Slashdot Mirror
Impoverish a Spammer Today
esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"
The problem is that I've seen no good way to stop non spammers from paying as well.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
This could really change the way e-mail is distributed.
Craig Steffen
http://www.craigsteffen.net
What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.
"We all know that Crap is King" - Don Henley
Or maybe businesses should find a new way to communicate internally?
they should be able to survive just fine according to the SPAM nutrition fact sheet
So how will this effect hobbiest/enthusiest webmasters like myself who own and run our own web and mail servers and send out thousands of emails per day to users who are subscribed to our site and need to get these emails (they're updates about transactions they're involved in -- NOT spam). Messages that, when they aren't delivered for some reason, the recipients get upset and ask what is wrong -- that's how important the email is for us.
So how will this affect us? I make no money off of my site and I can't afford to spend any money sending email (on top of the costs of my site already). Even 1/100th of a cent would be difficult for me to spend (that would be an additional 10% to my monthly expenses which already come out of my own pocket!).
For the average home user who sends a dozen emails a week, this won't matter. At 1/100th of a penny, they'd only pay a couple bucks a year - but for someone like me who is volunteering to run a service for people but does not, has not and enver will spam - it is unfair to expect me to pay out 10,20 or 30 bucks a month or more. Especially when all that would be necessary is for the SMTP protocol itself to be retooled to be more secure in the first place.
why replace Viagra ads from a scam artist with Viagra ads from Pfizer?
Because I only trust my penis to professionals.
RTFA, it handles mailing lists fine. You whitelist the sender and then they don't need to stamp the mail.
The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.
I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.
It is just bush and the other idiots who signed the federal law, killed it and made it a recipient suffers system.
Fight Spammers!
One hundred emails for every Seti@Home work unit, for example.
Or you can simply store the body of a message on the sender's server until requested by the recipient. The person receiving the email could download it on demand just like they can a webpage, and the sender would have to set aside enough storage for all outgoing mail and give a valid return address in order for you to receive it.
They have a page with Frequently Raised Objections. Now I've made redundant 40% of the remaining posts to this article.
Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
who is sending the spam. It's the million zillion drones he's gotten infected with the latest Windows virus.
So making a cost for sending spam doesn't help computationally or otherwise, because he's not even sending the spam anymore.
-JDF
Why is this a problem? If what you are expected to pay depends on volume then it means that a non-spammer who only sends a few emails a day will have almost nothing to pay while a spammer will be unable to afford the work required to send thousands of emails. Since this is based upon proof of work and not an actual monetary amount, it will not be a cost that is difficult to bear.
Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."
Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.
I agree, but this project isn't exactly e-postage... it's more like E-e-postage... you pay in computational cycles, not dollars (or pounds or lira or whatever you trade in your part of the world).
So as long as you're not sending out several thousand messages to new and different recepients on a daily basis, you needn't really worry.
Camram FRO (Frequently Raised Objections)
A system such as sender-pays, which proposes a radical change in the email environment, inevitably generates objections. This is positive because it helps identify the strengths and weaknesses of the system. However, once objections have been worked through and the developers have answered the same questions approximately 10^20 times, a listing of Frequently Raised Objections is appropriate.
Isn't universal adoption necessary for a sender-pays system?
For a classic sender-pays system, the answer is yes--any system requiring universal adoption is a non-starter.
Because of this problem, the Camram project (and probably others) expanded the classic sender-pays model to a hybrid sender-pays model. One of the many strong features of the hybrid model for sender-pays is that it solves the problem of universal adoption. This new model provides anti-spam benefits to the very first user, and the benefits increase as you add users. Hybrid sender-pays lets you incrementally introduce an anti-spam device that will take a serious chunk out of the economic foundations of spam.
What kind of attacks are possible against a hybrid sender-pays system?
There are four known attacks on this system. Two of them attack the sender-pays system, one attacks the friend filter (i.e. the white list), and the last attacks the content filter. Content filter attacks are nothing new; we are in the middle of one right now where spammers are trying to bypass Bayesian filters. As the number of stamps increase, the "harshness" of the content filter can increase and eventually the need for content-filtering can go away.
The friend-filter attack comes from the implementation of white lists by name. If you know the content of the white list, then a simple forgery will let you bypass the filters. The trick of course is determining the content of the white list. One longer-term solution is to move to white listing by public key. Unfortunately, as long as there are folks not using the system, there will always be a need for white-listing by name.
Attacks on the sender-pays system involve trying to generate stamps faster. The first is the classic hardware accelerator. The best estimate we have for today is a 500 times speed up over software. There are both hardware and software responses to this attack but both responses effectively devalue the stamp or the means of production, which in turn restores the economic balance. The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
How do you deal with large-scale legitimate mail sources (i.e. mailing lists, mail houses, etc.)?
There are two issues here. Mailing lists don't really have a good solution with the first generation of stamps. The traffic mailing lists generate is fundamentally indistinguishable from spammers, therefore whatever hurts spammers will hurt mailing lists. The answer for right now is to not do anything with mailing lists. Let them send unstamped mail and let the user whitelist mailing lists or deal with the trapped message issue manually.
In the future, it will become easier to deal with mailing lists because of the second generation of stamps (opportunistic signatures). If the list is signed with its own stamps, then it would be let through without problem. Spammers would still be barred because their signatures would be ignored.
The second issue is
Will I have to wait an hour to send an email on my Via 500 MHz mini-ITX machine???
where is that big form listing why it will not?
Casual Games/Downloads
IT doesn't require mass adoption, only mass whitelisting.... and the ability to ignore a lost of false positives.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
Ok - so I run a web forum as a hobby. I get some donations from members that help pay for it but mostly I foot the bill. Occasionally, I like to e-mail all of my subscribers about a cool event or cool new happening - so now I have to pay some amount that, even a fraction of a penny, would amount to almost a month of hosting charges.
For companies with web presences it makes sense. Even if you use the idea that your ISP would pay a lot of the charge, we all know most ISPs will gladly hike fees in response to it.
