Slashdot Mirror
Impoverish a Spammer Today
esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"
RTFA, it handles mailing lists fine. You whitelist the sender and then they don't need to stamp the mail.
The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.
I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.
The FAQ says that there is a white list. I assume from reading it that it means that they do not have to pay.
They have a page with Frequently Raised Objections. Now I've made redundant 40% of the remaining posts to this article.
Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
Why is this a problem? If what you are expected to pay depends on volume then it means that a non-spammer who only sends a few emails a day will have almost nothing to pay while a spammer will be unable to afford the work required to send thousands of emails. Since this is based upon proof of work and not an actual monetary amount, it will not be a cost that is difficult to bear.
Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."
Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.
You will have to change your signup mechanism to notify the user that they have to add you to the whitelist, and you will need to change the list admin email to first send a message to a user reminding them of this fact and only after they reply to this standard response to all complaints message will the message filter up to your mailbox. This is a couple of hours of coding for anyone maintaining a mailing list package.
READ THE PROPOSAL FIRST PLEASE!
This is not asking you to spend money, it is asking you to perform a proof of work. This is hashcash, not real money.
I'm reading TFA and it states quite clearly "Mailing lists don't really have a good solution"
The algorithm appears to be:
Does it have a stamp? If so, add to white list and PASS
Is it on the white list? If so, PASS
Does it pass a CRM114 check? If so, PASS
Otherwise, FAIL.
The information is on the configuration page. It ought, I think, to be in their FAQ.
You are not alone. This is not normal. None of this is normal.