Slashdot Mirror
Gates on Spam
pvt_medic writes "Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project. There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp. (story has great picture of Bill Gates as well)" Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
This has been discussed before, and i replied to this before. Allow others to make calculations on your computer, eh? Would those calculations happen to be the spam solution MS Research came up with? Why don't they stick to that solution?! Strap it to SpamAssassin like these guys do but replacing the C/R, it's gold!
Similar to Seti@Home, sure... Except you pay Microsoft to have the calculations considered.
Also, what is Gates holding in that picture? A joint? Is that was he's smoking thinking people will accept this idea as part of their daily email lives so that microsoft can make even more barrels of cash?
story has great picture of Bill Gates as well
.02,
Is he praising Mel Gibson for Passion of Christ? Is he smoking one incredibly fat doober that would make even Tommy Chong jealous? Is he trying to convince the Pope that Longhorn isn't named after a pornstar? Or is he really just THAT great?
You decide.
Seriously:
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle. The exercise would merely serve as proof of the sender's good faith.
And how the fuck would this make a difference? So what? The computer that is supposed to do the work is going to be like Johnny Badass in 2nd grade math class... They are not going to do their homework and just try to bluff it through class. If they do end up having to hand it in to be graded they are just going to get around it some other way. We will end up blocking just as many hosts as before.
Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.
No kidding. Gates came up w/it why would you be surprised he wouldn't want to protect his idea? No conspiracy here... Was the comment necessary?
Just my worthless
We use his personal bank accounts to pay for the postage.
~S
According to the Info World article about Microsoft's Caller ID patents, Microsoft's license "... will encourage all parties involved to allow the Caller ID technology to develop and improve without being hindered by license restrictions or royalty schemes"; and "Microsoft wants to do more than merely give (Caller ID) away, they also want to make sure nobody else can profit from it."
:-)
Seems like a perfect application for the GPL to me.
No.
Love, Tom.
Charging for email doesn't discourage spam. It discourages mass email. But there are many legitimate uses of mass email, like discussion lists, automated order confirmation emails, etc. - and increasing the costs of sending this type of mail will hurt open-source developers and small businesses the most.
.org? Yeah, right!
It's not surprising that Microsoft doesn't see the problem with this. They can afford to buy a few more mail servers to handle all of microsoft.com's outgoing mail, and they'd love it if people had to buy more servers (each running a copy of Windows, of course) just to handle all of the added computational costs of sending mail.
In the article, "Goodmail chief executive Richard Gingras said individuals might get to send a limited number for free, while mailing lists and nonprofit organizations might get price breaks." But how do you know who's a nonprofit? Someone with a
I believe that SPF currently has the potential to put the biggest dent in spam, since it directly addresses forged email addresses without needing to replace SMTP. It's not a complete solution, but it's a lot more realistic than Microsoft's idea.
It might cut down on those damn chain letters and stupid Internet jokes that get passed around 5000 times.
Can I bum a sig?
The rest will burn in the Final Conflagration between the Dark Prince's OS and the upstart Penguin!
Muwahahahahahahahaha!!!!!
It pains me to think that MS will have IP hooks into this stuff, but one thing, however, is clear... A system isn't far away, and when it's in place, the spam and virus f*cks will be screwed--and I can't wait to see them fold (it least, to a large degree). For once, virus authors will have to make *real* exploits (rather than take advantage of Outlooks click-and-run garbage) and spam people will have to pursue legit forms of mass mailing.
One thing's for sure, as a receiver of 500-1000 spam and virus emails a day, I welcome the not-too-distant future.
G-Force music visualization
Requiring people to let the sender or some third party execute instructions on the sending machine is so fraught with problems, it's hard to know where to start. Unless this software is Free, you simply can't expect everyone to install on their systems; of course MS wants them to, but hey let's be realistic here: they won't. If it's only available in binary, it would lock out anyone using an unsupported OS (or version thereof). It'd be a new security hole in the sender's machine just begging (with a big neon sign) to be exploited, and would complicate the use of firewalls, especially those using NAT. It'd have a regressive fee structure, because those with expensive, high-powered machines could afford to "spend" more CPU cycles (heck, build a beowulf cluster of discarded 486's to buy more spamming rights), while some poor sod using a Pentium/150 can hardly afford to give up any.
http://alternatives.rzero.com/
The most explosive growth for Internet usage (including the almighty email, of course) is coming from third world nations. A penny here or there may not affect someone from the first world, but it sure would make a difference in poorer parts of the globe.
