Slashdot Mirror


Analysis of Spam, and a Proposed Solution

2bot_or_not_2bot writes "Spam: The Phenomenon is a detailed analysis of spam: products, scams, viruses, obfuscation methods, etc. Failed, and doomed-to-fail, methods of blocking spam are described. A general solution is proposed that does not: invade privacy, perform wide censorship or blacklisting, or involve payment and cooperation with corporations (beyond the transport and storage of data)." Hmmm.

14 of 370 comments (clear)

  1. Here's a solution... by Tuxedo+Jack · · Score: 4, Funny

    We apply Islamic law.

    They steal our time, money, and bandwidth.

    We take their hands.

    --

    Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
    1. Re:Here's a solution... by markan18 · · Score: 5, Funny

      Your post advocates a

      ( ) technical (*) legislative ( ) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      (*) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( ) Asshats
      (*) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      ( ) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      (*) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      ( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      (*) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      (*) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

      Doing the Right Thing should not be preempted by making a buck.

    2. Re:Here's a solution... by Krow10 · · Score: 4, Funny
      (*) Killing them that way is not slow and painful enough
      This is really my only problem with his suggestion.

      Cheers,
      Craig

      --
      Corollary to Clarke's Third Law: Any technology distinguishable from magic is insufficiently advanced.
    3. Re:Here's a solution... by corbettw · · Score: 2, Funny

      How 'bout blog comments?

      Bad choice. I mean, was there ever a time when they were considered "useful"?

      --
      God invented whiskey so the Irish would not rule the world.
  2. Examples by JohnGrahamCumming · · Score: 5, Funny

    I'm glad the author included so many examples of actual spam messages. I was beginning to wonder what spam looked like.

    John.

    1. Re:Examples by nizo · · Score: 4, Funny

      Also, apparently the author doesn't get enough spam, because he included his email address at the end of the article.

  3. Revenge on Spammers by Kushy · · Score: 5, Funny

    The best way to stop SPAM is to find the person(s) that are sending and post their personal information on the web. Everything email address, phone numbers, cell phone numbers, home address, business address, dogs name... everything there is... and let vigilante justice take over from there...

    I mean come on, if only .5% of the people (s)he sent out spam to call his cell phone and leave a nice voicemail, everyday, all day, he will start to know what it is like to be harassed and for it to cost him money out of his pocket and the grief that he caused so many...

    --
    "The word "genius" isn't applicable in football. A genius is a guy like Norman Einstein," - Joe Theisman
    1. Re:Revenge on Spammers by Anonymous Coward · · Score: 3, Funny

      A few years ago Spamers would send out their phone number to call for more information. You would always get the answering machine so I would you the MSN phone that limited you to 5 minutes anyway. I would call and let the spammer listen to the music i was listening to until his box filled up. It would take a bunch of calls but I wasn't busy. I wish I could find a Perl module to auto dial these number and leave supper long messages with an electornic voice. Hmm I havent look at spam latley - I wonder if there's any phone numbers today.

    2. Re:Revenge on Spammers by ikkonoishi · · Score: 3, Funny

      Hmmm... might as well... it is endorsed by the editor.

      Your post advocates a

      ( ) technical ( ) legislative ( ) market-based (x) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      (x) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      (x) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      (x) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( ) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      ( ) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      (x) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      (x) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      (x) Ideas similar to yours are easy to come up with, yet none have ever
      been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      (x) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!

  4. Have fun people by lavalyn · · Score: 2, Funny

    There's a reason why the spam-fighters are so pessimistic about the possibilities. You can't match all of the below. (In particular, we want to manage our own mailservers, but won't let others because they are incompetent. We want to receive all non-spam email but also want no spam to get through filters. We don't want legislation and bureaucracy to get in the way. We don't want to pay per email because of our high volume mailing lists like lkml. etc etc.)

    ------
    Your post advocates a

    ( ) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

    --
    Doing the Right Thing should not be preempted by making a buck.
  5. Seconded. by Moderation+abuser · · Score: 4, Funny

    My spam folder is full of mail with all sorts of crap random words.

