums, etc). The moment you start getting spam, you just eliminate the login/password combination that's getting it. If such a system was implemented on the mail server side (where the server bounces mails without the proper l/p combinations), a lot of bandwidth could be saved, as the mail wouldn't even be transfered to it.
Just an idea,
Diego Rey
diegoT
Paying to send email is unneccesary to stop spam.
In order to make a payment you would need to be authenticated, right?
So if you're authenticated, there's no need for a payment.
If you say, no authentication is necessary, just give a credit card number, then we will have spammers sending mail using stolen credit card numbers.
assert(birth_date<time-86400)
Is he holding an iPod?
mbbac
I'd rather get paid by the sender to read email. I'd sign up for all sorts of spam if I got a penny every time I read one. Emails I sent to my friends would be paid for by the money I made from spammers, and the excess could buy me a new Dual G5.
Hmmmm, "Intelligent company or admin". Maybe the government is its first target...
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
Imagine if they DID make money offa it. Every time Outlook's infected, and acts as a spam relay, you'll be billed $5,000 a month for the bulk spamming (you) do.
:/
Sounds fair.
-- Liberalism is a mental disorder.
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle
What if I am morally against what the math problem is trying to solve? Or what if the problem behind it is illegal in my city/state/country or breaks international treaties? Then I can't send email? Will I be told what the math problem is, or do I just blindly crunch numbers?
Time is money, and spammers would presumably have to buy many more machines to solve enough puzzles.
Would they really? Or would they just have to continue illegally taking over other peoples computers to use as spam zombies, and in taking over the computers, use those compromised systems to compute some part of this math puzzle? So who is getting screwed here? The spammers, or the people whose computers are no longer just sending out hundreds of spam emails, but are now tied up spinning on bits of math problems?
Microsoft makes the OS with all the holes allowing the spammers to send their messages *and* they want a piece of the email tax pie to stop it? Seems to me that if they wrote a secure OS in the first place we would not have such a big spam problem.
Gates was always an ugly man, but as he gets old, with that bowl haircut, he looks like Billy Bob Thornton's cousin in Sling Blade.
I guess Melissa dreams of the pool boy and all those zeros in her bank account.
...for people running Sendmail and a *nix compatable email client, how do "they" plan on enforcing the cost of the stamps?
What is to stop me from having a mail server off US shores to provide my clients with cost-free email access? What is to stop spammers from setting up their own mail servers and forging the stamps? They certainly don't play by the rules right now!
Do they plan on forcing everyone to upgrade their mail clients and server software?
My biggest question, Who are "they". Are "They" the ones who will collect the money for these stamps? Is it M$? The ISP? The Government? Since a transaction is taking place, will there be a tax on the email? (you know the IRS will want their cut).
I run a mail server on a colo for myself and give space/access to my friends for free. Do I now have to charge them? Do I have to pay taxes on that?
Yes, this is a lot of questions, but they a) don't see have been asked yet, and b) don't have answers that I know of.
I am not for spam but I'll be damned if I will start paying for my email as a theory to stop spam when we all know damn well that it won't stop them.
Looks kind of like he's smoking something...which would explain this spam idea.
The only way the problem would work is if it's universal. This means not requiring some arbitrary code execution.
Here are some criteria for the problem:
-The problem would be something where the code for execution would reside on the sender's machine.
-The code for execution must be somewhat computatively intensive.
-The code for execution must accept a large range of input data values, which must be of relatively small size.
-The output data of the execution must be of a relatively small data size.
-The code for verifying the corectness of the output must not be computatively intensive.
Are there mathematical problems like this?
Yes
Examples: Breaking encryption.
Require the sender to break an encrypted message of some size with a relatively weak (but not too weak) encryption algorithm. Say, RSA with only 12 bits (this is a total wild guess I have no idea what # of bits and what input size would give something on the order of seconds for modern computers).
I can't see how this could work. Any spam-prevention measure must also have some provision to deal with legitimate mailing lists. Some mailing lists can be quite busy and have thousands of members.
Also, Gate's method has a lot of flaws, security being only one of them. For example, how will you deal with all the various different operating systems and embedded hardware that send email? For example, my Netgear firewall box periodically sends me emails of logs or alerts.
Also, you can't easily change the way email is done because its use is so widespread.
Making it computationally based has a number of major flaws.
1. How do you deal with the wide range of computer performance? For example, my mail server is a Pentium II, which is more than adequate for my needs, or my firewall, which is a 50MHz StrongARM processor?
2. How would you allow others to use your computer to make computations? This opens up some serious security considerations, not to mention the fact that there's a wide range of processors and operating systems that would need to be supported. I won't run Seti@Home because the last time I ran it it crashed my mail server after over 200 days of uptime. I don't know what it was about Seti, but it would always immediately crash my server.
3. You would need to make everyone agree to do this. The Internet is international.
A better way would be to strongly encourage ISPs to block spammers and give them the tools to go after them. An ISP should be able to charge the hell out of a spammer on their network and encouraged to do so.
Why not give the backbones the power to cut off major spam sources and provide financial incentives to do so?
There's lots of other methods that could be used. If you make life completely miserable for spammers, they'll stop. If there's no profit, they'll stop.
If our stupid congress critters would do something right for a change, like California's anti-spam law that was blocked by the Washington idiots, then we'd have a lot more power to go after the spammers.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Good ole microsoft. Briefing room Microsoft headquarters 11:03 pm I know its late people, but we have a serious issue. The 50 Billion dollars we are sitting on in extra funds just isnt enough. We need to take action now. We propose a way to stop spam, and in turn we make money on every email sent around the world. "Will this work?" Judging our track record... No, it will be full of bugs and exploits but we still make money so its ok. End Message. Geraldine Riveras first email under the new system. "Hey grandma, this new email thing is cool, I'm not so sure about paying 12 dollars to send a message but I love you so it is worth is. So me and Bob have been doin##$%%D))(009097RE##$@# Want a bigger penis? Always dreamed of getting that extra 3 inches the girls are always looking for? Visit Penishealth.com and change your life today! #$#%%$($T($)(*$%*$%_$#)%* g well, the kids are good.. Hope to talk to you soon.. Although with this new microsoft worldwide per-call charging I don't think we will be using the phone since we lost our mortgage last month.
Need cheap, customized, and quality bandwidth or hosting on any business scale? Visit www.ENetpresence.com
then how in fuck's name do we explain all these spam related viruses.
If sending regular email via the existing methods becomes a pay-for-play service, then it's only a matter of time before an entirely new email protocol surfaces that allows participants to send mail for free.
I suppose you could say it'd be "voting with your dollar" to shut down any efforts to control the Internet in such a manner.
"It was hell!" recalls former child.
Great. So now I not only have to pay to get viruses, I have to lend them processor time on my box. How is this lowering my TCO again?
boycott slashdot February 10th - 17th check out: altSlashdot.org
I'm on top of the virus situation. But my wife and kids aren't. Boom, My computer get teh latest mydoom.beagle.XXX varient and sends out 17,093,983,234 emails while I am away for the weekend. I'll be damned if I pay for that much email.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
This "solution" sounds worse than the original problem! I can deal with getting the occasional penis enlargement spam, but paying for email? Sorry, but I'll stick with my Nigerian friend.
Think about all the other people this would hurt- Hotmail, Yahoo, Netscape. Free webmail for grandma? Think again.
Third world countries where people dont actually own PC's and rely on internet cafe's and the like? They'll be among the first to feel the burn of an e-mail tax.
I'd like to propose a system by which users will have to pay for their slashdot submissions, to cut down on duplicates.
This has about a 0% chance of taking off as i see it.
...this plan is fux0red. Instead of charging for email use, which would only lead to more credit card/PayPal/bank account hacking (i.e.: theft) why don't they (MS and all the people involved) sit-the-fuck-down and re-write email to prevent spam in the first place?
Sure it would take more effort, but would be better.
You can try...
I started sending "abuse" e-mails to ISP's whose network is used to send spam (terms and conditions of most ISP's prohibit sending spam).
By opening extended header information in your e-mail client, and examining the "received" headers you can find out the IP address (watch out for fake "received" headers), and sometimes the domain, of the sending machine. You may need to use reverse DNS or whois services to find out the domain or the network owner of the IP address.
I check www.domain to see if it's a regular operation.
Then I forward the e-mail, including the extended header information, to abuse@domain asking to take appropriate measures. Hopefully the account will be shut down or the owner of a hijacked PC alerted.
I don't know if it helps much but in any case I feel better doing this.
Postage would be in the form of allowing others to use your computer to make calculations...
Running Windows, others are already able to use your computer for "calculations."