I always save my last mod point to mod up a good troll. You people are too serious.
Email needs to be free....
Spam as a tool works as per the previous articles. It is a pain just like anything else, but instead of making me pay money to use email, why not spend you high budgets with an educational compaign to stop people from buying spammed products? No money made means no motivation. Problem solved. We voted with our dollars on banner ads and look how that market fell out. Rinse and apply to spam.
Also, what happens when we are forced to move away from email because we invite Microsoft to take over and control it?
The only great picture of Bill Gates that I know of are ones of this incident
"Freedom means freedom for everybody" -- Dick Cheney
How does this help in the case of spammers creating massive networks of compromised hosts which are then used to send spam in a distributed manner? Such a "pay-with-cycles" technique is useless in this case, since you can still send a *massive* amount of spam with a few million compromised computers, even if each one can only send, say, one email per hour.
We're not quite sure who you are, but we're with you. Love, Steve and Linus
I've got more mod points and GMail invi
Aren't most spams sent using hijacked PCs anyway?
Why wouldn't the spammer be willing to sell cycles on the zombie PCs?
I'd rather get spam than pay Microsoft for email (indirectly, it seems, through patent licensing).
I do agree that this could be potentially troublesome for companies like amazon that send out large quantities of confirmation emails. But I imagine those would still be received and stored somewhere -- the user would just have to go poke around for emails they were expecting but hadn't specifically authorized.
Wouldn't current methods trivially circumvent this?
1) Spamhouse uses viruses to own assorted desktops (just like they do now).
2) Instead of just using those boxes as oen relays (like the do now) they first have them 'pay' this postage.
That charging for email means that *nobody* will be able to run a free mailing list service anymore. Or, alternatively, be just as easy to get around as the current system. Or, even better, have a new set of quirks and possibilities for abuse that would further ruin our email systems.
The problem is, the main reason why the Internet has worked and CIS, GEnie, ISDN, Teletex, etc. have all fallen by the wayside is because you pay for bandwidth, not services.
No, the problem is, there's no good way to kick somebody off of the Internet.
Gentoo Sucks
I pay for my internet service, I pay for my pc, my taxes ( way too much ), my electrical bill... and my time isn't free.. ( though my software is )
Why should I have to pay more just because the government refuses to enforce laws that already exist.. Remember the no fax spam laws that pre-date this 'internet thing'? They prohibited sending faxes due to the fact the receiver had to foot the bill for the 'privilege' of getting the spam, due to expenses of paper and ink.
This doesn't even touch the fact that a large percentage of spam is pornographic, and being sent to minors.. also a crime in this country....
So fact Bill is in it to profit ( go figure ) has nothing to do with my statement...I f-ing pay enough now.. And im sick of it.
---- Booth was a patriot ----
Does anyone -really- believe the cost would stay 1 cent? It would stay there for a while, until everyone considers paying for emails normal, then it'll rise and never come back, guaranteed.
Have you ever used MS Windows? Have you ever used MS Windows... on Weed?
It's great man... there a little paper clip hiding in the corner. What's he doing there? I don't know, man!!! Red team go! Red team go!!!
Fire in the sky
Microsoft makes peace with Spam, tells everyone to learn to live with it and love it.
Could you imagine the security problems we'd have if Microsoft developed software that forced us to leave machines open to remote connections in order to "pay" for mail.
I have enough security problems with downloading email and web content onto Windows machines. God only knows what would happen if people could upload shit onto my machine without my approval.
It's a novel idea. But I wouldn't trust MS to implement it.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Charging people postage for letters works because there is one centralized postal service which makes all the deliveries. Charging people for sending email will never work because nobody, not even Microsoft, owns the "email service." Because there isn't one. Just the SMTP protocol, and millions of computers which comply with it.
Maybe in a few decades people will catch on to the fact that the internet is global and decentralized, and that schemes like this are doomed to failure. You can't devise a pay-for-email scheme that doesn't have a dozen ways to get around it-- especially since this plan appears to be destined for the US only. As if every unsolicited email I get can't be traced to Taiwan, Korea, or Russia.