From Camran's FRO
One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue.
You just have to love a product that has the potential to toast a clueless luser's computer. I would be more than happy to shell out good money for software that has "Makes PC's burst into flames" listed as one of the features. And this stuff is Free !
--LordPixie
We need a more fool proof system than this to make spammers PAY for the distraction and wasted time they inflict on us all. Die die die!
Best Community for Gaming and Gadgets!
On their site they address zombie machines. They claim that users of zombies would be more likely to notice the infection if it sucked up all their CPU and made their systems run hot...
I somehow doubt that.
But what I can't disagree with, is that getting the same amount of spam sent as they currently are, would take many (orders of magnitude) more zombies. They claim on their site that if you maxed out every known zombie you couldn't generate stamps fast enought to send spam at the current rates.
This could be a step in the right direction, but I am worried about many issues for a sender pays system.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Your post advocates a
(x) technical
( ) legislative
(x) market-based
( ) vigilante
approach to fighting spam.
Your idea will not work.
Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
I'm reading TFA and it states quite clearly "Mailing lists don't really have a good solution"
It seems to me that one should need only one stamp generator. I receive a payment request containing a message encrypted with a short private key, and as "postage" I need to decrypt the message and return it. As computers get faster, the key length used to encrypt the message gets longer. The receiver can thus decide how much postage is required.
This way the stamp generator doesn't need to have any secret component, and could be written in any language. It could be part of the mail client.
those spammers are a clever bunch...
they would just throttle their cpu usage, or suspend their process when there is a user at the machine
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
This is a calculation based stamp, not anything financial. It's not going to cost anything. It allows for white-listing on a per user basis that exempts senders from the stamp requirement. Therefore, if you wanted to get on a mailing list, you'd add them to your white-list. Yes, it's an extra step, but what's one extra step when you sign onto a mailing list compared to having to dig through hundreds of spam messages a day?
Have some (slightly out of date) documentation:
One section
Another section
Someone is doing something illegal lets charge them for doing it..
And in next weeks news you can kill someone and get away with it by paying enough money..
Oh crap I forgot that already happens in this country anyways so these anti spam ideas are right along our lines of justice.
Give me a break, We have some of the most lax punishments in the world for some crimes and insane punishments for others ( You can go to jail for killing someone and get out in 10 years, Get caught with some dope and you can go to jail for 10 years and come out homeless and bankrupt because the goverment took everything you own claiming it came from drug profits. )
What we need is a reform of our justice system and laws that work and have enough weight behind them to enforce.
Its a fact that while 80% of the spam come from servers outside of the US or hacked boxes, a majority of the spams advertise real world of which most are produced or the money handled by us companys. There are to many spammers out there to stop them all, Our better tactic would be to cut off the flow of money to those spammers..
Example in point, We put more hurt in the war on terror by seizing funds both here and overseas then we have done with all fighting combined. You can't bomb a building if you have no money to buy the materials needed to make that bomb.
Personal Website
is that this scheme does not allow us to send spammers to Abu Graib.
Ripped right from their website's Frequently Raised Objections:
If anybody can generate a stamp, what is to stop a spammer from generating stamps?
Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases. "
And....
The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
[all emphasis theirs]
It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?
--LordPixie
RTFA
RTFA
RTFA
RTFA
RTFA
you dont pay money, you pay cpu time. This wouldn't be an issue to you. It wont stop spam, but it wont inconvience you either.
No, you don't have to pay, because they go on your white list - either implicitly due to you generating a stamp once, or explicitly because you tell them to add your server to their white list.
It would help if you read the FAQ, btw, which addresses this in more detail.
Require your users to whitelist your address, and then don't stamp your messages.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Did you even read the proposal? I ask because both your original post and your response the the first reply iindicate that you still have no idea how this works, even after someone has been kind enough to save you from your own laziness and point out this proposal is not talking about a montary transation.
So, for your benefit, here is the "proof of work for complete idiots" version:
-You send your spam. Each recipient asks you to perform a proof of work, a mathematical problem that requires some CPU cycles.
-Your CPU starts chugging away at the requests and eventually performs all of the required proof of work.
-Your system responds to the proof of work request and the message is delivered.
-Your spam to your users is delivered, but not instantly because several hours of CPU work were required.
-Cost to you: nothing except a bit of electricity to keep your CPU chugging.
What happens when a virus propagates that white lists the spammers? While every technology that rises for this problem will have some kind of solution, they will also have some kind of weakness.
Though, my hats off to whoever makes a overall good solution.
This is microsoft's dream come true, but it does not work.
Look at your mail box. All that junk mail was paid with postage. It does nothing to deter them from continually bombarding you with the junk mail.
The only think it does is hurt the little guy. Big advertisers will always pay the price to spam you with junk mail and junk email.
This will just mean the little spammers will be replaced with big spammers. And the company controlling the postage meter will get quite rich. And your email will still contain just as much spam. Only it will be called targeted marketing material that you are interested.
>> this project isn't exactly e-postage... it's more like E-e-postage... you pay in computational cycles, not dollars
> now I have to pay some amount that, even a fraction of a penny, would amount to almost a month of hosting charges
Did you even bother to read the post you are replying to?!
- For the complete works of Shakespeare: cat
The only ones that can stop spam in its' tracks are the credit card companies. You have to make a purchase with a card. Have the credit card companies stop any payments to known spammers - problem solved. This is the bottom line - stop the flow of cash - stop the problem. Is there any reason this cannot be done? Why is this never mentioned. The companies that facilitate spam can stop it today.
Stay tuned for new sig...
- Sender is out of the country
- Sender is a zombie with fake credentials
- Sender is a zombie sending a virus, not advertising anything
Sorry, charlie, but much of the spam will be impossible to prosecute.Design for Use, not Construction!
Like whitelists and keywords, this is a special case of a token-based system. Token-based systems depend on the sender performing some action that is, at the time they send it, sufficiently hard to predict, unusual, or onerous for a spammer to bother with it.
