Slashdot Mirror
Gates on Spam
pvt_medic writes "Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project. There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp. (story has great picture of Bill Gates as well)" Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
This has been discussed before, and i replied to this before. Allow others to make calculations on your computer, eh? Would those calculations happen to be the spam solution MS Research came up with? Why don't they stick to that solution?! Strap it to SpamAssassin like these guys do but replacing the C/R, it's gold!
Similar to Seti@Home, sure... Except you pay Microsoft to have the calculations considered.
Also, what is Gates holding in that picture? A joint? Is that was he's smoking thinking people will accept this idea as part of their daily email lives so that microsoft can make even more barrels of cash?
It might cut down on those damn chain letters and stupid Internet jokes that get passed around 5000 times.
Can I bum a sig?
Email needs to be free....
Spam as a tool works as per the previous articles. It is a pain just like anything else, but instead of making me pay money to use email, why not spend you high budgets with an educational compaign to stop people from buying spammed products? No money made means no motivation. Problem solved. We voted with our dollars on banner ads and look how that market fell out. Rinse and apply to spam.
Also, what happens when we are forced to move away from email because we invite Microsoft to take over and control it?
How is that offtopic? He's saying Linux and Mac OS are likely to not support the system... which is true, and relevant.
ahh, gotta love those mods.
I don't care about spam.
BECAUSE:
1) The Bayesian filter in Mozilla (and other clients) *does* work.
2) The Bayesian filter in Mozilla (and other clients) *does* work.
3) The Bayesian filter in Mozilla (and other clients) *does* work.
So, where is the problem? Am I forced to do annoying things because the majority of people with email don't know how to use/setup Bayesian filters properly?
If paying money/taxes/annoying procedures are the sollution then email is really doomed. Thanks, to Joe Clueless and his inability to admit his incompetency instead of whining for absurd/pervert solutions.
Charging people postage for letters works because there is one centralized postal service which makes all the deliveries. Charging people for sending email will never work because nobody, not even Microsoft, owns the "email service." Because there isn't one. Just the SMTP protocol, and millions of computers which comply with it.
Maybe in a few decades people will catch on to the fact that the internet is global and decentralized, and that schemes like this are doomed to failure. You can't devise a pay-for-email scheme that doesn't have a dozen ways to get around it-- especially since this plan appears to be destined for the US only. As if every unsolicited email I get can't be traced to Taiwan, Korea, or Russia.
This plan is like the automatic security gate at my apartment complex-- annoying to legitimate users, absolutely ineffective against all but the most inept criminals.
I am Sartre of the Borg. Existence is futile.
That sounds an awful lot like a GPL-ism to me.
Picture somebody sending you a message in a good natured way and inviting you to respond in kind (A "I found your website interesting. Wana chat?" message)
You send back a response and attach your 1 penny stamp token.
Said person sending you an email is really a scamster. They keep the penny. Repeat a bunch of times, you've just made some money.
Gentoo Sucks
First off requireing on supposedly time consuming math is absurd. First off it can't be too complex because it would encumber normal users and recievers (who have to check it I suppose) second spammers will develope a cheat sheet (and if Bill doesn't think so he should do a search on the web for "Microsoft Product Activation Code".
My system is beautiful and simple.
Everyone use an OpenPGP program (maybe gnuPG) to sign all their email. then recipients can easily check a public keyserver (probably would have to set up more, but ideally each large domain would have one so you can check 'keyserver.microsoft.com' for the key for an adress from microsoft.com) of course you wouldn't need to check a server for someone in your keyring, but I bet through this method anti-spam webs of trust would become very easy to protect.
This is currently standards complient, so it breaks nothing. And it allows people to decide their level of protection.... you want unsigned mail to get through more power to you. You want to see only verified email fro people YOU know, go for it. you want to accept from any one who has signed that you can get the identity of from a keyserver, sounds great.
Why don't people do this? it requires nothing more than minimal changes to mail readers, and mild diligence. once it became popular enough its very easy to eliminate all non-trusted mail (although st first you would have to slowoly build it up of course)
is this that bad of an idea?
Shouldn't we ask the spammers to set the evil bit? We know that spammers in their good faith will set this in every bit outgoing packet. That should solve all the problems.
Please reply with remove@abc.def
By the way, our servers charge a $5 fee per email.
Unless this software is Free, you simply can't expect everyone to install on their systems; of course MS wants them to, but hey let's be realistic here: they won't.