This plan is like the automatic security gate at my apartment complex-- annoying to legitimate users, absolutely ineffective against all but the most inept criminals.
I am Sartre of the Borg. Existence is futile.
That device he's holding in the picture is a slide changer for the speech he's giving... Do all executives take the same class to teach how to give a speech? Regardless of company (Microsoft, Intel, Apple, etc, as long as its a tech speech), they all seem to come out with the same horribly hunched over shoulders, and hold that damn thing with two fingers while spinning it around with their other hands fingers.
It's such a pet peeve now that I can't even watch keynote speeches anymore.
DrPascal: Not the language, the mathematician.
That sounds an awful lot like a GPL-ism to me.
Picture somebody sending you a message in a good natured way and inviting you to respond in kind (A "I found your website interesting. Wana chat?" message)
You send back a response and attach your 1 penny stamp token.
Said person sending you an email is really a scamster. They keep the penny. Repeat a bunch of times, you've just made some money.
Gentoo Sucks
...now those mass mailing trojans will slow your computer down even more!!! A completely useless idea as I see it, except to pad Gates pocket book.
If MS is in charge of selling the distributed computer time, all those security holes and the trojans that take advantage of them will become their primary revenue stream.
First off requireing on supposedly time consuming math is absurd. First off it can't be too complex because it would encumber normal users and recievers (who have to check it I suppose) second spammers will develope a cheat sheet (and if Bill doesn't think so he should do a search on the web for "Microsoft Product Activation Code".
My system is beautiful and simple.
Everyone use an OpenPGP program (maybe gnuPG) to sign all their email. then recipients can easily check a public keyserver (probably would have to set up more, but ideally each large domain would have one so you can check 'keyserver.microsoft.com' for the key for an adress from microsoft.com) of course you wouldn't need to check a server for someone in your keyring, but I bet through this method anti-spam webs of trust would become very easy to protect.
This is currently standards complient, so it breaks nothing. And it allows people to decide their level of protection.... you want unsigned mail to get through more power to you. You want to see only verified email fro people YOU know, go for it. you want to accept from any one who has signed that you can get the identity of from a keyserver, sounds great.
Why don't people do this? it requires nothing more than minimal changes to mail readers, and mild diligence. once it became popular enough its very easy to eliminate all non-trusted mail (although st first you would have to slowoly build it up of course)
is this that bad of an idea?
Please remit one fully factorized 2048 bit random number.
Love, Bill.
IT seems like Spam is largely able to exist just because of the widespread looseness in SMTP. If access to SMTP servers is restricted with accounts (either with authentication or address recognition, etc. for LAN's), and then further checking is done by other SMTP servers to validate the hostnames, addresses, etc. so that random SMTP servers can't just be set up. Then sent e-mails should always be able to easily be tracked down to the account that sent it (relevant info could be added to the header) and that account can be disabled for spam. If the reporting process were relatively streamlined objectively, then the effort of overcoming the obstacles would outweigh any benefit.
I don't try to be right, I just try to make people think
Forcing some sort of email "stamp" in any way will do one thing, fragment the email standard as those who don't want to pay/can't afford to pay will adopt a new standard of sending messages.
Then I'm sure the lawyers would muck it up even more by trying to enforce ISPs to regulate the new email/message sending system and we would get into the very thorny issue of what constitutes an email?
What about IRC chat, or Instant Messaging, or message board messaging systems? Would those fall under the email stamp tax?
Spam is annoying but I personally will not pay again for my service. I pay for my bandwidth and I know how to filter my email properly. Forcing me to pay again for email will only insure that I will be one of those who switches to another standard.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
I bet if we did this it wouldn't be long before almost everybody signed up with a registered email service (or purchased their own certificates) only leaving illegitimate senders in the cold. Forged headers *should* be a thing of the past, we have the technology.
Anyhow, I fear at this point its going to be decided by the first large system that comes to market. Which looks like MS is really pushing to be.
Quack, quack.
Comment removed based on user account deletion
This would be good if I got the money for the stamp. I would sign up for a service that charged 5 cents for a "certified" email, if I got 4 cents for every email I received.
I could just white list every email from this site. It would allow legitimate advertisers access to me through email. Access which none have right now, as I delete all spam and ADs.