To hear such thing from a man, whose company is not able to secure it's key product suffciently to NOT to send emails by viral stuff.
There you are, staring at me again.
In this case it would not be free enterprise. Its a very large company trying to make money off the hardships of others.
Thats wrong.
Honst work + profit is good.
Im also sick of paying too much, and getting less and less back. That is also wrong.
Oh wait, you are just an anonymous troll.. nevermind....
---- Booth was a patriot ----
If Microsuck can not even keep it's own operating system from being hacked and pirated, how is it going to keep it's email systme from being hacked and pirated. I can see everyone "paying" to use email while the spammers hack the system and pay nothing. And we'll still get a crude-load of spam!!
I have to ask... what is more annoying? Spam, or having to have any kind of payment system whatsoever for email? I would have to go with the later. Especially if the SPAM business is making billions a year, I'm sure they aren't going to care about paying whatever miniscule amount it costs to send out their billions of emails, or find some way of circumventing the system. This just sounds stupid... oh yes... and annoying.
Articles like these really make me sad.
When the Internet exploded and the joe masses came flooding in there were many rapid changes witnessed. Many of these changes were tremendously wonderful, and many weren't.
Over the years we saw the tug of war between those who think that the net is evil and must be controlled, and those who are intelligent enough to govern themselves and contribute to the common good.
There were many different attacks on our freedom, and usually we prevailed because it was obvious that proposed restrictions would damage our precious medium. But lately the anti-spam efforts begin to scare me.
I'm scared because most people hate spam. So even people who are normally freedom-fighters give a moment of pause to think, "Well, I really do hate spam, maybe I should consider this."
The answer to problems that arise within the net are never ones that limit and merely mimic our failing systems elsewhere.
I too was pulling out my hair over the explosion of advertising. I realized that it was collecting in my memories, permanently, like toxic waste being spewed at my senses.
For the most part however I have returned to serenity. I use Mozilla Firefox with the Adblock plugin, this takes care of all banners/popups. I also finally just installed spamassasin on my mail server and the hundreds of junk mailings that normally made my veins bulge are now routed behind closed doors to a junk folder.
To top it off I threw away my television. I can still enjoy the simpsons, but now it is commercial free. Caller I.D. protects me from unwanted calls. Simply lift the phone for a split second and slam it back down. And I do most of my business through the net so I can safely ignore snail mail.
The solution is already here. It is education, technology, and intellect.
[Paul Anka]
To stop those monsters 1-2-3
Here's a fresh new way that's trouble free
It's got Paul Anka's guarantee...
[Lisa]
Guarantee void in Tennessee!
[All]
Just don't look!
Just don't look!
Just don't look!
Just don't look!
A number of the worms going around actually do turn infected computers into zombies, which spammers use to help them send out spam. It's not difficult to imagine how this could be used to circumvent a system of "postage" paid in CPU time.
Here's a link (scroll to "rise of the spam zombies").
Rank Presidents by th
Aside from the horrible security implications of letting others compute on your machine, this seems like another ploy to extend MS marketshare and force people to upgrade.
Any bets on whether this scheme will mean that only 1 GHz Pentium (or better) machines with the latest Windows will be able to send email. Worse, as machines get faster, this email standard will have to increase the computing requirement for each email -- anyone with a machine more than a few years old will find sending an email becomes impossible. It's the ultimate enforced upgrade scheme using Moore's Law against people would don't want to upgrade. Yes, I can see why Bill wants this.
Two wrongs don't make a right, but three lefts do.
"Honestly - the e-mail said they could make it THIS BIG"
Blatantly unfair moderation. Note to the drooling teenage moderators: I'll see you in M2, you M$ pussies
I run my own mail server on a comptuer in my house. You send e-mail from your client to my server. How is anyone going to make you pay if I don't buy-in to the system?
A better system is Domain Keys proposed by Yahoo. See /. article
This is stupid. Look, data transfer is free by necessity. You pay your ISP for your bandwidth, and that's it. Every major network transfers other network's bandwidth by agreement because that's what the internet *is*. It's a network for networks.
:P
If the stamp idea were to take off, another free email system would simply emerge using other methods. Simple as that. I gotta pay to send over port 25? Fine, I'll use port 2525 instead. Whatever. Everyone would switch to the new free email system, in a rather short period of time most likely, and the wheel would be reinvented. SMTP, or whatever you had to pay for "stamps", would very quickly be dead as a method of email transport.
Hell, if e-stamps took off, I'd do my absolute damnest to develop the next email protocol as fast as humanly possible. I'd probably make a mint too.
So forget about it. It's funny. Laugh. That people could seriously think that the concept of e-stamps is even feasible is the funny part. The internet routes around censorship, but it also routes around dumb ideas.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
"Why not use a system based on something like root certificates?"
Here's why not: Because hackers and worm authors will still have control of a vast network of computers, that will not only generate spam signed by the poor victim, but will also lead to that victim's e-mail access being revoked.
Relying on a review process would be too difficult - each new virus/worm could result in, say, a million affected machines, which means potentially a million reviews suddenly needing to be made.
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion.
So it is a simple matter of finding the spoofed email addresses.
This is how an email server would check inbound email:
1. receive email
2. lookup domain of sender. If does not resolve, discard.
3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard.
4. ask authority it if the user is known and what IP address it would be sending email from.
5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?
What if people don't use it ? ... but that's me
I would never pay to send e-mail. The point of e-mail is to send stuff to people quickly and for free.
I don't think this is going to happen
Solosoft.org - Your Online Resource to Nothing
I do like the idea of emails costing money. But the money should go to the receiver as a "good faith" gesture. Then I could sign up for every newsletter around and finally have some money to buy some of that G.E.N.E.R.I.C.V.1.A.G.R.A. i've been hearing so much about.
Has anyone considered the energy cost of this? If you require billions of CPUs to do pointless calculations ala SETI@home, is this not increasing energy use at every node on the network that sends mail? How many barrels of oil more are we going to burn through to implement this?
wait, this was already done! Last time I used Outlook to send an email, my computer churned for 10 seconds and then said "Illegal exception."
I guess this "math puzzle" [oh, so *that's* what they're calling it now] was too hard for Outlook.
Ballmer showed me this turd one time he laid. No lie, it was THIS long!
796F75617265616E65726400
The mail server comes up with two random primes, large but not "cryptographically large", sends their product, and waits for the factorization. The mail server could even precompute what random primes it will be using for future questions, or offload that task to another server if it is too busy.
GET YOUR WEAPONS READY! --DR.LIGHT
This cure is worse than the disease. I'd rather have spam than pay anything for email.
Isn't the Microsoft tax we pay per machine enough? Now we have to pay a Microsoft tax on email too? Since when did Microsoft become its own government? I say we dump all of the windows CDs in the harbor.
There is such a thing you know, and there are probably plenty of us who enjoy it.
Many examples, like when my favorite BB site ( www.rage3d.com ) sends me an email to tell me that a thread I am involved in has a reply. Or if there is a company that I LIKE. Maybe I want there spam? Maybe I want there coupons? Maybe I don't opt-out of everything, just most things.
Do these exchange servers get left holding the check?
Yes I am sure that we can enable and disable this feature on a case by case basis. But realisticly, how much of the population is actually going to go through the trouble of doing that? It will probably be far easier to leave the system on for all sites all the time.
Don't get me wrong. I am not 'dissing' the system here. On the contrary, I find it rather fascinating. And it is about the best solution to spam I can come up with.
But I find this side of it kind of troubling.
It seems like everyone is trying to come up with something the isn't really feasible. This would definately effect poorer people such as those who live in developing countries with less powerful computers. It will take longer for this calculation to take place, and it stops becoming a fast easy way to send messages. People will switch to instant messaging and email will be long forgotten. They just need to send a lot of people to jail for spamming their products and shut them up.
One fundamental problem: Gates is too late. Pay-to-send would've worked a year or two ago, when spammers were sending from machines they owned or leased, even if the machines were overseas. Now, spammers increasingly use distributed networks of malware-infected machines to send e-mail. Requiring computation might slow them down, but any sort of monetary payment wouldn't bother the spammers one bit. The owners of the co-opted machines would be getting the bill for the postage, not the spammers.
It would be a shame is Microsoft would go for a proprietary system. Especially since an Open Alternative already exists.
Remember that Microsoft lobbied strongly against recent anti-spam legislation proposals.
You can bet your boots that Microsofts foremost goal in this initiative is not to eliminate spam.
There is something much more sinister going on here.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
If this thing would ever get implemented (which it won't) you would be doing both. Ain't that a bitch.
My beliefs do not require that you agree with them.
