Slashdot Mirror
Gates on Spam
pvt_medic writes "Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project. There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp. (story has great picture of Bill Gates as well)" Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
This has been discussed before, and i replied to this before. Allow others to make calculations on your computer, eh? Would those calculations happen to be the spam solution MS Research came up with? Why don't they stick to that solution?! Strap it to SpamAssassin like these guys do but replacing the C/R, it's gold!
Similar to Seti@Home, sure... Except you pay Microsoft to have the calculations considered.
Also, what is Gates holding in that picture? A joint? Is that was he's smoking thinking people will accept this idea as part of their daily email lives so that microsoft can make even more barrels of cash?
Email needs to be free....
Spam as a tool works as per the previous articles. It is a pain just like anything else, but instead of making me pay money to use email, why not spend you high budgets with an educational compaign to stop people from buying spammed products? No money made means no motivation. Problem solved. We voted with our dollars on banner ads and look how that market fell out. Rinse and apply to spam.
Also, what happens when we are forced to move away from email because we invite Microsoft to take over and control it?
Picture somebody sending you a message in a good natured way and inviting you to respond in kind (A "I found your website interesting. Wana chat?" message)
You send back a response and attach your 1 penny stamp token.
Said person sending you an email is really a scamster. They keep the penny. Repeat a bunch of times, you've just made some money.
Gentoo Sucks
First off requireing on supposedly time consuming math is absurd. First off it can't be too complex because it would encumber normal users and recievers (who have to check it I suppose) second spammers will develope a cheat sheet (and if Bill doesn't think so he should do a search on the web for "Microsoft Product Activation Code".
My system is beautiful and simple.
Everyone use an OpenPGP program (maybe gnuPG) to sign all their email. then recipients can easily check a public keyserver (probably would have to set up more, but ideally each large domain would have one so you can check 'keyserver.microsoft.com' for the key for an adress from microsoft.com) of course you wouldn't need to check a server for someone in your keyring, but I bet through this method anti-spam webs of trust would become very easy to protect.
This is currently standards complient, so it breaks nothing. And it allows people to decide their level of protection.... you want unsigned mail to get through more power to you. You want to see only verified email fro people YOU know, go for it. you want to accept from any one who has signed that you can get the identity of from a keyserver, sounds great.
Why don't people do this? it requires nothing more than minimal changes to mail readers, and mild diligence. once it became popular enough its very easy to eliminate all non-trusted mail (although st first you would have to slowoly build it up of course)
is this that bad of an idea?
I bet if we did this it wouldn't be long before almost everybody signed up with a registered email service (or purchased their own certificates) only leaving illegitimate senders in the cold. Forged headers *should* be a thing of the past, we have the technology.
Anyhow, I fear at this point its going to be decided by the first large system that comes to market. Which looks like MS is really pushing to be.
Quack, quack.
The famous thing about the NP-complete problems is that they're hard to solve, but easy to check. That's presumably what's going on here. You can parcel out a rather large traveling salesman problem. But it doesn't take me 10 seconds to check it; it takes me far less than one second, even if I didn't know the answer beforehand.
I think that's kind of neat, actually.
So Johnny Badass can't bluff his way through; his work will be checked.
There are many other problems with this technique (a problem that takes 10 seconds on a 4 GHZ Pentium takes several minutes on a still-useful P133; non-upgraded computers get treated like criminals; patent terms could suddenly turn onerous) but the idea that a computer could bluff it out isn't one of them.
I can't see how this could work. Any spam-prevention measure must also have some provision to deal with legitimate mailing lists. Some mailing lists can be quite busy and have thousands of members.
Also, Gate's method has a lot of flaws, security being only one of them. For example, how will you deal with all the various different operating systems and embedded hardware that send email? For example, my Netgear firewall box periodically sends me emails of logs or alerts.
Also, you can't easily change the way email is done because its use is so widespread.
Making it computationally based has a number of major flaws.
1. How do you deal with the wide range of computer performance? For example, my mail server is a Pentium II, which is more than adequate for my needs, or my firewall, which is a 50MHz StrongARM processor?
2. How would you allow others to use your computer to make computations? This opens up some serious security considerations, not to mention the fact that there's a wide range of processors and operating systems that would need to be supported. I won't run Seti@Home because the last time I ran it it crashed my mail server after over 200 days of uptime. I don't know what it was about Seti, but it would always immediately crash my server.
3. You would need to make everyone agree to do this. The Internet is international.
A better way would be to strongly encourage ISPs to block spammers and give them the tools to go after them. An ISP should be able to charge the hell out of a spammer on their network and encouraged to do so.
Why not give the backbones the power to cut off major spam sources and provide financial incentives to do so?
There's lots of other methods that could be used. If you make life completely miserable for spammers, they'll stop. If there's no profit, they'll stop.
If our stupid congress critters would do something right for a change, like California's anti-spam law that was blocked by the Washington idiots, then we'd have a lot more power to go after the spammers.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion.
So it is a simple matter of finding the spoofed email addresses.
This is how an email server would check inbound email:
1. receive email
2. lookup domain of sender. If does not resolve, discard.
3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard.
4. ask authority it if the user is known and what IP address it would be sending email from.
5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?