The famous thing about the NP-complete problems is that they're hard to solve, but easy to check. That's presumably what's going on here. You can parcel out a rather large traveling salesman problem. But it doesn't take me 10 seconds to check it; it takes me far less than one second, even if I didn't know the answer beforehand.
I think that's kind of neat, actually.
So Johnny Badass can't bluff his way through; his work will be checked.
There are many other problems with this technique (a problem that takes 10 seconds on a 4 GHZ Pentium takes several minutes on a still-useful P133; non-upgraded computers get treated like criminals; patent terms could suddenly turn onerous) but the idea that a computer could bluff it out isn't one of them.
"where does all the sudden hostility come from?"
spam
the computer is online
i am not at it
what a waste of ressources
I own a business and we get something like a fair amount of sales leads via email.
I wonder how many people would not bother contacting us to inquire about services if they had to pay for the priviledge?
Also, I exchange A LOT of emails with existing clients...working off-site makes email the prefered mechanism of communication. I already pay for Internet Access (which currently includes access to routes between mail servers); I'd sure hate to have to pay for using a particular service on the Internet that is now free.
IMO, Spam is best fought at the source. Filters like SA are great for the user end, but the demand on the wires is still there (the recipient server has to GET the spam for it to be dropped). Go after the spammers themselves. Hard. With both barrels.
(1) Make it financially unattractive to spam. This can be either by fines or by MORE user education to NOT RESPOND to the dang things.
(2) Go after them criminally. They put an arguably unethical demand on everyone's Internet; who knows how many hardware failures are accelerated by the traffic due to spam (disks, NIC's etc). I liken spammers to someone who blows up, or at least physically blocks, a bridge on a public highway.
Computational Chemistry products and services.
Free evenings and weekends? Seriously, this isn't going to work. There will be abuses, a situation similar to the internic.net registry debale of a few years back, with everyone stumbling and fighting to be a registrar. Microsoft in charge? No thank you. Also, as companies get bigger, you know that there will be discounts for quantity. There are going to be proxy re-mailers popping up.
Secondly: There will be a skimming situation created, where your local ISP will skim off "pennies on the penny" to send emails. Also, if and when the "registrar" like situation comes into play, the large ISPs will have favorites.
Thirdly: This is just begging for government monitoring. I mean, the accounting would be in place, why would the government not want to use it?
BTW, maybe Microsoft and the gang are appealing to the government for this very reason...
I'd rather get paid by the sender to read email. I'd sign up for all sorts of spam if I got a penny every time I read one. Emails I sent to my friends would be paid for by the money I made from spammers, and the excess could buy me a new Dual G5.
Imagine if they DID make money offa it. Every time Outlook's infected, and acts as a spam relay, you'll be billed $5,000 a month for the bulk spamming (you) do.
:/
Sounds fair.
-- Liberalism is a mental disorder.
...for people running Sendmail and a *nix compatable email client, how do "they" plan on enforcing the cost of the stamps?
What is to stop me from having a mail server off US shores to provide my clients with cost-free email access? What is to stop spammers from setting up their own mail servers and forging the stamps? They certainly don't play by the rules right now!
Do they plan on forcing everyone to upgrade their mail clients and server software?
My biggest question, Who are "they". Are "They" the ones who will collect the money for these stamps? Is it M$? The ISP? The Government? Since a transaction is taking place, will there be a tax on the email? (you know the IRS will want their cut).
I run a mail server on a colo for myself and give space/access to my friends for free. Do I now have to charge them? Do I have to pay taxes on that?
Yes, this is a lot of questions, but they a) don't see have been asked yet, and b) don't have answers that I know of.
I am not for spam but I'll be damned if I will start paying for my email as a theory to stop spam when we all know damn well that it won't stop them.
I can't see how this could work. Any spam-prevention measure must also have some provision to deal with legitimate mailing lists. Some mailing lists can be quite busy and have thousands of members.
Also, Gate's method has a lot of flaws, security being only one of them. For example, how will you deal with all the various different operating systems and embedded hardware that send email? For example, my Netgear firewall box periodically sends me emails of logs or alerts.
Also, you can't easily change the way email is done because its use is so widespread.
Making it computationally based has a number of major flaws.
1. How do you deal with the wide range of computer performance? For example, my mail server is a Pentium II, which is more than adequate for my needs, or my firewall, which is a 50MHz StrongARM processor?