They will if Bill rolls it into Windows Update and Windows XP.1 or whatever. They won't have a choice.
Let's be realistic here. Windows has a market share > 90%. If Windows adopts this technology it WILL take effect. Most users wouldn't understand "open source" if you beat them over the head with an esr book, nor would they care even if you did.
It'd have a regressive fee structure, because those with expensive, high-powered machines could afford to "spend" more CPU cycles
Umm.. no.
If it takes 10 seconds to send a spam on a normal PC, that's the end of spam. Having a machine 10 times, 100 times, or even 1,000 times faster won't matter.
Spammers need to be able to send HUNDREDS OF MILLIONS (sometimes BILLIONS) of spams to be economically viable.
If you set the required amount of processing so it's just barely annoying if you send 1,000 emails (and thus probably not even noticeable to anyone who isn't running a mailing list) then a spammer would need the equivalent of 100,000 CPUs to remain economically viable.
I bet if we did this it wouldn't be long before almost everybody signed up with a registered email service (or purchased their own certificates) only leaving illegitimate senders in the cold. Forged headers *should* be a thing of the past, we have the technology.
Anyhow, I fear at this point its going to be decided by the first large system that comes to market. Which looks like MS is really pushing to be.
Quack, quack.
This would be good if I got the money for the stamp. I would sign up for a service that charged 5 cents for a "certified" email, if I got 4 cents for every email I received.
I could just white list every email from this site. It would allow legitimate advertisers access to me through email. Access which none have right now, as I delete all spam and ADs.
The famous thing about the NP-complete problems is that they're hard to solve, but easy to check. That's presumably what's going on here. You can parcel out a rather large traveling salesman problem. But it doesn't take me 10 seconds to check it; it takes me far less than one second, even if I didn't know the answer beforehand.
I think that's kind of neat, actually.
So Johnny Badass can't bluff his way through; his work will be checked.
There are many other problems with this technique (a problem that takes 10 seconds on a 4 GHZ Pentium takes several minutes on a still-useful P133; non-upgraded computers get treated like criminals; patent terms could suddenly turn onerous) but the idea that a computer could bluff it out isn't one of them.
I'd rather get paid by the sender to read email. I'd sign up for all sorts of spam if I got a penny every time I read one. Emails I sent to my friends would be paid for by the money I made from spammers, and the excess could buy me a new Dual G5.
Imagine if they DID make money offa it. Every time Outlook's infected, and acts as a spam relay, you'll be billed $5,000 a month for the bulk spamming (you) do.
:/
Sounds fair.
-- Liberalism is a mental disorder.
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle
What if I am morally against what the math problem is trying to solve? Or what if the problem behind it is illegal in my city/state/country or breaks international treaties? Then I can't send email? Will I be told what the math problem is, or do I just blindly crunch numbers?
Time is money, and spammers would presumably have to buy many more machines to solve enough puzzles.
Would they really? Or would they just have to continue illegally taking over other peoples computers to use as spam zombies, and in taking over the computers, use those compromised systems to compute some part of this math puzzle? So who is getting screwed here? The spammers, or the people whose computers are no longer just sending out hundreds of spam emails, but are now tied up spinning on bits of math problems?
...for people running Sendmail and a *nix compatable email client, how do "they" plan on enforcing the cost of the stamps?
What is to stop me from having a mail server off US shores to provide my clients with cost-free email access? What is to stop spammers from setting up their own mail servers and forging the stamps? They certainly don't play by the rules right now!
Do they plan on forcing everyone to upgrade their mail clients and server software?
My biggest question, Who are "they". Are "They" the ones who will collect the money for these stamps? Is it M$? The ISP? The Government? Since a transaction is taking place, will there be a tax on the email? (you know the IRS will want their cut).
I run a mail server on a colo for myself and give space/access to my friends for free. Do I now have to charge them? Do I have to pay taxes on that?
Yes, this is a lot of questions, but they a) don't see have been asked yet, and b) don't have answers that I know of.
I am not for spam but I'll be damned if I will start paying for my email as a theory to stop spam when we all know damn well that it won't stop them.
I can't see how this could work. Any spam-prevention measure must also have some provision to deal with legitimate mailing lists. Some mailing lists can be quite busy and have thousands of members.
Also, Gate's method has a lot of flaws, security being only one of them. For example, how will you deal with all the various different operating systems and embedded hardware that send email? For example, my Netgear firewall box periodically sends me emails of logs or alerts.
Also, you can't easily change the way email is done because its use is so widespread.