For example, I have certain addresses that bypass my spam filter either partially or completely, and I have set up a scheme for my kids whereby a sender has to know a "magic word" to get in. Whitelists, of course, make the sender address the token.
Right now, these are good enough.
Spammers are beginning to respond to whitelists, though, and trying to guess sender names. It's only a matter of time before they start using the address books in their zombies to build up lists of probable whitelists, and start sending spam using pairs of addresses from the same address book the way viruses already are.
I agree. It is evident by the shear volume of REAL junk mail I receive that charging for email will not help. US bulk postage is cheap, not 1/100th of a cent, but still many companies make money off sending real junk mail that, um actually costs money to print. This is not the answer.
Any sender-pays system is dis-enfranchising and will ultimately be used to restrict access. Also, the model says that if you, as the sender, pay to send me email, I as the receiver don't have a choice in the matter. It assumes I want to receive you're email.
I already pay to send email and pay to receive it. More payment is not the solution.
Thanks, nothing says screw off and leave me alone but random automated demands sent from your server.
Something just occurred to me:
Currently there are laws in place which govern truth in advertising. What if it was made illegal to intentionally misspell words with the goal of circumventing content filters?
Also, can't we just file civil suits against companies who sell their products through spammers? I know that currently companies that have insufficient corporate ethics facilites set up (i.e., an ethics officer, a company ethics statement) can be held liable when one of their employees engages in unethical behavior, as there is a "culture" of non-ethical behavior in that company. Doesn't the same apply to companies that allow resellers or distributors to spam customers?
Karma: Chevy Kavalierma.
Combining challenge/response with cpu stamps, java and other factors. It allows the problem to change over time, requires no new software at the sender's end (which is the big non-starter) and still allows anonymous mail.
It's at this page on cpu stamps and challenge response.
Has it been over a year since you last donated to the Electronic Frontier Foundation
IT'S HOBBYIST. He is not hobbier than everyone else. A person cannot be described as hobby, hobbier, or hobbiest.
Yes, it states that, then states several solutions. I guess the developer doesn't consider whitelisting your mailing lists to be a good solution. I disagree, I think bulk mail is exactly the type of mail I don't mind whitelisting, while I would find it a major inconvenience to have to whitelist personal mail.
The postage systems aren't intended to stop spam, only to limit the quantity.
It is the volume of spam that bothers most people, if you make it sufficiently expensive to send the email, only legitimate business will send it.
Ideally they will turn to specifically targetted advertising (like google searches)
If these dorks knew how to explain what their system does.
This is some of the worst most piss-poor documentation I have ever seen.
IT'S HOBBYIST. He is not hobbier than everyone else. A person cannot be described as hobby, hobbier, or hobbiest. Duh.
If people would read about camram and hashcash before casting aspersions about the system, they'd know that senders are not paying real money to create hashcash stamps; they're paying with cputime that would have been wasted or used for seti@home otherwise.
I have yet to see a good objection to the following setup:
Use camram, hashcash for initial messages and rsa/dsa signatures once a signature has been whitelisted. Anything that doesn't have a whitelisted signature or hashcash gets fed to TMDA, or another challenge-response system to validate the sender's email address.
Plenty of people already use TMDA, and a TMDA challenge is the worst case scenario if you use the above system. The benefit is that people who are willing to pay hashcash and then sign subsequent messages don't have to worry about getting TMDA challenges from you, and get their messages delivered immediately. It also hedges against sender spoofing for those senders who have their signatures whitelisted (rather than their addresses whitelisted with TMDA).
Yep - I did RTFA. Didn't understand the concept, but I now do thanks to your insightful replies. :)
This has to be one of the stupidest system I've ever seen. Here's why: no one will adopt it. The average user can barely setup their email through a wizard, much less a pay-per-send system. Okay, so that admin implements it, here's what happens: Bill from sales comes down and says some guy who I gave my business card to at a tradeshow said he has to pay to send to me an email, he's pissed and I lost the account. WTF is that all about, IT guy? It Guy: Um, we implemented a new pay-per-send system to stop spam. Bill: But email's free, I'll have you ass. Bill complains to CEO, It guy gets fired or told to pull take that system down. That's the bright side, because most customers won't even complain, they just won't do business with that company and silently fade away, pretty much guaranteeing that you lose most sales. Nice try. Oh, just white list the guy you say, except you gave *your* business card to someone, so you don't know their email address until they send to you, so you can't white list them, until they get a pop-up saying they have to pay for something that's free. Everybody here loves to pay for things that are free right? You know what happens when someone tries to charge me for something that's free, the same thing that happens with you, you walk away. By the way, I have some air to sell ya. No really, it just costs 1/1000th of cent. Really.
I suspect the goal of a program like this really is not to stop spam. The goal would be to increase the marginal return from the spam that gets sent and for the network to grab a piece of the action.
When someone is paying you, it is extremely difficult to make judgments on quality of the mail. I've seen lots of email lists and newsletters start with good intentions then devolve into a garbage fountain.
In the end the pay to send networks will take money from anyone.
The real goal of such schemes is simply to increase the marginal returns from the spam. As the amount of spam sent to open email accounts reaches astronomical proportions, I can't help but think that the amount of cash the spammers get per email is dropping. I can't help but think that the end goal of pay for spam is that by throwing a rich third party into the equation, they will increase their return.
All the people running 200 MHz mail servers are only going to be able to send 10 legitimate emails per day and spammers will hijack more unpatched 3 GHz machines and do distributed computations and send out more spam than ever that gets through because it's passed the computation test.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
.. computational intensive blah blah.
All this complicated nonsense when a simple private/public key system would do. Start a (non corrupt) ICANN organization to handle storing and serving public keys which you have to prove identity for (a la the Paypal credit card verification system), add a X-Sender-Key-ID: to identify yourself and X-Message-Signature: to provide the private key signature for this specific message.
You can still accept messages without those headers... they just get an immediate 90% likely to be spam rating. Verification and validation could happen at the POP/IMAP host or at the client, as well as any relays in between.