2. How would you allow others to use your computer to make computations? This opens up some serious security considerations, not to mention the fact that there's a wide range of processors and operating systems that would need to be supported. I won't run Seti@Home because the last time I ran it it crashed my mail server after over 200 days of uptime. I don't know what it was about Seti, but it would always immediately crash my server.
3. You would need to make everyone agree to do this. The Internet is international.
A better way would be to strongly encourage ISPs to block spammers and give them the tools to go after them. An ISP should be able to charge the hell out of a spammer on their network and encouraged to do so.
Why not give the backbones the power to cut off major spam sources and provide financial incentives to do so?
There's lots of other methods that could be used. If you make life completely miserable for spammers, they'll stop. If there's no profit, they'll stop.
If our stupid congress critters would do something right for a change, like California's anti-spam law that was blocked by the Washington idiots, then we'd have a lot more power to go after the spammers.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
If sending regular email via the existing methods becomes a pay-for-play service, then it's only a matter of time before an entirely new email protocol surfaces that allows participants to send mail for free.
I suppose you could say it'd be "voting with your dollar" to shut down any efforts to control the Internet in such a manner.
"It was hell!" recalls former child.
"The proceeds of a stamp would likely find its way into his pocket, I'm sure."
Okay, I propose an alternative, and I'm not going to patent it.
Sender wants to send you an email, they have to spend 10 seconds trying to crack X-Box keys.
I'd like to propose a system by which users will have to pay for their slashdot submissions, to cut down on duplicates.
If Microsuck can not even keep it's own operating system from being hacked and pirated, how is it going to keep it's email systme from being hacked and pirated. I can see everyone "paying" to use email while the spammers hack the system and pay nothing. And we'll still get a crude-load of spam!!
Articles like these really make me sad.
When the Internet exploded and the joe masses came flooding in there were many rapid changes witnessed. Many of these changes were tremendously wonderful, and many weren't.
Over the years we saw the tug of war between those who think that the net is evil and must be controlled, and those who are intelligent enough to govern themselves and contribute to the common good.
There were many different attacks on our freedom, and usually we prevailed because it was obvious that proposed restrictions would damage our precious medium. But lately the anti-spam efforts begin to scare me.
I'm scared because most people hate spam. So even people who are normally freedom-fighters give a moment of pause to think, "Well, I really do hate spam, maybe I should consider this."
The answer to problems that arise within the net are never ones that limit and merely mimic our failing systems elsewhere.
I too was pulling out my hair over the explosion of advertising. I realized that it was collecting in my memories, permanently, like toxic waste being spewed at my senses.
For the most part however I have returned to serenity. I use Mozilla Firefox with the Adblock plugin, this takes care of all banners/popups. I also finally just installed spamassasin on my mail server and the hundreds of junk mailings that normally made my veins bulge are now routed behind closed doors to a junk folder.
To top it off I threw away my television. I can still enjoy the simpsons, but now it is commercial free. Caller I.D. protects me from unwanted calls. Simply lift the phone for a split second and slam it back down. And I do most of my business through the net so I can safely ignore snail mail.
The solution is already here. It is education, technology, and intellect.
[Paul Anka]
To stop those monsters 1-2-3
Here's a fresh new way that's trouble free
It's got Paul Anka's guarantee...
[Lisa]
Guarantee void in Tennessee!
[All]
Just don't look!
Just don't look!
Just don't look!
Just don't look!
"Why not use a system based on something like root certificates?"
Here's why not: Because hackers and worm authors will still have control of a vast network of computers, that will not only generate spam signed by the poor victim, but will also lead to that victim's e-mail access being revoked.
Relying on a review process would be too difficult - each new virus/worm could result in, say, a million affected machines, which means potentially a million reviews suddenly needing to be made.
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion.
So it is a simple matter of finding the spoofed email addresses.
This is how an email server would check inbound email:
1. receive email
2. lookup domain of sender. If does not resolve, discard.
3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard.
4. ask authority it if the user is known and what IP address it would be sending email from.
5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?
wait, this was already done! Last time I used Outlook to send an email, my computer churned for 10 seconds and then said "Illegal exception."
I guess this "math puzzle" [oh, so *that's* what they're calling it now] was too hard for Outlook.