Looks like somebody figured out how to make money out of spam after all :)
1. Charge everyone to send emails.
2. Charge everyone to use said email system.
3. Charge everyone to use micropayment system.
4. ???
5. Profit!
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
My anti-spam software works great, why should I bother? SPAM is not an issue for me anymore.
I know no one on /. reads the article, but what about the snippet at the top. You don't actually exchange cash at all, it's all about provably dedicating computer time. Money is NOT exchanged. This also would not affect DLs and other wide lists, because it would be the initial mail that would be computed, rather than all the redirected ones. As far as mailing to lots of people, that is a concern, but how many lists out there are >10000 in size? What this really limits is people who want to send to 1M people, and, yes, you're screwed there.
1. Validate sender.
2. Require the sender to encrypt their message with a key that is generated on your end.
3. Store message on sender's computer until requested by recipient.
A more in-depth explanation:
1. Only length-limited header information (title of message, return address, date, time, CRC, originator's encryption code, etc) would be initially sent. If the intended recipient wishes to read the message, a personalized key is sent to the return address, which then encrypts their message with this key and sends the information back. The return address would have to be valid for an extended period of time for any message including spam to work.
2. Since the encryption key is linked to one exact message, the sender will have to store the exact message on their server. The more personalized the message is (or the more random characters they throw in to spoof spam filters), the more information they will need to store on their side.
3. If you send a million 30KB spam messages a day and you need to store them for at least a week to make sure you'll receive a response, and it takes a second or two to encrypt each message on the fly, it will seriously drive up the cost of sending spam.
Today since its free to send everybody defines E-mail to be pretty much the same thing. However what happens when E-mail costs a penny to send? Won't every packet on the internet cost something to send? Otherwise some one can start up an open source project that implements software that provides the same functionality as E-mail but doesn't meet the current definition of e-mail, so its free to send/receive. Would the new software be E-mail or not? It makes a difference because if it is E-mail it costs money, if it isn't its free.
Of course the spammers might argue prior art - but when did that ever stop a patent being rewarded? However, if that fails, put the words, 'la la la la' in every mail. Now it's music and the RIAA can sue.
Hot damn, I should be a consultant!
Spam generated with a sender certificate that doesn't come from the senders machine would be invalid and blocked (and I really like the idea of blocking it at the router level). If the spammer has control of the senders servers than there are bigger problems.
Oops didn't RTFA all the way. hashcash is mentioned in the article.
Right on, man - It all begins with you.
Just this week I made a presentation at our bi-monthly staff meeting on spam and how to deal with it. Sooooo many people, who otherwise know a lot, still have no clue about spam. So it is up to us geeks to EDUCATE our fellow office workers, relatives, friends and strangers in line at the grocery store, PLEASE don't ever respond to spam, and certainly never send them MONEY. If they continue making billions they will continue sending the crap out.
The House Between - Original Sci-Fi Series
98% of people will read this as: "So the richest man in the world wants me to pay for something I have always done for free?"
I predict his personal backing can only hurt this effort.
PETER
I don't think, I don't think I'm explaining this very well. Um, this Seven Eleven, right? If you take a penny from the tray -
JOANNA
From the crippled children?!
PETER
No, that's the tray. I'm talking about the tray. The penny's for everybody.
JOANNA
Oh, for everybody. Ok.
PETER
Yeah, well, those are whole pennies.
JOANNA
Yeah.
PETER
Right. I'm just talking about fractions of a penny here, but we do it from a much bigger tray. A couple of million times. So what's wrong with that?
Email is valuable and popular because it is cheap and quick. Make it expensive and slow, and its value goes away. Hashcash-like proposals seek to make email suck more for all of us, in the hopes that it will be even more sucky for the spammers, so sucky that they'll quit.
But you cannot save email by destroying the things that makes it valuable and popular.
Edith Keeler Must Die
No I am not going to pay to send e-mail. Sorry, but Bill's proposal is not acceptable.
It is one thing to donate idle CPU time to something charitable and worthwhile, like SETI, if you wish to do so. But to allow a private corporation to freely enjoy things that cost me considerable money for, like a full time DSL connection, and the electricity to operate a PC with a 450 watt power supply 24/7, makes no sense. To require me to submit to this just so I can send e-mail is nonsense.
Other questions come to mind. If this proposed system is burdened with Microsoft patents, then exactly how will open-source or third-pary e-mail clients and servers be licensed with the Microsoft IP. Exactly what is that going to cost?
"There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp."
A: Did you get my E-mail?
B: I saw you sen't me something but I judged you did not pay nearly enough for the privilage of communication with me. So my mail filter rejected it.
A: F@&% you !
Yea that will be fun.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I didn't see enough of this point of view last time this was discussed. I completely agree.
Slashdot is my Mercer Box.
Then split your email into two categories: authenticated and non-authenticated. Most computers don't need a root certificate. They would only be necessary for domains that host mail services. With that would (arguably, should) come a little added responsibility.
I'm willing to bet that you'd find that people would accept the authenticated email quickly. Its more secure/smarter (basically adding seamless pgp and root server certificates). Its not going to be much of a hassle to anyone accept users who want their own email gateways but are technical/can't be bother with getting a certificate (users who are currently probably unwitting spam relays themselves).
Quack, quack.
Why not just make email completely traceable to the isp level?
The only reduction in privacy would be that you could tell what ISP whoever sent the email from used. However, it would allow people to track where spam was coming from and forcibly block entire ISPs if they were recognized sources.
Naturally, someone will mention that somehting like this is already there... but it the existing system can be forged.
I think the way to handle it would be to force servers to append their IP to any email they relay. If any server encounters an email whos last appended IP doesn't match the source of the transaction, just dump it.
Sure, if you can fake the IP, then you can still bypass this, but I'd think it would help. Additional bits of authentication in server-server transactions might be able to compensate for forged IPs too.
Ok, so it needs some fleshing out, but is there anything obviously wrong with this?
Dear Internet Subscriber: Please read the following carefully if you
intend to stay online and continue using e-mail: The last few months
have revealed an alarming trend in the Government of the United States
attempting to quietly push through legislation that will affect your use
of the Internet. Under proposed legislation (Bill 602P) the U.S. Postal
service will be attempting to bilk email users out of "alternative
postage fees". Bill 602P will permit the Federal Govt. to charge 5 cents
surcharge on every email delivered, by billing Internet Service
Providers at source. The consumer would then be billed inturn by the
ISP. Washington D.C. lawyer Richard Stepp is working without pay to
prevent this legislation from becoming law. The U.S. Postal Service is
claiming that lost revenue due to the proliferation of email is costing
nearly $230,000,000 in revenue per year. You may have noticed the recent
ad campaign "There is nothing like a letter". Since the average citizen
received about 10 pieces of email per day in 1998, the cost to the
typical individual would be an additional 50 cents per day, or over $180
per year, above and beyond their regular Internet costs. Note that this
would be money paid directly to the U.S. Postal Service for a service
they do not even provide. The whole point of the Internet is democracy
and non-inerference. If the Federal Govt. is permitted to tamper with
our liberties by adding a surcharge to e-mail, who knows where it will
end. You are already paying an exorbitant price for snail mail because
of bureaucratic inefficiency. It currently takes up to 6 days for a
letter to be delivered from New York to Buffalo. If the U.S. Postal
Service is allowed to tinker with email, it will mark the end of the
'free' Internet in the United States. One congressman, Tony Schnell (R)
has even suggested a "twenty to forty dollar per month surcharge on all
Internet service" above and beyond the government's proposed email
charges. Note that most of the major newspapers have ignored the story,
the only exception being the Washingtonian which called the idea of
email surcharge "a useful concept whose time has come" (March 6th 1999
Editorial) Don't sit by and watch your freedoms erode away! Send this
email to all Americans on your list and tell your friends and relatives
to write their congressman and say "No!" to Bill 602P Kate Turner
assistant to Richard Stepp Berger, Stepp and Gorman Attorneys at Law 216
Concorde Street, Vienna, VA.
********
Spam/Chain Mail predicting the future? Whaaa.
You just invented a white list! Yay!
You should work for Microsoft in their Innovation Department.
its just another attempt at a tax.
who gets to collect it? why would they get to keep it? shouldn't it be more like the sender pays the recipient for the privelidge of sending?
bad idea. bad bad bad bad. and being spewed from redmond, it becomes a "Bad Thing"tm
It is high time we should try Bill Gates for all the SCO fiasco.
(story has great picture of Bill Gates as well)
Will the stamps have a picture of Bill too?