    The one or two which have gotten through look like they could have been written by a Perl guru.

    --
    Government of the people, by corporate executives, for corporate profits.
  6. Signed email by Orgasmatron · · Score: 2, Funny

    Uh, I think this guy just invented signed email.

    --
    See that "Preview" button?
  7. Tell you what. by Moderation+abuser · · Score: 4, Funny

    Post your email address and I'll forward my spam messages to you. That'll train your bayesian filter.

    --
    Government of the people, by corporate executives, for corporate profits.
  8. You Might Be An Anti-Spam Kook If... by FattMattP · · Score: 4, Funny
    You Might Be An Anti-Spam Kook If...

    Each item in the following list was suggested by the words or actions of people who presented themselves to the IETF or elsewhere as having discovered the FUSSP. Some of the items may seem obscure to those who have not dealt with the IETF.

    • You have discovered the Final Ultimate Solution to the Spam Problem (FUSSP).
    • You are the first to think of the FUSSP.
    • You started looking for the FUSSP after observing that it is impossible to filter more than 99% of spam with fewer than 0.1% false positives by currently available mechanisms.
    • Despite being the inventor of the FUSSP, you are unfamiliar with "false positive," "false negative," "UBE," "tarpit," "teergrube," "Brightmail," "Postini," "SpamAssassin," "DNS blacklist," "HELO," "RBL," or "mail envelope."
    • You plan to make money by licensing the FUSSP.
    • You don't plan to make a fortune from the FUSSP, but you do expect fame as its generous and public spirited netizen inventor.
    • You are deeply hurt and angry because you are not respected as "spam fighter."
    • People don't see the value of the FUSSP because they have axes to grind, are jealous, or are too stupid to understand it.
    • You learned how to stop spam during the more than six whole weeks you've been fighting it.
    • The FUSSP assumes that your attention is so important that strangers, other than advertisers, from will pay money to send you mail.
    • Despite having invented the FUSSP, you not only don't know the difference between the SMTP envelope and SMTP headers; you doubt there is such a thing as the SMTP envelope because email doesn't involve paper.
    • Despite having invented the FUSSP, your SMTP header and DSN reading skills are so limited that when you send an objectionable message to two separate sites, you can't tell which of one of them rejected it.
    • You cannot name several potentially fatal flaws in the FUSSP.
    • All you need to do to get the FUSSP implemented and deployed is to publish an RFC or get a law passed.
    • You don't recognize any significant difference between deploying and implementing the FUSSP.
    • You plan to publish an RFC mandating the FUSSP but have never heard of RFC 2223 or RFC 2026.
    • Inventing the FUSSP did not require that you know the difference between RFC 821 and RFC 822 or that they have been replaced by RFC 2821 and RFC 2822.
    • You don't know the relevance of "consensus" or "IESG approval" to publishing RFCs.
    • You think all RFCs have the same standing.
    • Spammers won't ignore, subvert, or exploit the FUSSP if you publish it as an RFC.
    • The FUSSP depends on spammers or mail recipients changing their behavior without any immediate gain.
    • The FUSSP won't be effective until it has been deployed at more than 60% of SMTP servers and that's not a problem.
    • The FUSSP is easy to implement and deploy, but you have done neither.
    • Your job is done after having explained the FUSSP to the IETF or The Industry.
    • Programmers will drop everything to implement the FUSSP.
    • You think that a violation of an RFC by an SMTP client or server is good and sufficient reason to reject all mail from the system's domain.
    • You know that SMTP has no authentication and have never heard of SMTP-AUTH, SMTP-TLS, S/MIME, or PGP.
    • You know that the failure of SMTP servers to authenticate the SMTP clients of strangers is a major bug in SMTP instead of an expression of a primary design goal.
    • Despite discovering the FUSSP, you don't know the meanings of MTA, MUA, SMTP server, SMTP client, or su
    --
    Prevent email address forgery. Publish SPF records for y