Making it computationally based has a number of major flaws.
1. How do you deal with the wide range of computer performance? For example, my mail server is a Pentium II, which is more than adequate for my needs, or my firewall, which is a 50MHz StrongARM processor?
2. How would you allow others to use your computer to make computations? This opens up some serious security considerations, not to mention the fact that there's a wide range of processors and operating systems that would need to be supported. I won't run Seti@Home because the last time I ran it it crashed my mail server after over 200 days of uptime. I don't know what it was about Seti, but it would always immediately crash my server.
3. You would need to make everyone agree to do this. The Internet is international.
A better way would be to strongly encourage ISPs to block spammers and give them the tools to go after them. An ISP should be able to charge the hell out of a spammer on their network and encouraged to do so.
Why not give the backbones the power to cut off major spam sources and provide financial incentives to do so?
There's lots of other methods that could be used. If you make life completely miserable for spammers, they'll stop. If there's no profit, they'll stop.
If our stupid congress critters would do something right for a change, like California's anti-spam law that was blocked by the Washington idiots, then we'd have a lot more power to go after the spammers.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
"Why not use a system based on something like root certificates?"
Here's why not: Because hackers and worm authors will still have control of a vast network of computers, that will not only generate spam signed by the poor victim, but will also lead to that victim's e-mail access being revoked.
Relying on a review process would be too difficult - each new virus/worm could result in, say, a million affected machines, which means potentially a million reviews suddenly needing to be made.
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion.
So it is a simple matter of finding the spoofed email addresses.
This is how an email server would check inbound email:
1. receive email
2. lookup domain of sender. If does not resolve, discard.
3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard.
4. ask authority it if the user is known and what IP address it would be sending email from.
5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?
Isn't the Microsoft tax we pay per machine enough? Now we have to pay a Microsoft tax on email too? Since when did Microsoft become its own government? I say we dump all of the windows CDs in the harbor.
1. Validate sender.
2. Require the sender to encrypt their message with a key that is generated on your end.
3. Store message on sender's computer until requested by recipient.
A more in-depth explanation:
1. Only length-limited header information (title of message, return address, date, time, CRC, originator's encryption code, etc) would be initially sent. If the intended recipient wishes to read the message, a personalized key is sent to the return address, which then encrypts their message with this key and sends the information back. The return address would have to be valid for an extended period of time for any message including spam to work.
2. Since the encryption key is linked to one exact message, the sender will have to store the exact message on their server. The more personalized the message is (or the more random characters they throw in to spoof spam filters), the more information they will need to store on their side.
3. If you send a million 30KB spam messages a day and you need to store them for at least a week to make sure you'll receive a response, and it takes a second or two to encrypt each message on the fly, it will seriously drive up the cost of sending spam.
Why not just make email completely traceable to the isp level?
The only reduction in privacy would be that you could tell what ISP whoever sent the email from used. However, it would allow people to track where spam was coming from and forcibly block entire ISPs if they were recognized sources.
Naturally, someone will mention that somehting like this is already there... but it the existing system can be forged.
I think the way to handle it would be to force servers to append their IP to any email they relay. If any server encounters an email whos last appended IP doesn't match the source of the transaction, just dump it.
Sure, if you can fake the IP, then you can still bypass this, but I'd think it would help. Additional bits of authentication in server-server transactions might be able to compensate for forged IPs too.
Ok, so it needs some fleshing out, but is there anything obviously wrong with this?
If this scheme (somehow) takes off, it means that FOSS SMTP servers can't implement it (at least in IP-friendly countries). That means Exchange becomes the de facto mail server.
Hold on a second. In the beginning, MS MAIL and later Exchange didn't use SMTP. Microsoft mail systems were islands in the business world. In order for them to communicate with other mail systems a connector had to be set up between those systems. At the same time everyone else was using Sendmail and anyone could communicate with anyone else. It has only been in the past few years that Exchange became SMTP enabled and is now able to communicate with everyone else like the Unix people had been doing all along.
So, what's my point? The point is that while Exchange is immensely popular right now it is due to the ease of use and the feature set, not because it is a better system. In fact it wasn't until Microsoft improved Exchange by adding SMTP that so many companies started using it. Today Exchange uses SMTP exclusively, for server to server communication. There are too many, too good, FOSS mail systems out there for MS to implement an expensive scheme, with little hope of success, and have everyone adopt it. Think about it. Most big Exchange users front-end it with Sendmail or Postfix anyway just to keep down the viruses/spam/vulnerabilities/cost.