Bad management trumps ideology - Show the world you want better leadership. http://www.timefornewmanagement.com
John Levine had the last word on sender-pays/e-postage systems quite some time ago. Apparently some people (ESJ) haven't been listening.
http://www.taugh.com/epostage.pdf
All such systems rely on whitelists to pass "wanted" mail, and inevitably, when no one antes up the "postage", devolve into whitelists. In the end, sender-pays offers NOTHING that a whitelist doesn't.
And end-users don't like whitelists.
--Og
If you *do* want email from a certain company, and you signed up for it, then you should add that domain/email to your white list. Simple as that.
I can think of no more annoying system than one that requires me to adjust some system every time I want an email confirmation from some company I am ordering from. What if you're at an art fair for example and fill out an email address on a card? I sure hope I remember to fill out that whitelist when i get home - if I even know where it's coming from!
What a way to twist the WWW and email into something unusable. Frankly I would far rather have what spam I do and filters than have to go somewhere every single time I need a new sender to be able to send to me.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So, as a spammer, all I have to do is distribute trojans which add me to the whitelists of people they infect (along with all the other usual functions, of course) and I can continue spamming the hell out of people?
Its not like people that are clever enough to avoid getting infected will fall for my spam anyway.
Just another little function to add to the next big virus that will no doubt hit people hard. Not only will their brand new computer have new features in their bonzi toolbar, their 3.4GHz P4 will be more than capable of spamming people fast enough.
Go for it. There is still money to be had in spamming, and you can bet that the spammers will find a way to have it!
Not all devices will have enough computing power available. My grandmother has an Amstrad E-mailer. How long will it take the 4Mhz Z80 in there to generate a stamp? How about the cpu in my phone?
From the Faq "You only generate a stamp the first time you mail someone." So when all 20 of the biggest spamhouses have generated a stamp for you, you are right back at square 1? Net cafes with changing clientelle pay a higher price than spammers? Forged headers cliaming to be from friends don't need a stamp?
A pizza of radius z and thickness a has a volume of pi z z a
I got a nice 5Mb download dsl, my own mailserver...
/dev/null and a trash email-adress...
:)
I could make a fortune with a simple redirection to
I gonna be rich
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
I DEPEND on several email lists, and the only way sender pays is if it is universal, and that would bankrupt the lists I'm on, having an extremely deleterious net effect on the free speech that the email lists of these extremely niche interests provide.
I think we simply need to throw more money at Interpol, getthem a "Spam Cop Agency" and make the punishments *severe* enough for spammers that it will snuff these asshats out of existence.
RS
Shoes for Industry. Shoes for the Dead.
we had with the major ISPs going to block peoples email/port 25 whatever if they are found to be spam spewers, there won't be as much of a problem with zombies. Enoughs enough, we need to treat people on the net as human beings with opposable thumbs and at least some level of adult competence. A small fee to access the net is not a license to be a clueless dingbat hoser forever and ever and a day. Just block zombiefied machines until they are verified fixed. If I got nailed, so be it, I expect to be blocked until it's cleaned up. I have zero problems with that.
And like they are doing with the latest windows/explorer exploit du juor, see where the spammers/recipients are making their profit, in this latest case sending the hijacked data to some russian place, all the carriers block that domain from any traffic, as much as possible, from this end anyway.
Fighting SPAM is no one silver bullet, but the combination of the techniques would probably work well enough. I'd go even further, if there are nations, or more accurately at least large domains and subnets that just refuse to cooperate, blacklist them.
We need the sane, adult, polite and responsible internet, it makes no sense to let the nutjobs,the crooks and the clueless hijack the entire internet and spoil it for everyone else. And if it doesn't happen voluntariily with normal users all the way to various corporations all cooperating, then sure as crap various governments will step in and censor and restrict hell out of it. I don't think we really want that second option.
Maybe email servers should operate like a DNS server instead of as a spooling server, providing a route to the recipient rather than actually sending the mail itself. Let the spooling and sending happen upstream at the sender's location.
The sender takes the full bandwidth penalty of sending every copy of their email because even an "open relay" doesn't equate to infinite bandwidth the way it does now.
I just found out there's no such thing as the real world. It's just a lie you've got to rise above. - John Mayer
...and let's see if people like Bernard Shifman and Scott Richter can spam me with an Etch-n-Sketch.
The "stupid lusers" machines will become less usable with all that stamp generation going on. They will be more likely to notice they need help. They will also be more likely to become frustrated with the computer and stop using it (unfortunate but still reducing spam).
Bottom line: If anyone can send you a message without penalty or authorization there will be spam. You can't have it both ways.
I agree - worms are the biggest problem with this scheme. You can't hold the spammer accountable because the spammer is most likely not even sending the spam but using millions of zombie machines.
The best way to deal with the problem is follow the money then show up at 4am and stick a Glock in the face of the spammers and their family members. After they shit the bed give them the option to play nice or die anonymously. Harsh? Yes. But not quite as bad as prior reform methods such as the Pyramid of Skulls*. I may be biased, my computer system was compromised by trojans from those bastards last week and pretty much I am still pissed about it.
* Historical note on the making decortive yet functional pyramid of skulls (taken, I shit you not, from kids.mapzones.com): 1258 Baghdad was conquered and sacked by Hulagu, grandson of the great Mongol conqueror Genghis Khan. Hulagu killed all the scholars in Baghdad and erected a pyramid from their skulls. He destroyed the elaborate irrigation system that the Abbasids had established. Iraq became a neglected frontier area ruled from the Mongol capital of Tabriz in Iran. In 1335 the last great Mongol ruler of this region died, and anarchy prevailed. The Turkic conqueror Tamerlane sacked Baghdad in 1401, again massacring many of its inhabitants. He, too, built a pyramid of skulls. Tamerlane's invasion and conquest marked the end of Baghdad's greatness.
well if you got infected by a virus that lets spam be sent to you, I would think you have more important things to worry about :)
Douglas P. Price
But what I want to know is why none of the current anti-spam approaches uses a web of trust or reputation system. I know--PGP has been around and hasn't caught on. But we could build the web on things other than--or in addition to--personal digital signatures. For example, host signatures and IP addresses. We would learn over time which sites effectively police their users, and which are run--or taken over by--spammers. It wouldn't be perfect--you could build a good reputation, then turn bad, or hijack a site with a good reputation (which would quickly go down), but I think it would hit the monetary incentive for spamming pretty hard.