There are a lot of "simple" solutions against spam like the one you describe. The problem with the server solutions - where the servers of the sender and receiver make some kind of negotiation to decide if the email is legit. - is that it only works if every server on the net is upgraded and that will never happen.
For example, let's say you receive an email from babar@domain.ii (imaginary tld). With your scheme, your server asks authorize.domain.il but domain.il hasn't upgraded and still use old simple email server. Email is discarded. That means no user from domain.ii can send you email.
bzzzt the internet is broken.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
Yeah, like this will work. *IF* this comes to pass, I'll just set up on off shore e-mail account, much like how I use off shore proxy servers for P2P's so the Damned **AA's can't trace my IP address.
Forget this "stamp" crap everyone is talking about. Let's create an open source solution that will charge anyone wanting to send you an email 5 cents for each transmission. You can then create a "buddies" or "friends" list of email address that do not have to pay. That way you have complete control and not MS or anyone else over the emails you receive. It's cheap enough that if a friend sends you an email that is not on your list, it doesn't deter him from contacting you. You could even return the favor by emailing him without you being on his list to even out the cost. Then you could mutually add each other to your Do No Pay list. I'll gladly receive all the spam for a nickel a piece.
Turn off your computer! No more spam, no more problem!
It seems like so many of the problems we face today are because of the fatal assumption built into SMTP back in the day: that internet users are good, kind, and decent people with whom network sharing would be a good thing. So why not replace it?
I don't mean that we all get up one day and turn off SMTP. Let's add a new one and have MTAs do both.
Say I've added JNMP support to my MTA. I send a message to my friends Bob and Carol and Ted and Alice. Bob and Carol are much smarter than Ted and Alice, so their MTAs also speak JNMP (with its authentication and unspoofability and so on) so when my message comes knocking on their JNMP port it goes right into their inboxes. No need to filter or anything, since there's no BS riding on a JNMP message.
Ted and Alice, alas, are stuck using SMTP, so their MTA gags. My MTA therefore falls back on SMTP and the message is accepted and has to be filtered and all the other nonsense. As more people (and more MTAs) switch to SMTP it would go from being the default protocol to a deprecated protocol to eventually being dumped.
I'll be the first to admit that I'm not a TCP/IP stud with chops you could serve a foreign king. I haven't got the first clue how this would work. But I think it _could_ work, and I'd like to see someone give it a shot. SMTP is just too flawed for the modern, highly-connected world. There _has_ to be a way to transition from SMTP to JNMP. We've seen SSH displace telnet and IPv6 is gradually going to boot IPv4 aside.
Just a thought.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
Check out the fine print. "Microsoft and its Affiliates hereby grant you ("Licensee") a fully paid, royalty-free, non-exclusive, worldwide license under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations, provided, Licensee, on behalf of itself and its Affiliates, hereby grants Microsoft and all other Specification Licensees, a reciprocal fully paid, royalty-free, non-exclusive, worldwide, nontransferable, nonsublicenseable, license under Necessary Claims of Licensee to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations." basically whatever code you write, you must give to microsoft for free. Good deal eh?
Better than "Gates on Spam", we have Cream on Gates.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
As a long time slashdot reader, I've made a point of not looking at the article before I reply. But I doubt this is the plan at MS.
The electronic stamps idea is kind of ok -- I would accept email from someone who can prove they have contributed some number of cycles to the seti or protien folding projects. I'm pretty sure most spammers wouldn't bother.
But real companies like amazon or yahoo no doubt have cycles to spare on various servers, and could use them to collect postage for their spam like mail.
seti@home or whomever would digitally endorse some sort of hashed coupon or estamp to attach to the mail. Checking the validity would be done by your client, or isp's mail servers based on your filters.
kind of a neat idea -- no real reason for MS to get any lock in or royalties
My article response quoted and printed in CIO magazine in 2000.
Garbage email should come with a price tag. Rather than trying to ban unwanted email and all the associated legislation that would be required to determine what actually constitutes junk email, I would rather see something more along the lines of a standard built within the SMTP mail header. based on that value you would know who the sender was, where it originated, who the author was and how much that company would deposit to your cyber-account for taking your time to read it. Then having mail clients that would allow you to filter commercial email based on the parameters of your choice. If someone sent you a commercial email message and you weren't going to get paid to read it, I would delete it rather than waste my time.
.02.
http://comment.cio.com/comments/1595.html
I think that this would greatly decrease he amount of unwanted junk mail but the development costs associated with implementing such a solution put the implemntation out beyond the long term.
If you want to eliminate SPAM, make it difficult for anyone to send email without knowing exactly who sent it, the path that was used to deliver the mail and then work towards putting a cost on using mass email.
I would rather see a law requiring a registered digital signitaure being required in every email message before I would consider trying to outlaw junk email.
My
Eric Kimminau
webmaster
SGI
Literally. A few clock cycles wasted - would this really slow spam down? Doubtful.
.10 per e-mail, 1.00 per e-mail... - whatever the user defined- got their mail delivered and the user got paid to read it. People who didn't want to be bothered set a high rate and got a clean inbox, people who had a lot of free time make a buck a day reading 50 - 100 spam offers for enlargements of all types. People who don't legitimately have a business won't put up money and they don't get delivery.
I liked the opening
If the U.S. Postal Service delivered mail for free, our mailboxes would surely runneth over with more credit-card offers, sweepstakes entries, and supermarket fliers.
How does this differ from reality? Postage doen't prevent direct mail - I get more physical Junkmail than e-Junk.
But the reason for my post: Rather than Ideas to charge everyone to stop the abuser, why not create a system where users set a fee for reading mail in their inbox - anyone who wants to pay the set rate
Too complicated? Not any more complex than the other systems proposed.
I have nothing to hide. So, why are you spying on me?
Microsoft wants to run some calculations on my AMD K6-2 400 just because I send an email? They want to take precious clock cycles away from winamp, pron, and online poker? It's been obvious since the release of XP that Microsoft is in bed with RAM manufacturers, but now they must have whored out to DELL or Gateway to try to get me to get a brand spanking new P4 just to send email. I've had enough, I tells ya! Time for plan B: Talking to people. That's still free, for now.
I have been thinking about this for years. Just don't accept any email unless it's signed or encrypted using a valid CA cert. Why can't that work?
The above is not worth reading.
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle.
//e?
How many years is that on my cellphone (which sends email) or my apple
Spammers can get around this in any number of ways. Let's say I run a boobie site and want to spam you... I have visitors browsing it running a client which does all the calculations I need to send millions of spam a day. After all, I have a captive army of geeks (boobies!) that'd be happy to run calculations in my stead in exchange for free boobies.
Compute cycles just aren't the answer since they're easy to obtain, and easy to fake, and who the hell gets to decide what problem gets worked on with MY cycles?
Cold, hard cash is the way to discourage millions of spams sent daily. And the payment should be "opt-in" by the recipient, so that you don't need to worry about your grandma charging you a nickle to send her an email.
We already have viruses that spam. Now we'll have viruses that spam and use more compute cycles computing sending keys.
This idea sounds completely ridiculous to me. I find number problem with this concept:
1) Have my computer run some algorithm to give me access to send an e-mail? My old 133Mhz (which I still use as a SMTP gateway) takes a hell of a lot longer to verify whether 671998030559713968361666935769 is a prime number (it is) than the dual 3.06 XEON system I have at my disposal at work.
2) On what step would this verification be required to take place? On my computer when I send an e-mail? On my SMTP gateway which sends the message out? What is to keep me from running my own SMTP server on my computer? If it has to run on my computer then every SMTP server in the world would have to be updated. If it has to run on my SMTP gateway, then I'm going to have to make sure that my SMTP gateway, which is my 133Mhz box, is being upgraded every year or so that, as faster processors come out and more complex verification algorithms are developed, it can keep up.
3) And what about all the legitimate bulk e-mail senders out there? CERT for example probably has a huge mailing list to notify people who have subscribed that a new vulnerability has been discovered (in Windows most likely). Is CERT going to have to buy hundreds of computers to send out it's mail to ensure that everyone who has subscribed will recieve the notification in a timely manner?
This is a step in the right direction. We do need to address the spam issue and find a solution for it. Why can't we just have a non-profit org created that has a database of SMTP servers that are authorized to send mail and if people wish to avoid spam, they upgrade their own server software to require that the sending server of a message it is recieving is on the authorized list?
I'm sure that there are better solutions than this silly verification BS.
Typical Microsoft conduct: showing up late to the party (people have been inventing "solutions" to SPAM for years now), coming up with solutions other people have already proposed (domain-verified sending and "pay with cycles" have been thought of a million times), and claiming to own them (with patents).