The mail server comes up with two random primes, large but not "cryptographically large", sends their product, and waits for the factorization. The mail server could even precompute what random primes it will be using for future questions, or offload that task to another server if it is too busy.
GET YOUR WEAPONS READY! --DR.LIGHT
Isn't the Microsoft tax we pay per machine enough? Now we have to pay a Microsoft tax on email too? Since when did Microsoft become its own government? I say we dump all of the windows CDs in the harbor.
I know no one on /. reads the article, but what about the snippet at the top. You don't actually exchange cash at all, it's all about provably dedicating computer time. Money is NOT exchanged. This also would not affect DLs and other wide lists, because it would be the initial mail that would be computed, rather than all the redirected ones. As far as mailing to lots of people, that is a concern, but how many lists out there are >10000 in size? What this really limits is people who want to send to 1M people, and, yes, you're screwed there.
Today since its free to send everybody defines E-mail to be pretty much the same thing. However what happens when E-mail costs a penny to send? Won't every packet on the internet cost something to send? Otherwise some one can start up an open source project that implements software that provides the same functionality as E-mail but doesn't meet the current definition of e-mail, so its free to send/receive. Would the new software be E-mail or not? It makes a difference because if it is E-mail it costs money, if it isn't its free.
Of course the spammers might argue prior art - but when did that ever stop a patent being rewarded? However, if that fails, put the words, 'la la la la' in every mail. Now it's music and the RIAA can sue.
Hot damn, I should be a consultant!
98% of people will read this as: "So the richest man in the world wants me to pay for something I have always done for free?"
I predict his personal backing can only hurt this effort.
Email is valuable and popular because it is cheap and quick. Make it expensive and slow, and its value goes away. Hashcash-like proposals seek to make email suck more for all of us, in the hopes that it will be even more sucky for the spammers, so sucky that they'll quit.
But you cannot save email by destroying the things that makes it valuable and popular.
Edith Keeler Must Die
No I am not going to pay to send e-mail. Sorry, but Bill's proposal is not acceptable.
It is one thing to donate idle CPU time to something charitable and worthwhile, like SETI, if you wish to do so. But to allow a private corporation to freely enjoy things that cost me considerable money for, like a full time DSL connection, and the electricity to operate a PC with a 450 watt power supply 24/7, makes no sense. To require me to submit to this just so I can send e-mail is nonsense.
Other questions come to mind. If this proposed system is burdened with Microsoft patents, then exactly how will open-source or third-pary e-mail clients and servers be licensed with the Microsoft IP. Exactly what is that going to cost?
Why not just make email completely traceable to the isp level?
The only reduction in privacy would be that you could tell what ISP whoever sent the email from used. However, it would allow people to track where spam was coming from and forcibly block entire ISPs if they were recognized sources.
Naturally, someone will mention that somehting like this is already there... but it the existing system can be forged.
I think the way to handle it would be to force servers to append their IP to any email they relay. If any server encounters an email whos last appended IP doesn't match the source of the transaction, just dump it.
Sure, if you can fake the IP, then you can still bypass this, but I'd think it would help. Additional bits of authentication in server-server transactions might be able to compensate for forged IPs too.
Ok, so it needs some fleshing out, but is there anything obviously wrong with this?
Dear Internet Subscriber: Please read the following carefully if you
intend to stay online and continue using e-mail: The last few months
have revealed an alarming trend in the Government of the United States
attempting to quietly push through legislation that will affect your use
of the Internet. Under proposed legislation (Bill 602P) the U.S. Postal
service will be attempting to bilk email users out of "alternative
postage fees". Bill 602P will permit the Federal Govt. to charge 5 cents
surcharge on every email delivered, by billing Internet Service
Providers at source. The consumer would then be billed inturn by the
ISP. Washington D.C. lawyer Richard Stepp is working without pay to
prevent this legislation from becoming law. The U.S. Postal Service is
claiming that lost revenue due to the proliferation of email is costing
nearly $230,000,000 in revenue per year. You may have noticed the recent
ad campaign "There is nothing like a letter". Since the average citizen
received about 10 pieces of email per day in 1998, the cost to the
typical individual would be an additional 50 cents per day, or over $180
per year, above and beyond their regular Internet costs. Note that this
would be money paid directly to the U.S. Postal Service for a service
they do not even provide. The whole point of the Internet is democracy
and non-inerference. If the Federal Govt. is permitted to tamper with
our liberties by adding a surcharge to e-mail, who knows where it will
end. You are already paying an exorbitant price for snail mail because
of bureaucratic inefficiency. It currently takes up to 6 days for a
letter to be delivered from New York to Buffalo. If the U.S. Postal
Service is allowed to tinker with email, it will mark the end of the
'free' Internet in the United States. One congressman, Tony Schnell (R)
has even suggested a "twenty to forty dollar per month surcharge on all
Internet service" above and beyond the government's proposed email
charges. Note that most of the major newspapers have ignored the story,
the only exception being the Washingtonian which called the idea of
email surcharge "a useful concept whose time has come" (March 6th 1999
Editorial) Don't sit by and watch your freedoms erode away! Send this
email to all Americans on your list and tell your friends and relatives
to write their congressman and say "No!" to Bill 602P Kate Turner
assistant to Richard Stepp Berger, Stepp and Gorman Attorneys at Law 216
Concorde Street, Vienna, VA.