This would take a while to become effective, but there are no real barriers to adoption, it doesn't require changing end-user behavior or client software, it's not obnoxious, and it retains all the decentralized, end-to-end flexibility of email.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
My heart bleeds for you. Oh woe! You want to send your users with messages that you think are legitimate (something they may disagree with)
Listen, retard - I run a heavily used auction site and trust me that people get mighty pissed off if they aren't getting their email notifications of new bids, being out-bid, lost passwords, lost usernames, closed auctions and whatever else. This isn't shit *I* think are legitimate. This is shit THEY DEPEND ON TO CONDUCT THEIR FUCKING AUCTIONS.
but do not want to be bothered with the inconvenience of putting up with your users asking you to participate in a spam rate-limiting mechanism or ask them to add you to their whitelist.
No - what I don't want is to be bothered with having to teach users how to use a whitelist and count on them to use it consistantly. I have enough trouble with users who don't realize their mailboxes are full and why mail from me is bouncing or why they aren't getting email when they couldn't spell their own email address correctly or why they aren't getting my email - when they are and it's just going into their spam folder because hotmail sucks ass - that's what I don't want to be bothered with.
It is possible to literally request cash from the spammers.
http://www.emailstamps.net
I use this and while I don't get a lot of spammers paying me, I also don't get spam because it also does a great job of figuring out which messages are spam and which ones aren't.
Unfortunately there isn't a Linux version available but there is one that does all the work before it reaches the e-mail server for companies and schools.
You might have a point if this scheme involved using money. In this case, however, the "payment" is a proof-of-work. The user is paying in CPU cycles "spent" to send the message.
Well, it'll make people want to upgrade their machines because they're so slow, when really they're just maintained improperly.
People who are frustrated by spam can use this system and it will work exactly as well as sticking your fingers in your ears and yelling "neener, neener!"
I'm not going to pay to send you email. You might not care about that because you don't know me, and assume you'll never want to hear from me. But what about the person you ran into at the bar last night and gave your email address to? Will THEY pay to send you mail? What have you lost by ignoring them?
What about the job offer from a company that decides that adding a micropayment to your already substantial requested hiring bonus is just insulting?
You see, it's not the general case that's scary, it's that 10,000th message that you drop on the floor that turns out to be REALLY important. This is who learning filters are ultimately the right solution. They will continue to improve, and spam is ultimately doomed in the face of such technology.
LOAF is a simple extension to email that lets you append your entire address book to outgoing mail message without compromising your privacy. Correspondents can use this information to prioritize their mail, and learn more about their social networks. The LOAF home page is at http://loaf.cantbedone.org.
No, it's not perfect. But not much is. People can and always will be able to spam. However, this measure does help. A lot.
:]) Heck, even mainstream outlets like CNN would be more likely to report on the issue if it's this obvious. Now, there will always be the utterly clueless who will continue to operate regardless. But there will be not be enough of them to provide the critical mass needed for spammers.
For starters, sending out 1/10 your E-Mail means you're no longer making a pile of money. Odds are, it will still be profitable. But that's not very motivating. Some spammers might not mind just running a few scripts to automate getting 1/10 of a pile money. However, the drop in profits will significantly ruin the market for spamming tools. If spammers no longer make a boatload, they're no longer going to pay a boatload for anonymailers, zombies, E-Mail lists, etc. Thus, people are going to be less motivated to code these damn things in the first place. That will make it a lot more difficult for those who actually want to spam to actually pull it off.
And with the more obvious symptoms of infection, more people will get it cleared up. And the more this happens, the more word will spread. Nobody educates a luser like another luser. (They at least speak a common language.
--LordPixie
Why can't they send out the messages via RSS or some simliar technology? You'd email your message to the list, & the list would RSS it to all the interested people. This has the advantage of letting people read without subscribing.
Seriously, does anybody know why this hasn't been done? I'm not an expert, so I wouldn't know of any limitations. I'm thinking of a cross between newsgroups & mailing lists.
testing out my trending skills
but sender-pay systems do NOT work. Most people are not going to use a pay service, period. The beauty of email is that it enables you to communicate with everyone, and the problems of email are that it enables you to communicate with everyone. Now one could say that the problems concerned with email are that it is too easily abused by scam artists and spammers -- well guess what, in the real world, there is a hell of a lot of perverse scam artists and spammers and if you want to communicate with the rest of the world you are sooner or later realize that it's crawling with them.
People in rural india, or anywhere else impoverished are not going to be able to afford fees to transmit their email, nevermind people without paypal/credit card/etc (ie most people), and this type of exclusion is exactly what is not needed in the world -- keep the internet free. If you must, hunt down spammers, and CRUCIFY them, but don't ruin the media as a whole. That would be letting the spammers win. Marketing scams and corporate brainwashing are more successful when you don't have 5 billion other people to compare notes with.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
testing out my trending skills
Didn't RTFWS, assumes sender-pays means money instead of a few seconds of compute time, after numerous intervening posts pointed this out.
And that's "Insightful?"
It's addressed if you wuold take the time to look.
From the website:
How do you deal with large-scale legitimate mail sources (i.e. mailing lists, mail houses, etc.)?
There are two issues here. Mailing lists don't really have a good solution with the first generation of stamps. The traffic mailing lists generate is fundamentally indistinguishable from spammers, therefore whatever hurts spammers will hurt mailing lists. The answer for right now is to not do anything with mailing lists. Let them send unstamped mail and let the user whitelist mailing lists or deal with the trapped message issue manually.