It is scary to think of email coming under Microsoft's control but, it just ain't gonna happen. Most people agree that the solution to spam is a rewrite of SMTP. But, those same people acknowledge that it is unlikely to happen because it would require that EVERYONE switch at once and that is just not feasible. Therefore it is equally unfeasible for Microsoft to get EVERYONE to switch at once and at considerable expense to everyone.
While Bill might wet his bed at night dreaming of everyone using his proprietary email system, it will never be more than a wet dream.
Dear Internet Subscriber: Please read the following carefully if you
intend to stay online and continue using e-mail: The last few months
have revealed an alarming trend in the Government of the United States
attempting to quietly push through legislation that will affect your use
of the Internet. Under proposed legislation (Bill 602P) the U.S. Postal
service will be attempting to bilk email users out of "alternative
postage fees". Bill 602P will permit the Federal Govt. to charge 5 cents
surcharge on every email delivered, by billing Internet Service
Providers at source. The consumer would then be billed inturn by the
ISP. Washington D.C. lawyer Richard Stepp is working without pay to
prevent this legislation from becoming law. The U.S. Postal Service is
claiming that lost revenue due to the proliferation of email is costing
nearly $230,000,000 in revenue per year. You may have noticed the recent
ad campaign "There is nothing like a letter". Since the average citizen
received about 10 pieces of email per day in 1998, the cost to the
typical individual would be an additional 50 cents per day, or over $180
per year, above and beyond their regular Internet costs. Note that this
would be money paid directly to the U.S. Postal Service for a service
they do not even provide. The whole point of the Internet is democracy
and non-inerference. If the Federal Govt. is permitted to tamper with
our liberties by adding a surcharge to e-mail, who knows where it will
end. You are already paying an exorbitant price for snail mail because
of bureaucratic inefficiency. It currently takes up to 6 days for a
letter to be delivered from New York to Buffalo. If the U.S. Postal
Service is allowed to tinker with email, it will mark the end of the
'free' Internet in the United States. One congressman, Tony Schnell (R)
has even suggested a "twenty to forty dollar per month surcharge on all
Internet service" above and beyond the government's proposed email
charges. Note that most of the major newspapers have ignored the story,
the only exception being the Washingtonian which called the idea of
email surcharge "a useful concept whose time has come" (March 6th 1999
Editorial) Don't sit by and watch your freedoms erode away! Send this
email to all Americans on your list and tell your friends and relatives
to write their congressman and say "No!" to Bill 602P Kate Turner
assistant to Richard Stepp Berger, Stepp and Gorman Attorneys at Law 216
Concorde Street, Vienna, VA.
********
Spam/Chain Mail predicting the future? Whaaa.
Literally. A few clock cycles wasted - would this really slow spam down? Doubtful.
.10 per e-mail, 1.00 per e-mail... - whatever the user defined- got their mail delivered and the user got paid to read it. People who didn't want to be bothered set a high rate and got a clean inbox, people who had a lot of free time make a buck a day reading 50 - 100 spam offers for enlargements of all types. People who don't legitimately have a business won't put up money and they don't get delivery.
I liked the opening
If the U.S. Postal Service delivered mail for free, our mailboxes would surely runneth over with more credit-card offers, sweepstakes entries, and supermarket fliers.
How does this differ from reality? Postage doen't prevent direct mail - I get more physical Junkmail than e-Junk.
But the reason for my post: Rather than Ideas to charge everyone to stop the abuser, why not create a system where users set a fee for reading mail in their inbox - anyone who wants to pay the set rate
Too complicated? Not any more complex than the other systems proposed.
I have nothing to hide. So, why are you spying on me?
How about if the money you paid for sending the email went to the recipient? And if the recipient was happy with the content of the email, there would be an automatic option to return the money to the sender.
:)
If a spammer was using this, they would never get the refunds from the recipients. If you're getting lots of spam it could prove quite profitable
You've completely misinterpreted my post. The NP complete statement is not referring to the computational requirements of the problem scaling linearly with the complexity of the problem, but scaling with the processing power of the CPU.
This is very different from something like, say, calculating the eigenvalues of very large non-sparse graphs, which is gated primarily on a computer's bus speed. A computer which is 100 times faster than another will still be in the same ballpark assuming reasonably similar chipsets.
There are whole classes of problems which have this quality, many in graph theory for instance. And if a dedicated researcher were to specifically look for such a problem I'm sure they could do much better. That's the point.