I especially love:
"Since they're dedicating it to the public free of charge, (Microsoft) doesn't want to be the patsy who builds a foundation just so other people can come along and erect a building on it, then sell the building," he said.
Can you say "BSD Stack?"
Bill "Jamaica" Gates
Forcing some sort of email "stamp" in any way will do one thing, fragment the email standard as those who don't want to pay/can't afford to pay will adopt a new standard of sending messages.
No, they'll adopt an old standard of sending messages: SMTP.
Instead of making people pay for email, why don't we just fine the people who are running a compromized open-relay? It would be like a traffic ticket. You wouldn't catch everybody, but people might think twice before opening an attachment, if they knew it could cost them $200. It might not cure the spam problem, but I sure like the idea.
I agree the SETI@Home is completely off-topic and has nothing to do with charging people.
What the heck happened to the 'Make spaming a crime' movement?
They all ready got the audio spam down with the do not call registry, why not make a 'Do not spam' registry and have the whole spaming industry regulated?
Better yet, add privacy to this solution and encrypt all emails using the recipients public key. Solve two problems at once.
Requiring all emails to be sent through servers with an proper mx record (using smtp_auth, smtp_after_pop, etc) would be a much better solution to the spam problem, but the idea of automatically encrypting emails (with the recipients public key) as well as signing them (with your private key) would go a long way to solving privacy and sender verification problems without eliminating the option of remaining anonymous.
Read, L
A purely capitalist solution to the problem... And who might control such a thing... Microsoft ???
Yeah right !
For the sake of argument let's assume Gate's has perfect vision and the world is going to cooperate, perhaps with some nudging, and it gets implemented and is effective.
Well there are all sorts of existing technology that could limit spam rates, stop client boxes from using unauthorized services, or unapproved domains, send auth... I'm not suggesting any of those things are or are not appropriate. Just that they do indeed exist and what's lacking is the will and cooperation. And without that his approach will not make things better. There are much easier ways to extend existing standards where that is needed.
It may slow the rate of growth but it won't stop the flood.
What it will generate though is more impetus to force older technology users to upgrade. And most likely servers will need to be upgraded as well. The cost will be insignificant to the spam kings who profit. Not even a bump really.
Of course we could ensure some sort of reliable client identification process is built it... Ooops that's a good benefit to DRM as well! What luck! And stopping spam is a good sales pitch.
Nah I haven't argued all the points. There are some good ideas out there as to how to stop spam in general.
But Gate's approach is let's all spend more money on more technology even though the gesture in the long run will be futile. Just because we can't cooperate on these things today doesn't mean we won't if we all spend more money on it (true but not plausible).
And with proper design we can eliminate this pesky free email too. Does he really think I'd ever pay for hotmail?
All we have to do is create a new smtp network on a new port, or rebuild the protocol to be a little more robust, and launch it. A gateway could be built for old mail readers that don't support the new protocol directly. Screw the commercial types who want to find a new way to make a buck. I already pay for my email. I pay for my service. I pay for my server. Why should I have to pay someone else.
Spammers will just rely on thousands of zombie machines to do their bidding to send spam. An anti-spam that uses a payment system is flawed and can be easily bypassed by rooting unsecured systems. This includes e-mail protocols that required real money for e-mail transfers, all a spammer needs to do is hack the mail account number of a victum (like credit card fraud).
Instead of a time delay on the client side why not put the time delay on the server side?
Require the sending client to wait 10 seconds for a response from the server.
They ARE out to get you simply because They are in it for themselves and they don't care about you.
I just had a stunning revelation. What if this is a prelude to the new Windows OS, home and server versions. Someone mentioned DRM. And of course it's going to be a cash cow *if* the community doen'st have a very strong stance against it now. I'm sick of the lack of choice on newer PC's. All win XP. What ever happened to the lesser evils(like 2000)? The answer that you will always get when you ask a store to custom make your comp is, We only use windows XP, it's the best =P. Next you have millions of new Pentium fives comming out with the pay-per-mail built in. MS uses it's monopoly and soon everyone's doing it. MS will shoot down any distrubutor who does not put thier bug-of-the-year OS on the machine.
Spam is a problem, right. But starting to make the e-mail services different is a serious threat to its openess.
:( ).
Perhaps simply verify the sender with the origin mail server? Though with that idea only registered email accounts on the sending server can send mail.
Hm.. I happen to like the current system. Yes. Spam is bad, but my SpamAssassin takes 99.5% of all spam that comes to my inbox (and I get hundreds each day so far
Put it does not make any sense. Who will use a client or service that will charge you, while there are plenty of FREE providers out there? Does MS really assume that they have dominon across the world's network? Arn't they beginning to worry that they'll soon have to start DROPPING prices rather than charging more?
BONG!
The seems Billy has smoked one too many erasers (see article picture).
bill gates smokes rubber.
Now this explains alot
..who does the money go to, the email provider? This is all to M$'s advantage. What is one of the most user email providers? Hotmail. Who owns Hotmail? M$
Cheers,
RoadkillBunny
1) the open relays problem / drone network
this is a real problem and before something like computational challenges can work, the barrier to infecting 10000 machines and having them run the code of your choice has to get a lot higher.
2) you're incorrect here. you can choose an algorithm suitably well such that the sky of mathematics and theoretical comp sci falls down if someone figures out a good way to attack it in substantially faster than thought possible time. DES (as commonly implemented) does not have this property.
The people at MSR are well aware of what would be needed to make a difficult to defeat scheme. the issue is making it fair to slower computers. I'm sure they've thought about that also.
Why is paying computationally a losing battle ? I have this computer that mostly sends email.. email in the same format that was being sent in 1983. Surely the 4-5 orders of magnitude perf increase since then means that i can now afford to do a little math when i hit "send" ?
paying with real money is a problem. agreed 100%
spam assassin does NOT work fine, because it works at the wrong end of the the problem.
spam assassin works after the receiving server (and any between) have relayed/accepted the message, and it has been delivered to the users mailstore. everyone has been charged for bandwidth, the recipient has been charged for storage, the recipient was charged cpu power to run spam assassin, and spam assassin is hardly foolproof.
the motivation for a math-puzzle-charge problem is to counteract all of those factors. until the sender is willing to spend resources, he doesn't get to spend any of yours. thats the rational argument against spam- stealing from others is illegal, and spam does exactly that. this approach puts up some cost associated with that theft, namely, computational cost.
remember, government is the least efficient way to get something done. if we can solve this in the general case with technology, thats a plus. when someone particularly onerous starts spamming effectively enough to get noticed, then they can get swatted with the law.
finally, this isn't something you mentinoed but others have.. some people are worried about existing or older mail clients.. or say mail from devices or monitoring systems.
nothing says this has to be an all or nothing approach. this scheme could work very well in combination with whitelisting.. as in whitelisted source addresses don't need to do the computation... of course that leads to spoofing the from address.. it will need to be necessary to make the whitelist suitably detailed so as not to allow that attack to be effective (i.e. the whitelist would be more than just the sending address.. perhaps a sender regex match and a message body regex match)
My opinions are my own, and do not necessarily represent those of my employer.
Yeah, charging a penny for email would stop spam in email. How? People would stop using email and switch over to some other format that doesn't cost money. And then the spam would follow to that format.
Exactly. How is this going to work? What will places like SourceForge do with their many mailing lists? Their existing mail systems won't be able to handle the load, that's for sure. Who's gonna foot the bill for more horsepower? What about us as a provider? We're building a new mail system right this very minute thanks to the influx of spam and viruses (our old mail system was about to go under). This system involves 3 pricey Dell SMP boxes. Who's gonna pay for us to buy more horsepower for these damned computations? The customers? I don't think they'd like paying $10 a month extra. This plan is so unbelievably flawed it isn't even funny.
PaLEEZE
I'm sure Bill loves this idea.
Needless to say the program you must execute in order to send email will only run on Windows.
If it doesn't kill off Linux, at least it renders the users mute.
I just realized there's an obvious solution to the question of how to handle legitimate mailing lists: revive Usenet news! Legitimate public groups where anyone can post messages that have a lot of traffic would be better served by a news group. Commercial entities with mailings to customers and individuals with small, infrequently-used mailing lists can afford to pay their postage.
Microsoft has allowed this to be such a pain in that they allow an individual computer user to decide how the "From" appears.
If when an individual sets up an email account, they have no choice but to use their own email address and accurately identify the SMTP server, you would surely see a severe drop in the amount of spam sent and received. A major selling point is that a company or individual can send their junk mail anonymously. Eliminating this ability would solve a vast majority of the spam issue.