He's all for destroying citizens' personal computers as well if they do naughty things like swap copyrighted materials. Link
> What if it was made illegal to intentionally misspell words with the goal of circumventing content filters?
If it was made illegal to unintentionally misspell words for any reason, perhaps more people would learn to spell, and eventually the average human IQ would rise to the level where idiot spammers would cease to exist.
when I signed up with my ISP they advertised '5 email accounts' with my internet connection. Haven't I already paid for my email?
... set up a sender verification blocker? Just send back emails coming from unknown senders and let them verify that their accounts actually exist, and, maybe, that they are humans.
I find it pretty poor that no standard mail app supports such a thing.
I make no money off of my site and I can't afford to spend any money sending email
The proposal has NOTHING to do with money. If you read the site carefully, you'll see that it is about using computational power, not your hard-earned cash.
anybody that is new to you gets a very anti-social message about not accepting your mail till you do something wierd
Two things:
Better yet, a third idea:
Someone is doing something illegal lets charge them for doing it
You missed the point. The point is that a fine bit of social engineering will occur - people who are sending "reasonable" volumes of email will do the computation once. People who are trying to shitcan the internet as we know it to make a fast buck and support their crack cocaine habits, well, it just got all that harder to do so. Let's put it in perspective with a crappy example (sorry that it's a bad example). Let's say I run a red light. Illegal, yes, and I get a fine for it. I pay the fine, and promise not to do it again (that is to say, I pay my initial postage, and now that I've done so, it's no longer an issue). Now here's Mr. "Ima FreeRide" (aka spammer), but he has a whole fsck'd fleet of trucks, hundreds of them, some of them are even triple-trailer, and he wants to run all of them at 100 mph through the same red light all at once. Well, that's a really BIG fine, and unless Ima FreeRide can afford that big a fee, it's not in Ima's interest to even try. But what will really happen is that Ima FreeRide will completely ignore that intersection (ie. the spammer never will see the notice because they are forging the header address better than 80% of the time, therefore the spammer will not receive the correct link to obtain the postage they need), so he'll go off to some other road and try there instead. But wait, there's more! Let's say that Ima is a real asshat, and decides that he's gonna run the light anyways. Now the local sherrif gets involved, and sets up a trap at the light and starts directing traffic one at a time - in a very slow fashion - to the point where Ima doesn't want to try anymore (ie the spammer tries to get through anyways, but the computational time to send 250,000 messages slows everything to a crawl). Let's go even further - Ima is not only an asshat, he's a crafty asshat. He's figured out a way to run the light. Guess what? On the other side is both a photo radar van and three motorcycle cops, waiting for him (ie. even if the tokens could be for
Ok, spam is bad. Why do we have spam because someone profits. As long as there is profit there is spam. Spammers will work out ways around these clever schemes as we see can with all those zombie relays. The way to get the spammer is where he is vulnerable, like a kidnapper, he has to show up to collect his money. Place a tax of 99% on all spam transactions payable by the seller. How to know if a given transaction is a spam transaction, require the buyer to report all spam buys. If they don't report it they are liable for the tax plus penalty. Reward the first reporter of a spam buy with 5% of the amount collected from unreported buyers. This is fighting greed with greed. The government gets a nice new revnue stream for awhile. Want makes this easy is that most of these transactions need credit cards or other things which will leave a paper trail. This puts all the hassle on the buyer and the seller. Might be a good idea to allow credit card companies to charge extra fees on both ends to make up for their added burden.
Mailing lists don't really have a good solution with the first generation of stamps.
Now, spam has plagued us for HOW LONG? And this proposal to sender pays has only recently been seriously considered till WHEN? And HOW LONG would it take for the Second Generation of stamps to work? And when Spammers figure out some loophole (graciously provided by the Borg in Redmond) that gets them around stamps, this will benefit email lists HOW?
My point still stands and your criticism self refutes by the very quote you use to "bolster" your argument when viewed in historical context.
Face it: sender pays sucks, and will only prove to be more of a headache than spam. Spam is powerless against the delete key, just as my recycle bin cheerfully eats all my unopened junk mail. To really stop spam, you have to stop spammers.
What doesn't suck is not only catching and procesuting spammers, but putting them in prison. Not some cushy prison in Denmark, but some hellhole like BanglaDesh or Botswana. It's an international crime and it deserves an international punishement.
RS
Shoes for Industry. Shoes for the Dead.
Next!
Long live spimming...
I love C++
The first logical step is to eliminate the zombies. There has got to be some way to do this, but here is what it requires: a more secure OS. So, it's probably not going to happen.
The second logical step is to trace back where the spam is originating from and at least try to, in some way, utilizing due process, hold people accountable for it. Of course there is no point in doing this until we have more secure OS's that won't act like zombies.
So, first, eliminate the zombies, then, once that is done (probably never), hold people accountable, or notify them, or send out warning that they will get blackholed or something - because if you get rid of the zombies, then anyone sending spam will be easier to track down, even if it is a webhost or something like that.
This is another hair-brained scheme that I can already see problems with.
JUST SUE THE PEOPLE WHO HIRE THE SPAMMERS, BIG TIME!
Drying up the demand mean that they don't make money. Not making money means that they don't bother spamming.
What they want is $$$.
Take away their market buy making it no longer cosat effective, by passing laws that will sue the pants off of anybody that send you Spam. And don't worry about borders. You can BUY the border agreement with a percent of the fines.
Its simple economics. Supply and demand. As long as there is a demand, these schmucks will supply.
Tony Sopranos may be immune but his customers are supposed to be legitimate businessmen... You can't sell squat when every Spam you send can get you X thousands in fines levied against you, in every jurisdiction and with every offense.
And NOBODY is going to bve AGAINST this law. (If they are, they're suspect...)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
As the Frequently Raised Objections list, the Overview, and several comments here have pointed out: to make mail lists work, the lists need to be added the receivers' whitelists. That seems like it would work. But what's to prevent spammers from simply forging From addresses for all of the most popular mailing lists?