********
Spam/Chain Mail predicting the future? Whaaa.
There are a lot of "simple" solutions against spam like the one you describe. The problem with the server solutions - where the servers of the sender and receiver make some kind of negotiation to decide if the email is legit. - is that it only works if every server on the net is upgraded and that will never happen.
For example, let's say you receive an email from babar@domain.ii (imaginary tld). With your scheme, your server asks authorize.domain.il but domain.il hasn't upgraded and still use old simple email server. Email is discarded. That means no user from domain.ii can send you email.
bzzzt the internet is broken.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
Check out the fine print. "Microsoft and its Affiliates hereby grant you ("Licensee") a fully paid, royalty-free, non-exclusive, worldwide license under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations, provided, Licensee, on behalf of itself and its Affiliates, hereby grants Microsoft and all other Specification Licensees, a reciprocal fully paid, royalty-free, non-exclusive, worldwide, nontransferable, nonsublicenseable, license under Necessary Claims of Licensee to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations." basically whatever code you write, you must give to microsoft for free. Good deal eh?
Literally. A few clock cycles wasted - would this really slow spam down? Doubtful.
.10 per e-mail, 1.00 per e-mail... - whatever the user defined- got their mail delivered and the user got paid to read it. People who didn't want to be bothered set a high rate and got a clean inbox, people who had a lot of free time make a buck a day reading 50 - 100 spam offers for enlargements of all types. People who don't legitimately have a business won't put up money and they don't get delivery.
I liked the opening
If the U.S. Postal Service delivered mail for free, our mailboxes would surely runneth over with more credit-card offers, sweepstakes entries, and supermarket fliers.
How does this differ from reality? Postage doen't prevent direct mail - I get more physical Junkmail than e-Junk.
But the reason for my post: Rather than Ideas to charge everyone to stop the abuser, why not create a system where users set a fee for reading mail in their inbox - anyone who wants to pay the set rate
Too complicated? Not any more complex than the other systems proposed.
I have nothing to hide. So, why are you spying on me?
Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle.
//e?
How many years is that on my cellphone (which sends email) or my apple
Spammers can get around this in any number of ways. Let's say I run a boobie site and want to spam you... I have visitors browsing it running a client which does all the calculations I need to send millions of spam a day. After all, I have a captive army of geeks (boobies!) that'd be happy to run calculations in my stead in exchange for free boobies.
Compute cycles just aren't the answer since they're easy to obtain, and easy to fake, and who the hell gets to decide what problem gets worked on with MY cycles?
Cold, hard cash is the way to discourage millions of spams sent daily. And the payment should be "opt-in" by the recipient, so that you don't need to worry about your grandma charging you a nickle to send her an email.
Typical Microsoft conduct: showing up late to the party (people have been inventing "solutions" to SPAM for years now), coming up with solutions other people have already proposed (domain-verified sending and "pay with cycles" have been thought of a million times), and claiming to own them (with patents).
I especially love:
"Since they're dedicating it to the public free of charge, (Microsoft) doesn't want to be the patsy who builds a foundation just so other people can come along and erect a building on it, then sell the building," he said.
Can you say "BSD Stack?"
For the sake of argument let's assume Gate's has perfect vision and the world is going to cooperate, perhaps with some nudging, and it gets implemented and is effective.