However, updating each individual computer system to remove this ability would be a monstrous undertaking. While Microsoft may want to charge for sending an email message, they are a prime reason that spam is such an issue to begin with.
The American way indeed... business creates for itself more business.
Stop doin g me favors Gates, I can't afford 'em!
Dann out!
How about if the money you paid for sending the email went to the recipient? And if the recipient was happy with the content of the email, there would be an automatic option to return the money to the sender.
:)
If a spammer was using this, they would never get the refunds from the recipients. If you're getting lots of spam it could prove quite profitable
but if they have control of your machine, then they have control of your sender certificate, so the certificate DOES come from the sender's machine
You advocate a
(X) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
(X) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Nathan's blog
I got more junk mail in my snail mail box compared with the actual important mails.
I think this system will only benefit the stamp company (Microsoft), and they wouldn't mind selling bulk stamps cheaply to the spammer. If it turned that a spammer can buy $10 e-stamp to send 1000000 emails, spammer will still send spam.
"Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations,"
I can't wait to be compensated for all the processor cycles Microsoft's bloatware wastes on my machine! Oh, wait...
Haven't we had enough proprietary crap from Microsoft???
But Officer, I DID read the f**king article!
Shouldn't this article be named more properly Gates for Spam, or Gates of Spam?
this is the greatest case of "shooting the hostage" I've ever seen.
The very nature of email is that its free... duh.
Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project.
No, this is Microsoft we're talking about.
Postage would be in the form of allowing others to use your body cavities for nefarious purposes.
-kgj
-kgj
The only reason spammers continue to spam is that they make money on it. Why do they make money it? Because some small (or perhaps large, who knows) segment of people actually respond and buy stuff from it. If they were not making money off of it, they wouldn't do it.
So the ultimate solution to spam is for noone to ever click on it. Everytime you hear of someone falling for spam, they are hurting all of us. I really don't place too much blame on the spammers; they are just trying to make money. The people who respond are the ones who truly deserve the blame.
And, of course, all of the above also goes for telemarketers, as well.
"Photoshop this picture of bill gates smoking a doobie."
...spike
Ewwwwww, coconut...
Hey Bill! Ever heard of IPv6?
Since most spammers attempt to locate relays by chance, they would have a horrible time finding new open relays on an IPv6 internet.
But why give away IP addresses when you can charge $1/mo per IP!
The spammers I want in trouble are the ones hijacking some idiot's uprotected computer. That and address spoofing should get worse penalties than they do now. Of course they don't get charged at all now.
How about confiscating all hardware, $100,000 fine and ten years as bubba's girlfriend? This will end it when the first 5 get caught.
Professional Politicians are not the solution, they ARE the problem.
would i want o make doing something on my computer take MORE time? what if i bcc something to 50 people? it'll take 8 minutes and freeze my computer for the whole time? this would have to be the shitest solution to spam i have ever heard. typical of bill gates, make it slow and cost money, make up for it buy throwing millions in marketing behind it.
If you mod me down, I will become more powerful than you can imagine....
I think that for end users, the calculation would be done by the ISP. ISPs should accept email from their users without question anyway (with appropriate alarms to detect someone sending bulk email etc), and the ISP would then have to do another calculation when sending it to the destination anyway.
I think the biggest problem is the huge resource of worm infected computers just waiting for spammers to lauch a distributed spam run. The calculation becomes not-their-problem, it just makes it harder for legitimate email senders.
The other problem is the huge difference in computational power of servers out there. There isn't much need for fp and integer math performance in a mail server currently, just a reasonable amount of I/O throughput. The difference in processing time for todays P4 and yesterdays P2 would be quite noticable.
Actually something just occured to me. If suddenly you need a fast server to send mail, there will be a lot of hardware upgrades required, which will involve a lot of software upgrades too... but maybe i'm being cynical... the latest round of spam filtering software is reasonably computationally expensive anyway.
The problem with requiring computation cycles is that you need to deal with a lot of older computers. I have friends with old Pentium-based computers, some of whom cannot afford a nice new P4 system.
Also, what happens to all these web-based email accounts like Yahoo or Microsoft's Hotmail? I guess they'll need to spend a lot of money adding processing power for their users to send email.
What's to stop someone from making hardware to do the processing? It shouldn't be too difficult to implement an FPGA or an ASIC that could do the processing much faster. I imagine it wouldn't take too long for PCI boards to come out to offload the processing for large mail servers, then spammers with money could just buy the board to offload the processing.
-Aaron
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Here's what I get from the MS docs:
Four categories:
1. Zombie Windows PC attempts SMTP with recipient MTA. Latter looks up published IPs (as XML in DNS "text" field) for "responsible" sender's domain MTA, finds the sender isn't one of these, drops the session.
2. Large ISP's MTA attempts SMTP with recipient MTA. Sender IP verifies. Recipient MTA looks up *certificate* of ISP and verifies it. Email delivered.
3. Small domain MTA attempts SMTP with recipient MTA. IP verifies, but there is no certificate. Recipient MTA asks sender *MTA* (not necessarily PC of originator) to factor a medium sized prime, or some such. Good sender solves problem, spam sender disconnects.
4. Roaming laptops, mail forwarders, anonymous remailers, etc. These are more problematic, but are handled by adding headers which identify the original responsible sender.
Problem: The Independent Email Certifying Authority. These verify that the large organization is following "proper email policies". But you can bet that these policies will be something rather consistent with the CAN SPAM act. In other words, you are still going to get a lot of "legal" spam.
Finally, MS will grant anyone a reciprocal license to use, modify, distribute, etc. *except* everyone must get their own license. So it appears at some point in time MS can start charging for the license, or bundling it, or whatever. The early adopters will still have good licenses, but MS can use the code they developed, put it in Windows, and then limit new use of the patented technology to the Windows platform.
For those who did RTFA, did I get it right?
If no user from domain.il can send mail to a large chunk of the internet then that seems like pretty good encouragement for the admin of that domain to upgrade their mail servers. If 25% of the net switches to the new system then the problem will solve itself eventually. And if that doesn't work we can use legislation to force all mailservers in the US to upgrade. The rest of the world will upgrade unless they don't want to comunicate with anyone in the US anymore.
No Text for the biatch!
Wouldn't the spammers respond to this by switching over to a distributed method of spam delivery?
All the spammers need to do is simply e-mail a spam-distribution client to a lot of people. About 1% of them will execute the program, which will put their machine on the spam distribution network.
Actually, a more general approach would be to distribute a virus that does nothing but quietly open up the machine to generalized secret remote control. Then the spammers will have a convenient vector for installing new marketing innovations in the future. (For example, they could later install a browser plug-in that redirects certain links or searches; or mines for data on the client.)
The people that are getting the 'free' cpu cycles are most likely profiting.
2nd of all, its MY hardware, its MY cycles... i had to *pay* for them ( and the bandwidth used to return their 'results ).. So in reality, yes its actual dollars...
ALso, there are other *pure* dollar pay models out there that are just as wrong.
---- Booth was a patriot ----
This would be just great for disadvantaged countries, organizations and individuals trying to use email for communcation. It's really thoughtful to keep the less fortunate beholden to the wealthy. They can come begging to Microsoft when they need to rack up some more ability-to-speak credits. Glad to hear Gates is on the ball here.
Ian Ford came up with an idea similar to this in 1997...it's not that significant. I still think it's a stupid idea, because this guy used to be my math teacher, and I would think that microsoft could come up with better solutions to spam than my math teacher could...
Honestly this same idea was proposed years ago by Adam Back in his HashCash scheme. I know, because I was at the presentation at Financial Cryptography '97 or '98 in Anguilla.
HashCash has been around for a while now so I suppose there are good reasons why it doesn't really work well (as opposed to TMDA which works like a charm). My guess is that it would be too difficult to tune on a large scale. Look at the real world. "Direct Marketers" eagerly pay a significant amount of money to SPAM your physical mail everyday. Postage definitely hasn't hurt them.
So you increase the required "work payments" until you are getting no SPAM. My guess is that this would put an undue burden on those that do not have the CPU power to talk to you. A dangerous situation. As you increase the work required, the Spammers have to buy more CPU (cheap) and go to where power is cheap. As far as I can tell there is no 1:1 relationship with HashCash systems and real money. I'd rather pay real postage or micropayment postage.
Perhaps some type of tiered system would work better. If you wish to identify yourself then I pay the freight. If you don't wish to identify yourself then you pay the freight like a taxicab (some combo of time*bandwidth*$$). If you don't respond, I ignore you and you don't make any money sending spam and close up shop. I can tune the cost per user until you have no choice but to identify, pay or go away.
But, it's important for MS to keep harumph, harumphing about security because everyone in IT knows that over the last month security and systems departments lost sleep and many thousands of hours of work trying to stop the incredibly vulnerable systems that MS constructs.
I don't know whether Gates stole Adam's design and is capitalizing on it, or whether he has paid RSA and Back for some extension of it that would be patentable.
Considering most of the orignal RSA patents are history, Gates is simply retreading old patent tires and selling them as new.
What's even worse is that this will initially burn tons of cpu time and waste lots of power. This is exactly the opposite of what spending money does. Spending money accelerates and energizes the economy, but HashCash simply burns it down.
MS, the whores of Babylon -- and not very pretty.
2. Large ISP's MTA attempts SMTP with recipient MTA. Sender IP verifies. Recipient MTA looks up *certificate* of ISP and verifies it. Email
delivered.
and
Problem: The Independent Email Certifying
Authority. These verify that the large organization is following "proper email policies". But you can bet that these policies will be something rather consistent with the CAN SPAM act. In other words, you are still going to get a lot of "legal" spam
Quite - this is my major problem with most spam solutions. They assume that spammers use ISPs like the rest of us. What happens when they buy themselves a T1 (or whatever), a certificate and suddenly they are legit. Spam is not reduced and in the process end users pay for it. No doubt MS and pals make a bit of cash through hardware upgrades and software saled too.
AFAICS this is all smoke and mirrors to distract people from all the cracked windows boxes out there spamming.
Nobel
Friends don't help friends install M$ junk.
...to force people to run pay per e-mail servers. Just because MS is running a pay per e-mail server doesn't mean I have to. Mailing lists will simply start running their own servers and giving/selling members e-mail accounts if needed so they can communicate with the list.
I'm not sure what kind of legal grounds anyone could possibly find that would force me to not use Mercury Mail. Best case scenario for MS is that competing e-mail protocols emerge just like there are quite a few IM protocols.
MS can charge all they want. I just won't be sending e-mails to anyone using a service that requires I pay. And I'll continue running my mail server where I charge $2 a year for an e-mail address with unlimited messages and up to 15MB attachments and POP3 access. Which beats the pants off of anything MS has to offer.
Ben
Work Safe Porn
Gates is smoking a little weed. I knew all the best ideas come when under the influence of drugs.
This is what the "Chief Software Architect" of Microsoft comes up with? Instead of working to provide a secure OS for his customers he is finding even more ways of making the computer more easily used by people other than the one who owns it.
I am sure this "new feature" would never be used by hackers for nefarious purposes.
Remember Bill, Speed Kills!
Opt-in (white list?) server functionality. Only those emails listed as "wanted" for a "this given user" get through. All others get rejected by the server. I'm not sure if this would work for everyone, but it would for myself.
Against 0wned Windoze b0xen, there's one cure: dul.sorbs.net. Keeps off dialup spammers and the virus-infected boxes.
And SA takes care of the rest usually.
So it would be ISP machines that would certify mail? That's no different from now - you rely on the ISPs to act against their customers and they often don't (UUnet, you listening?)
You can't imagine e.g. hotmail or AOL or indeed UUnet having their certificates revoked because some of their customers are spammers.
what we need is better adoption of public/private key data signing. don't accept any email that isn't signed and verify signatures from certificate services, one of which should be a free public service. they dont even need to be full certs as they are today, just a listing of public keys and "this is not a spammer" so that the services wouldnt even have to store any personal information about you.
everyone should maintain their list of trusted keys and messages signed with those keys should be accepted without question.
another option would be some sort of p2p "is this key a spammer" check. the client will send out a request for opinions if others will simply reply "spammer" or "not spammer". of course, this could apply to other catagorizations of users, whatever they may be.
over time, the spam problem will go away, somehow...
Question
http://www.ironfroggy.com/
I'm a regular user of XP and Redhat Linux 9.0. I use XP a lot more, and I can tell you that I've had a LOT more trouble with Linux than I do XP, simply because Linux has a lot less support than XP does. Sure, it is absolutely true that XP has security problems, but why do people still trash it for crashing? At least for desktop use, I've found it to be every bit as stable as Linux. If you want to try to convince people of one OS's superiority, you should at least stay up to date on the deficiencies of its competitors.
Hey Bill, why not tell us the truth about TCO here?
---- seen often from an irc bot's database...
moogy: ? email TCO
grokBot: You thought email was free? Not via M$ OSes. There
are costs in lost productivity installing, upgrading,
maintaining and running virus scanner software. It's a daily
routine for many employees. There is industry wide announcments
of the millions lost every time there's another M$ virus.
email *is* expensive on some OSes.
Not to mention all the reinstalls of the OS itself.
irc.fdfnet.net
Ok... wait... so, if a client connects to my mail seerver, and I challenge him and wait for a response, doesn't that tie up the connection while I'm waiting? Isn't the whole point of network transfers to reduce the amount of time required to send information? So, could someone DOS mail services by simply opening a shitload of SMTP connections and never sending the result to my challenge? What kind of retarded solution is that?
Read: Rabbit Rue - Free serial nove
It's not that bad.
Initially you convince as many domains as possible to adopt sender authentication on the proviso that authenticated email gets fast-tracked and more resources.
Provided there's enough incentive, domains eventually migrate and use of the old method would evntually be an anachronism. Remember Gopher?
If you got a significant number of ISPs to play (which I hope they would considering the headaches caused by spam), you could at least begin to block huge blocks of dial-up and ADSL source IPs, denying spammers resources.
Xix.
"Everything is adjustable, provided you have the right tools"
Ok Bill
I agree a new protocol is required for mail sending/receiving to help identify where mail is coming from and to stop spam..
I completely disagree with your notion on charging per email sent.
People are not made of money, Bill. Internet is already an expensive business in this part of the world (NZ/Australia) Thanks to insanely high broadband costs + insanely expensive Bandwidth Costs. Adding another charge will just see more people to move to your hated open source solutions, where a protocol would be developed that would be usable across the broad, and have no restrictions apart from no per mail costs...
MS, if you want to create and sell the client, then that is fine, it costed money to develop the software so rightfully you should get paid.. But a per mail cost, get your head out of the clouds. People will not accept that one single bit.
---
Could someone PLEASE think of a practical solution, which doesn't involve ripping people off or some company creating some bs IP that everyone has to pay $699 for...
- DensitY
In a blinding flash, the answer came to me. (drumroll please)
The recipient!
Here's how it would work: everybody who wants to partake would set up an account with so many credits. (Maybe something like paypal...) Sending an email to someone would require first paying 0.1 cent (yes, 1/10 of 1 cent) into the recipient's special account, which would give access to a one-time authorization code. People who send each other emails frequently, and on an equal basis would end up with a net zero cost. But spammers would end up spending millions to send their bulk mail.
A system like this should only be implemented as an opt-in voluntary thing. If it actually worked, more people would start using it, and less would use the normal "free" email system.
Of course, the big problem is that inevitably, a system like this would be hijacked (illegally of course) by spammers looking for systems with poor or non-existent security. An infected system would wipe out the user's account and move on to the next victim.
On the other hand, a system like this is based upon economics, not law, so this would affect all spammers, not just those in the US.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Quit taking statements out of context.
You quote a part of my post that adresses the problem of determining valid users after the legitimacy of the mail server has already been determined by the mx record in dns. Did you even attempt the command line I gave you. This eliminates all home based machines that are not hosting a legitimate domain. There is a large probability that spammer-owned machines will get mx records for thier servers, but they will be easily blacklisted without the current risk of misidentification.
Once you have determined that the mail is being sent from a legitimate server, you know you can trust that server to authenticate that the sender is one of its legitimate users.
Under the proposal I am describing, you are never trusting the authority of a mailserver that has not already been identified by its mx record in dns, you are not adding anything to the protocol that is not already included in the existing software, and you are not supplying any information unnecessarily to an additional and unecessary party.
There is no reason to offload the verification that a user exists and is authorized to use a particular server to the dns system (as you seem to be suggesting). You verify that the remote system is to be trusted using dns, and all other negotiation happens between the two mailservers. If you cannot verify that the remote server is a server for that domain (via mx record), no further communication is carried out and the (most likely) spam never leaves the originating server.
The only requirements that this proposal has is properly configured mailservers, accurate dns zonefiles, and responsible anti-spam policies that the providers are willing to enforce upon their users.
Read, L
So, what happens when you get a virus?
Especially a spam virus.
Or just as easily, you can set up your *own* mail server, and not charge for the service.
Or just as easily, you can set up your own mail server on someone else's computer without their knowledge. See also: spam virii.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
I think that the current set of protocol's may have their weakneses, but I seriously doubt that anybody who has experienced "free" email will ever pay per message. Although I am sure new users wouldnt know the difference and would more than willingly cough up the cash, I dont think any existing users would.
Chances are, this whole system would require a new protocol, and in that case, I think the majority of people would just keep the existing protocols.
i didn't mean to suggest that the time was irrespective of how much cpu you threw at it.. only that you can say that the complexity of the solver is of a given order.. and that no more optimal solution to solve such a problem exists.
:)
for instance, there is no magical way of factoring the product of primes; the best algorithms known today are suspected to be the best possible approaches. Therefore, given a prime of a given size, one can estimate how many operations will be required to factor it. it then becomes trivial to increase the size of the prime until the suggested computational cost is "big enough"
if someone figures out how to factor primes "fast enough", then we're all in bad shape. factoring primes is just one such problem, there are probably actually much better examples of problems where there is theory suggesting that they cannot have a more optimal solution algorithm than the one published.
therefore, even if one builds dedicated hardware, it's still just a hardware implementation of a understood attack algorithm. the size of the problem only need to take this into account (i.e. software implementations run 20x slower than hardware.. fine.. make the problem 20x harder
My opinions are my own, and do not necessarily represent those of my employer.
As always, Gates has no clue whatsoever and is merely reitterating 10-year old ideas to the general public. How exactly is this news?
I, for one, am utterly convinced that no anti-spam measure will work that does not target the spammers themselves. They will find ways around any and all technological measures - there just is too much money in the business for them not to.
Yes, that means we need laws. Get over your stupid american "weee, government baaaad" attitude. I haven't yet heard a convincing argument why laws against theft and rape are bad, and while both problems persist they are at a manageable level.
More important than the laws is that they're actually enforced, though. I want to see the Top 200 spammers in jail. (actually, I want to see them drawn and quartered, then coated in sugar-water and left for the ants, unless someone can suggest a slower and more painful death; I just realize that this wish isn't realistic)
Assorted stuff I do sometimes: Lemuria.org
Why, the recipient, of course. If he wants them, he'll whitelist the sender. Otherwise, pay up the hashcash!
I see this CPU-cycle using "cash" as the only feasible solution. You can't beat time. As computers progress, you can just require more digits to be bruteforced.
Actually, XP isn't too bad, I'll admit.
;-).
:-(
I DO use XP at work as that is what is installed, so I have got some 'up-to-date' experience and XP is still a dog. Just less of a dog than previous versions (though the physicist downstairs would disagree with me. She very loudly refuses to upgrade from 2k
Sorry about your RH troubles. GNU/Linux is a fiddly bastard. I generally call it 'the least worse OS' and do my share of cursing it too. I then go use XP for a while and that helps me appreciate my GNU/linux system a bit more!
Let's see...
Microsoft Windows - good for maintaining network worm farms. Security a bad joke. Comes pre-installed, which is just as well - the install isn't a walk in the park anymore.
Linux - pain in the posterior to install and configure. But quite secure.
MacOS - Great usability but a little pricey and I trust Jobs with my data less than I do Gates.
That's all I can validly make a comment on from personal experience. But I am always on the lookout for something better. I expect something around 2005-6
The man with no surname and a silly hat
On the universe: It's bunk.
So, let's see.....
The plan is, as I've understood it, to make a computer do some computations (wow, a new concept!!!) for every single outgoing mail. Thus, everyone has to upgrade their hardware/software. But it would be not enough, because spammers definitely do not use Outlook to send the spam out! They patch sendmail, create some other mass-mailing software etc. They would NOT use any software that uses this payment method.
So, to be efficient, this system needs some sort of conntrol, like for instance a big server which contains all the "payment" information (a simple hash MsgID->Person would do), and also checks, whether every mail has been "paid" for.
Then, there are two questions:
1. Who is going to control this big machine?
Answer: FBI or Microsoft. Probably both.
2. How difficult would it be to include some tests on political opinions, general radicalism etc., so that the mails can get sorted out and checked by someone close to the government.
Answer: Not at all, it will be the first feature they build in.
So, at last Microsoft will be able to control the whole e-mail traffic in the whole world! Yippie!! Isn't this what we all have been waiting for?
story has great picture of Bill Gates as well
Well, he was talking about hash.
In my real mail box I get more junk mail than I do bills and letters, although, some may consider bills in the junk category. The junk mailers have to pay postage. So, it might reduce my spam mail, but, it is not the correct solution to the problem because it doesn't fix it entirely. And, furthermore, they would just find some way to subvert the postage scheme, somehow. Maybe sticking other people with the bill when their PC catches a virus. If Gates thinks it is such a good idea, lets see him implement it on MSN and Hotmail, first. At least with Hotmail the technology would somewhat prove to work on other non-MS platforms since Hotmail is run by UNIX and Apache.
And to think I used to sell electronic mail services, and the company I worked for made millions on it.....AT&T Mail, MCI Mail...ah, those were the days.....
Until we got over run by the free email offered by the internet. Now Bill wants to go back....what incredible waste of time the last 10 years has been ; )
No-one with any technical competence has ever taken Sir Bill seriously, nor will they ever, when this sort of drivel is the best that he can come up with. It is of course an idea created in panic, as he sees his illegal empire collapsing under the weight of spam, and no workable solution in sight.
A cornered rat can be very dangerous.
This idea is pretty stupid. Microsoft should just use their standard tactics when it comes to technology: wait for someone else to come up with a solution, then steal, copy, buy or if all fails, embrace-extend-extinguish. Nothing MS thinks up themselves yields a good idea, so, don't try to be creative or innovative. MS aren't both.
The best thing about email that it so widely spread and almost free (no marginal per message costs).
It is argued that pay-as-you-go email will eliminate spam.
In fact, most users would agree to receive some spam rather than to pay for email.
I get about 1000 SPAM messages a day.
I do free software support. This method says both the people who write me have to pay and I have to pay again for to reply.
I have a better idea than paying a penny per email to some stranger who doesn't deserve nor need the money.
Each person who sends an email pays the addressee a penny. The exchange of emails between individuals (legitimate emails) would be a wash (cancel each other out), and someone who doesn't earn the money doesn't get paid for doing nothing -- while the SPAMers must pay each person a penny. This would have two desirable effects on SPAMers. They would be discouraged from blanket mailings, and they could begin to send only to people who invite advertising and sign up for it in order to get the pennies. This way you and I don't pay for something we don't want and shouldn't have pay for, and at my current spam rate I'll earn $10 a day or $3600 a year to compensate me for the nuisance.
This could be implemented in exactly the same way the "pay the undeserving stranger" method would work, except the pennies would go in both directions. Whatever method they plan to use for the transfer of pennies to the undeserving stranger would just be reversed - whatever way I would pay pennies, I will receive pennies.
A possible proposal for the mechanics is for each message to come with an electronic fund transfer of 1 cent to the account of your ISP who deducts it from your internet account with them. They would add a 1 cent transfer to each of your outgoing messages and charge it to your account. The net (pennies received vs pennies sent) would be used to adjust your monthly bill. So if, like me, you'd have a net positive $300 each month. They'd deposit the $300, minus your monthly internet service charge, to your bank account electronically. That is, the SPAMmers could help pay your ISP connection fees in exchange for their abuse of your mailbox.
All in all a much better arrangement than creating an artificial charge that goes to someone who doesn't deserve the money and which will probably morph into a Federal tax.
I urge everyone to write their Congressmen and urge they implement this more cost neutral approach if they are considering Bill Gates' "pay the undeserving stranger" approach.
Mr Gates says spam proliferates because there is small cost involved for the spammer.
What if mail server software was patched to cause each email to be automatically replied to as being received at the server. The spammer, sending 1,000,000 or more emails out, would then receive 1,000,000 replies. If they fake their IP etc whatever they do, wouldnt the server detect that, and thus drop the message as spam?
Now what about the content of this message from
the server. Could it perhaps be a secret question?
A concept we are all familiar with, used to access lost passwords at various sites. Your friends and those you authorised to send you mail would know the answer. They could send you email with a header, or contained in the subject, the secret answer to the secret question. The mail server would then know to save the incoming mail in your inbox. Otherwise, just the first line, no html, would be saved in a "spam" subfolder.
So, if spammers dont care to gather millions of secret q's and a's in associtation with their email lists, their email volume should decrease. If their networks were in turn swamped with mail traffic, wouldnt that be a good thing? If instead the doubling of traffic (already 60-80% of traffic is SPAM) cripples our networks, perhaps it is for the best? We could go back to the drawing board and make something that works?
Thanks for your time.
My 2c.
Flames/spam to null@void.com hehheh.