The number of "Interesting" and "Insightful" comments from folks that obviously didn't RTFA is really infuriating. Makes finding the worthwhile comments harder to find. Kind of like looking for the ham that got misclassified as spam. I guess even human classifiers are flawed.
This spam-related article is comprised of:
[ ] A "solution" to the spam problem! (w00t)
[ ] Theoretical "feel good" story of spammers having a bad day.
[ ] A successful astroturfing of an impractical 'solution' developed by a company who will basically profit from spam.
[ ] Promotion of the application of borrowing a paradigm from one industry that really doesn't apply to another (see also: "apples and oranges")
[ ] Another anti-spam solution which does nothing to address the real problem of spam, mainly involving violation of existing laws, computer tampering, bandwidth and resource exploitation.
[ ] The promotion of a new 'system' to fix the problem which basically involves re-writing all the old systems and only works if everybody uses it.
[ ] Yet another flavor of whitelisting, but this time it's different! This time a proprietary company will assure us their particular brand of whitelisting will be fair and superior!
[x] All of the above
If the e-mail is deceptive, the California law still applies.
Fight Spammers!
You may be an anti-spam kook if...
Click Here, it's funny in the so-true-it's-sad way
testing out my trending skills
I did a bit of reading on this a month or so back on hashcash and computational postage. Microsoft seems to have it right on this one with their Pennyblack project: Choose a computational postage that is memory-intensive to compute. The theory is that memory bandwidth is relatively constant, even across otherwise disparate systems. If the computation is limited by memory bandwidth rather than CPU speed, then you bring some equality between systems with vastly different CPU speeds.
Number one spammer will infect other users with a back door program and spam from other people accounts. The system is good but still flawed I would not like haveing a huge bill to pay.
Note they say money is the root of all evil. In this case it is true.
Gobal law passed at the UN making unasked for spam a break of internatal law and must be punshed by either the death or the equal under the country law.
Also make funding spammers attacked at the same level. I can bet that it would be just a few months for the money sources to dryup.
Note NO money to spammers no spammers. What happens with this system if the day comes that there are no spammers they may create some to keep there customers. The best fix is law and enforcement.
Ok, spammers don't have as much distributed processing power as a group like SETI does, but they still have a lot. All from stupid Windows users that don't use a firewall and click yes to everything they see.
Go to hell and eat shit!!!
Simple, the phone is essetialy 'sender pays' but the cost of calling is less than the benefits of calling so....
Sender pays WILL NOT end spam at all
NO SIG
What's seriously wrong with all this anti-spam is that is doesn't go after the real economics of spam: who pays. Somebody is paying for the spamming,and we know exactly who. It is prominently displayed in every item of spamail. It is the advertiser. And the advertiser is right there out in the open, easy to locate. If they're not, the spam isn't doing its job, and wouldn't have been sent. But easy to locate means easy to go after, easy to sue, to fine, DoS or whatever. Dinging the advertisers, and dinging them hard, will instantly put the spammers out of business. To draw an [ugly, graphic] picture: a dog comes and poops on my sidewalk. Yelling at the dog is going to be only moderately successfull, building a poop filter is difficult, messy, and leaky. Following the dog's leash and fining the owner is what works. The owner doesn't bring the dog back since s/he doesn't want to pay the fine. No owner, no dog, no spam. Get the owner.
The problem with the law is that you cannot punish one person for the acts of another unless you can demonstrate an agreement (tacit or otherwise) between them or there existed special conditions where one party was responsible for the acts of the other (employer/employee, etc.) Think about the flip side: if I wanted to bankrupt MS, I'd spam everyone promoting MS Office, and then watch as MS gets blotted into oblivion. Sure, that might be cool, but what if someone sends an e-mail on behalf of GAIM or their software competitors?
A NYC lawyer blogs. http://www.chuangblog.com/
*puts on innocent look* are we to pay a corporation money to let us send and receive spam free mail? Is it really THAT important? No it isnt, we should simply be going after the organizations who are sending the spam, not giving them more of a reason to spam us with more volumes of mail. To be honest I just use SpamAssassin to kill the spam mail. If I get spam anyways I blacklist it in spamassassin and go on. Its beginning to trickle down to 0-1 spam messages a day, 15 useless messages from annoying people, and 2-3 useful messages. Now if only we had a DumbAssassin which would get rid of the annoying people pestering me all the time.
-Rights? What rights?
most ISP's already transparently proxy http traffic for dialup/(a)dsl/cable/etc dynamic type accounts, They should do the same for smtp traffic, and apply spam and virus filters.
They only need to do this for there own customers, this is a make sense idea, and would stop both mail and spam from infected/hacked computers a thing of a past, the same goes for businesses.
And yes, I already do this at my own workplace, it made sense to me to do this, because the filtering software meant I also found out what computer on my network were infected and I was able to do something about it before someone complained about it.
"...hybrid sender-pays anti-spam system."
I'm waiting for the sender-bursts-into-flames system.
i should add, I mean they should do this for out going smtp traffic.
Sender-pays systems guarantee no false positives for people who are willing to work within the system.
Even if you are willing to work within the system, how can we get the critical mass to work within it as well?
Many people think that bankrupting any mailing list which they haven't whitelisted is a good thing.
One problem is that the currently most popular Internet e-mail user agents don't make it easy to do all of the following:
Spam is powerless against the delete key
Wrong in two ways:
Just send back emails coming from unknown senders and let them verify that their accounts actually exist, and, maybe, that they are humans.
According to this writeup, CAPTCHA tests 1. are patented in at least one important jurisdiction, and 2. discriminate against persons with disabilities in violation of anti-discrimination laws such as the so-called Section 508 in the USA.
The CAMRAM folks don't like identity mechanisms, because there are huge risks to privacy, risks of government abuse of power, and risks of spammers cracking them. On the other hand, digital signatures burn CPU (though it's not bad if you can do just one signature per message multicast to the list.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
otherwise, they are probably someone I wouldn't know...like a spammer
Or perhaps somebody who wants to purchase goods or services that you offer in the course of your business, or somebody contacting you for technical support on a good or service that you have already provided.