Well there are all sorts of existing technology that could limit spam rates, stop client boxes from using unauthorized services, or unapproved domains, send auth... I'm not suggesting any of those things are or are not appropriate. Just that they do indeed exist and what's lacking is the will and cooperation. And without that his approach will not make things better. There are much easier ways to extend existing standards where that is needed.
It may slow the rate of growth but it won't stop the flood.
What it will generate though is more impetus to force older technology users to upgrade. And most likely servers will need to be upgraded as well. The cost will be insignificant to the spam kings who profit. Not even a bump really.
Of course we could ensure some sort of reliable client identification process is built it... Ooops that's a good benefit to DRM as well! What luck! And stopping spam is a good sales pitch.
Nah I haven't argued all the points. There are some good ideas out there as to how to stop spam in general.
But Gate's approach is let's all spend more money on more technology even though the gesture in the long run will be futile. Just because we can't cooperate on these things today doesn't mean we won't if we all spend more money on it (true but not plausible).
And with proper design we can eliminate this pesky free email too. Does he really think I'd ever pay for hotmail?
..who does the money go to, the email provider? This is all to M$'s advantage. What is one of the most user email providers? Hotmail. Who owns Hotmail? M$
Cheers,
RoadkillBunny
You advocate a
(X) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
(X) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Nathan's blog
The problem with requiring computation cycles is that you need to deal with a lot of older computers. I have friends with old Pentium-based computers, some of whom cannot afford a nice new P4 system.
Also, what happens to all these web-based email accounts like Yahoo or Microsoft's Hotmail? I guess they'll need to spend a lot of money adding processing power for their users to send email.
What's to stop someone from making hardware to do the processing? It shouldn't be too difficult to implement an FPGA or an ASIC that could do the processing much faster. I imagine it wouldn't take too long for PCI boards to come out to offload the processing for large mail servers, then spammers with money could just buy the board to offload the processing.
-Aaron
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Here's what I get from the MS docs:
Four categories:
1. Zombie Windows PC attempts SMTP with recipient MTA. Latter looks up published IPs (as XML in DNS "text" field) for "responsible" sender's domain MTA, finds the sender isn't one of these, drops the session.
2. Large ISP's MTA attempts SMTP with recipient MTA. Sender IP verifies. Recipient MTA looks up *certificate* of ISP and verifies it. Email delivered.
3. Small domain MTA attempts SMTP with recipient MTA. IP verifies, but there is no certificate. Recipient MTA asks sender *MTA* (not necessarily PC of originator) to factor a medium sized prime, or some such. Good sender solves problem, spam sender disconnects.
4. Roaming laptops, mail forwarders, anonymous remailers, etc. These are more problematic, but are handled by adding headers which identify the original responsible sender.
Problem: The Independent Email Certifying Authority. These verify that the large organization is following "proper email policies". But you can bet that these policies will be something rather consistent with the CAN SPAM act. In other words, you are still going to get a lot of "legal" spam.
Finally, MS will grant anyone a reciprocal license to use, modify, distribute, etc. *except* everyone must get their own license. So it appears at some point in time MS can start charging for the license, or bundling it, or whatever. The early adopters will still have good licenses, but MS can use the code they developed, put it in Windows, and then limit new use of the patented technology to the Windows platform.
For those who did RTFA, did I get it right?
Actually, XP isn't too bad, I'll admit.
;-).
:-(
I DO use XP at work as that is what is installed, so I have got some 'up-to-date' experience and XP is still a dog. Just less of a dog than previous versions (though the physicist downstairs would disagree with me. She very loudly refuses to upgrade from 2k
Sorry about your RH troubles. GNU/Linux is a fiddly bastard. I generally call it 'the least worse OS' and do my share of cursing it too. I then go use XP for a while and that helps me appreciate my GNU/linux system a bit more!
Let's see...
Microsoft Windows - good for maintaining network worm farms. Security a bad joke. Comes pre-installed, which is just as well - the install isn't a walk in the park anymore.
Linux - pain in the posterior to install and configure. But quite secure.
MacOS - Great usability but a little pricey and I trust Jobs with my data less than I do Gates.
That's all I can validly make a comment on from personal experience. But I am always on the lookout for something better. I expect something around 2005-6
The man with no surname and a silly hat
On the universe: It's bunk.