The CLIENT has to do the computation that is expensive
How does this scale to those who use mail user agents running on mobile devices with a processor that runs at 16 MHz in order to drain less current? And what if such users are prospective clients?
And what if no hashcash-capable MUA is available for a particular hardware+OS combination? And what about people who do not own their own computers and thus cannot control which MUA they use?
The problem I see with this is Moore's Law. Sure you can make a stamp that is computationally expensive now, but if 5 years it'll be dirt cheap. It seems like a bad idea to design a system that is going to require constant updates if we can avoid it.
I think I would much rather see a system where the sender of an e-mail pays a penny to the receiver. That way it would cost $100,000/msg to send spam to 10 million people, but for the average user it would work out about even. Just a few pennies added to or deducted from your monthly internet access bill. Such a system could support white lists just as easily as the suggested system and it would be extremely easy for a corporation to make all internal mail free as they are supplying the e-mail address to both the sender and receiver and thus responsible for billing them.
Heck, people would be paid to use AOL given the amount of spam those addresses receive....
It's obviously a bad idea to build a system that only lets a reasonable machine send 10 messages per day - probably even 100 per day is too low, depending on your applications. 1000 is usually fine. It turns out that there are calculations that scale based on memory speed rather than CPU speed, so there's a much lower spread between the slowest non-palmtops and the fastest CPUs out there (like 4:1 rather than 20:1). But even if each zombie can send out 10,000 messages/day instead of 10,000,000, that slows them down enough that you can detect them and kill them (or at least blacklist them...)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I think that if SPF would get implemented it would remove all Spoofed spam. And for those spammers who source from real domains they own and can setup SPF records for use Black lists. like RBL
This system isn't making senders of email pay cash. It's making them burn CPU time, which isn't a problem if you're a real human sending out mail at the rates that real humans do, but it's a speed limit on the rate that spammers can send mail (e.g. 10 seconds per message means you can only send 8640 spams/day instead of 8 million.) This is a bit of an annoyance, but unless you're running a mailing list, it's not a big problem, and there are separate methods for handling mailing lists (if you want to subscribe to a list, you need to whitelist the list.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The last bit of the original post reads, "It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?" The ultimate irony woulda been if the ad JUST BELOW this post had been for Pfizer. It's just slightly less ironic that the ad was for....MICROSOFT!
That's the problem I see. It's a cool hack but not of any real value in stopping spam as we know it, and with a very real potential to make life more annoying through constant dropping of email.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I went to the site and clicked on Download. When I was informed that the software was going to download AND install, I decided to hell with it. I like to reflect on downloaded stuff before I actually install it.
... if I can find the URL again.
Maybe if someone reports back good experience rather than conjectures, maybe I'll reconsider
To start with, I think this idea *seems* brilliant at the moment, but like all other systems it will need a few million people to start poking it and trying to break it to prove that it cannot be broken.
What I am concerned about is the extra traffic that all of this is going to produce. As I understand it-
A Spammer sends a large number of unstamped mail. Some of the recipients acccept the mail and it goes straight into their inbox, other send a request back asking for proof of work.
Can you require this proof of work from senders who are not using Camram? If not, then what will happen to requests for proof of work that a sender cannot perform?
If proof of work can be performed by anyone, what is stop a spammer from bombarding users using Camram with hundreds of thousands of requests for proof of work, effectivley diluting the system and significantly increasing the amount of network traffic on the internet as a whole?
If a legimate proof of work request is sent and then acknowledged, than does this not increase the amount of traffic required for one Email to thrice what it is already? While not a significant problem, combined with other systems being implemented on the internet which are less than efficient and with the number of 'high volume' users of the internet increasing. Could this eventually lead to a very messy, inefficient, inelegant and generally debilitated network?
prolly to late for anyone to read, but:
is this the end of (free) webmail??
i cant imagine any company willing to sponsor a bunch of freeloaders taking up all the compute time necessary for this plan. i love the plan, but this is a pretty obvious issue.
And whereas this PC could send ten million messages a day previously by "chugging away", it can now only send ten thousand, due to the extra CPU time required. If it does not perform the required calculation for each email, the email is dropped before it ever reaches the eyeballs of a potential customer.
Result: Sent spam drops to one thousandth of its previous amount.
Result: People who received a thousand spams a day now receive one. The "just hit delete" option becomes valid for the first time in a decade.
Result: Profit levels per PC on spam drop. If a PC could generate $10,000 a month before, it can only generate $10 a month now. You can buy more PCs, of course, but each of them will only generate $10 per month.
Result: Spammers stop shelling out thousands of dollars for spamming hardware and software, because they can't afford it.
Result: Spammers rely more on armies of zombie machines.
Result: The zombie armies are also crippled and can only generate 1/1000 of the spam they used to.
Result: Anything else running on the zombie PCs is slowed to hell and back.
Result: Owners of the PCs get them checked out, or don't use the PC (keeping it switched off), or throw the PC away.
Result: Less spam.
If you really wanted to pick holes in the argument, try these:
1) How will the receiving PC know if the answer generated by a spamming PC is correct? Does the receiving PC have a bunch of pre-generated questions and answers? If so, does it generate them itself, and when? Will the 'questions' be random enough so that spambots can't pregenerate answers?
2) Will older PCs which have just enough pep to connect to the net be able to handle sending mail?
3) Is Microsoft likely to code this functionality into Outlook Express?
4) How will compatibility with older mail systems be handled so that the majority of the world's mail-using knuckle-draggers won't have to make any changes to their MUA for the next ten years?
I'm not sure the moderator had read the article title, called "Impoverish a spammer today"...
Actually there are some people who pay to have me see advertising... They pay newspapers, TVs, websites to show me their wares...
If this scheme goes, I can get money to reveive spam... which is a good tradeoff for me, as for once I get some money, instead of just losing bandwith/time...
In Sweden, there are even phone companies that pays you when you receive calls on your cell phone...
So, mister mod, why troll ?
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker