Slashdot Mirror
Impoverish a Spammer Today
esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"
This could really change the way e-mail is distributed.
Craig Steffen
http://www.craigsteffen.net
What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.
"We all know that Crap is King" - Don Henley
Or maybe businesses should find a new way to communicate internally?
It is just bush and the other idiots who signed the federal law, killed it and made it a recipient suffers system.
Fight Spammers!
Yes, but the point of this is making to make it trivial to send 50 or so e-mails a day, while making it prohibitively expensive in computation costs to send 50 million emails a day.
If it takes 3 seconds per e-mail, the average user won't notice the addition, but the average spammer will have to spend 1700 hours computing stamps to send his 50 million emails.
who is sending the spam. It's the million zillion drones he's gotten infected with the latest Windows virus.
So making a cost for sending spam doesn't help computationally or otherwise, because he's not even sending the spam anymore.
-JDF
Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines. This might slow down the overall flow of spam some as the total computational time available is certainly less than the total bandwidth available if the computation function is tuned that way but it's not going to eliminate spam at all.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
On their site they address zombie machines. They claim that users of zombies would be more likely to notice the infection if it sucked up all their CPU and made their systems run hot...
I somehow doubt that.
But what I can't disagree with, is that getting the same amount of spam sent as they currently are, would take many (orders of magnitude) more zombies. They claim on their site that if you maxed out every known zombie you couldn't generate stamps fast enought to send spam at the current rates.
This could be a step in the right direction, but I am worried about many issues for a sender pays system.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines.
sender pays stamping is a decent solution to spam, but it's not any solution to stupid lusers.
The solution to the luser problem is:
People need to stop objecting to spam solutions based on the existance of other problems. Sender pays stamping doesn't stop viruses and trojans because it's not supposed to, other systems like firewalls, patches, and anti virus tools are supposed to. Rather than complaining that spam solutions don't solve the malware problem, we ought to be educating people on how to use these things and working on improving them.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Did you even read the proposal? I ask because both your original post and your response the the first reply iindicate that you still have no idea how this works, even after someone has been kind enough to save you from your own laziness and point out this proposal is not talking about a montary transation.
So, for your benefit, here is the "proof of work for complete idiots" version:
-You send your spam. Each recipient asks you to perform a proof of work, a mathematical problem that requires some CPU cycles.
-Your CPU starts chugging away at the requests and eventually performs all of the required proof of work.
-Your system responds to the proof of work request and the message is delivered.
-Your spam to your users is delivered, but not instantly because several hours of CPU work were required.
-Cost to you: nothing except a bit of electricity to keep your CPU chugging.
What happens when a virus propagates that white lists the spammers? While every technology that rises for this problem will have some kind of solution, they will also have some kind of weakness.
Though, my hats off to whoever makes a overall good solution.
It doesn't matter whether spammers hijack others' machines or not. proof-of-work stamps will still reduce the amount of spam. Without PoW stamps, a spammer with the same number of machines will be able to send an order of magnitude more spam.
Proof of Work stamps don't magically give spammers a horde of zombie machines to spam with. They have those machines whether or not real people use stamps.
I suspect the goal of a program like this really is not to stop spam. The goal would be to increase the marginal return from the spam that gets sent and for the network to grab a piece of the action.
When someone is paying you, it is extremely difficult to make judgments on quality of the mail. I've seen lots of email lists and newsletters start with good intentions then devolve into a garbage fountain.
In the end the pay to send networks will take money from anyone.
The real goal of such schemes is simply to increase the marginal returns from the spam. As the amount of spam sent to open email accounts reaches astronomical proportions, I can't help but think that the amount of cash the spammers get per email is dropping. I can't help but think that the end goal of pay for spam is that by throwing a rich third party into the equation, they will increase their return.
All the people running 200 MHz mail servers are only going to be able to send 10 legitimate emails per day and spammers will hijack more unpatched 3 GHz machines and do distributed computations and send out more spam than ever that gets through because it's passed the computation test.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?
Except the design's still flawed: If I'm a spammer, I don't _care_ that your machine's only a zombie for a few hours, and I don't care that it can't send quite as much spam as it used to. The zombies are already sending multiple spams to each address; do you really think when you look through your spambox that there's really forty people who want to sell you viagra from their canadian pharmacy today alone?
So now, instead of sending 40 messages to each address I know about, I only have the computational horsepower to send 4. I'm still making piles of money. Indeed, since my viruses didn't tell me how many people they sent spam to, I'm obviously not billing by the message, anyhow, so my profits don't change.
And given that I was just talking to someone whose computer was infected by Sasser and rebooting every fifteen minutes who thought, "Gee, this really sucks, I wish there were something I could do about this lsass.exe message", I find the idea that people will notice their machine being slow and get them fixed questionable, as well.
FRO or no, I stand by my original message: The spammers don't care, because it's _your_ machine.
-JDF
If you *do* want email from a certain company, and you signed up for it, then you should add that domain/email to your white list. Simple as that.
I can think of no more annoying system than one that requires me to adjust some system every time I want an email confirmation from some company I am ordering from. What if you're at an art fair for example and fill out an email address on a card? I sure hope I remember to fill out that whitelist when i get home - if I even know where it's coming from!
What a way to twist the WWW and email into something unusable. Frankly I would far rather have what spam I do and filters than have to go somewhere every single time I need a new sender to be able to send to me.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Well, that's not really correct. The first new user is basically saying, "I will no longer accept mail from anybody who's not on my whitelist. Anybody who sends me legitimate mail and isn't on my whitelist will get a message back saying they can't e-mail me unless they install some weird, nonstandard, bleeding-edge piece of software, which they may or may not even have the option of doing, depending on who their mail service provider is."
Sender ID/SPF is already being widely adopted by ISPs, and once its adoption penetrates to the small-fry types like me (I still haven't been able to figure out how to enable it for my own domain :-), I think it'll really go a long way towards eliminating spam. The next step after that is Domain Keys, which involves digital signatures. These things are already under way, and I'm unconvinced that digital postage is even necessary at this point.
Find free books.
I DEPEND on several email lists, and the only way sender pays is if it is universal, and that would bankrupt the lists I'm on, having an extremely deleterious net effect on the free speech that the email lists of these extremely niche interests provide.
I think we simply need to throw more money at Interpol, getthem a "Spam Cop Agency" and make the punishments *severe* enough for spammers that it will snuff these asshats out of existence.
RS
Shoes for Industry. Shoes for the Dead.
we had with the major ISPs going to block peoples email/port 25 whatever if they are found to be spam spewers, there won't be as much of a problem with zombies. Enoughs enough, we need to treat people on the net as human beings with opposable thumbs and at least some level of adult competence. A small fee to access the net is not a license to be a clueless dingbat hoser forever and ever and a day. Just block zombiefied machines until they are verified fixed. If I got nailed, so be it, I expect to be blocked until it's cleaned up. I have zero problems with that.
And like they are doing with the latest windows/explorer exploit du juor, see where the spammers/recipients are making their profit, in this latest case sending the hijacked data to some russian place, all the carriers block that domain from any traffic, as much as possible, from this end anyway.
Fighting SPAM is no one silver bullet, but the combination of the techniques would probably work well enough. I'd go even further, if there are nations, or more accurately at least large domains and subnets that just refuse to cooperate, blacklist them.
We need the sane, adult, polite and responsible internet, it makes no sense to let the nutjobs,the crooks and the clueless hijack the entire internet and spoil it for everyone else. And if it doesn't happen voluntariily with normal users all the way to various corporations all cooperating, then sure as crap various governments will step in and censor and restrict hell out of it. I don't think we really want that second option.
Maybe email servers should operate like a DNS server instead of as a spooling server, providing a route to the recipient rather than actually sending the mail itself. Let the spooling and sending happen upstream at the sender's location.
The sender takes the full bandwidth penalty of sending every copy of their email because even an "open relay" doesn't equate to infinite bandwidth the way it does now.
I just found out there's no such thing as the real world. It's just a lie you've got to rise above. - John Mayer
The "stupid lusers" machines will become less usable with all that stamp generation going on. They will be more likely to notice they need help. They will also be more likely to become frustrated with the computer and stop using it (unfortunate but still reducing spam).
Bottom line: If anyone can send you a message without penalty or authorization there will be spam. You can't have it both ways.
No, it's not perfect. But not much is. People can and always will be able to spam. However, this measure does help. A lot.
:]) Heck, even mainstream outlets like CNN would be more likely to report on the issue if it's this obvious. Now, there will always be the utterly clueless who will continue to operate regardless. But there will be not be enough of them to provide the critical mass needed for spammers.
For starters, sending out 1/10 your E-Mail means you're no longer making a pile of money. Odds are, it will still be profitable. But that's not very motivating. Some spammers might not mind just running a few scripts to automate getting 1/10 of a pile money. However, the drop in profits will significantly ruin the market for spamming tools. If spammers no longer make a boatload, they're no longer going to pay a boatload for anonymailers, zombies, E-Mail lists, etc. Thus, people are going to be less motivated to code these damn things in the first place. That will make it a lot more difficult for those who actually want to spam to actually pull it off.
And with the more obvious symptoms of infection, more people will get it cleared up. And the more this happens, the more word will spread. Nobody educates a luser like another luser. (They at least speak a common language.
--LordPixie
I'm a spammer, I don't _care_ that your machine's only a zombie for a few hours...
/some/ people to fix them. And each zombie would send dramatically fewer spams.
Sure you do, there are only so many zombies out there, and you want to send millions of emails to profit off the tiny percentage of responses.
So now, instead of sending 40 messages to each address I know about, I only have the computational horsepower to send 4.
You are describing a 10-fold decrease in the volume of spam. That seems worthwhile. Also, it might be low. It might be much more than simply 10X more difficult to generate a stamp than to simply send an email.
Indeed, since my viruses didn't tell me how many people they sent spam to, I'm obviously not billing by the message, anyhow, so my profits don't change.
But you will also be getting fewer paying responses since responses are a percentage of spams sent.
If this scheme was widely adopted there would be fewer zombies because zombie machines would go from being a bit flaky to being downright unusable causing at least
FRO or no, I stand by my original message: The spammers don't care, because it's _your_ machine.
But in a sense it *is*. Zombies are a finite resource. They are bought and sold by spammers on a black market. Reducing supply will increase the price even as the need to generate stamps makes them less valuable. If the supply shrinks enough while the value plummets enough the economics utterly collapse making spam a losing proposition. Even if that doesn't happen there would be a sharp reduction in the volume of spam.
This is another hair-brained scheme that I can already see problems with.
JUST SUE THE PEOPLE WHO HIRE THE SPAMMERS, BIG TIME!
Drying up the demand mean that they don't make money. Not making money means that they don't bother spamming.
What they want is $$$.
Take away their market buy making it no longer cosat effective, by passing laws that will sue the pants off of anybody that send you Spam. And don't worry about borders. You can BUY the border agreement with a percent of the fines.
Its simple economics. Supply and demand. As long as there is a demand, these schmucks will supply.
Tony Sopranos may be immune but his customers are supposed to be legitimate businessmen... You can't sell squat when every Spam you send can get you X thousands in fines levied against you, in every jurisdiction and with every offense.
And NOBODY is going to bve AGAINST this law. (If they are, they're suspect...)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
You may be an anti-spam kook if...
Click Here, it's funny in the so-true-it's-sad way
In the *real world*, according to the US Uniform Commercial Code, if you order merchandise for delivery to your mail or street address, you are 'fair game' for the merchant to send flyers & pitches; and if you ordered the stuff, presumably you may want more, or similar stuff in the future. Why wouldn't you want to know when the merchant is having a sale & you can save some $$? I don't know of any legitimate marketers that would continue to send you flyers if you say you don't want them.
Why should it be any different online? As an internet marketer specializing in newsletters for small outdoor recreation-oriented merchants, I can tell you that most of my clients' readers are glad to recieve the merchant's newsletters, and we immediatly delete those readers who ask to be removed. The main problem(s) are caused by the (very few) folks to lazy to ask to be removed, but whom are more than happy report us as spammers; threaten lawsuits, or write their representatives asking for an act of Congress.
Some ISPs are pretty clueless too. For example, according to the US Department of the Interior, approximatly one third of the adult either hunts, fishes or both for recreation, spending an average of approximately $1800/year to do so. (This figure includes travel & lodging expenses.) That works out to approximatly $70 billion US/year; and about 35 million people. AOL is a large ISP, right? They love to block hunting & fishing newsletters! They say its spam; why? Because so many AOL subscribers get hunting & fishing newsletters--it must be spam! No joke! Ive talked to AOL people on the phone, and they just dont't get it! I say forget aboout the black lists--eventually the real' spammers will die out, leaving the legitimate marketers.
There is a big difference between 'crack' and 'spam'. Crack makes you feel very good and is addicting; spam annoys you and makes you want less. If drug dealers could mail every house in america for $5 they would get millions of people willing to pay $10 for the next one. If spamers had to pay to mail to every email account in america they would go broke instantly because they would get maybe 10 people who actually fall for their scam.
And you need to realize that this scheme DOES NOT STOP ANYONE from mailing you, all it does do is make them wait 5 or 10 seconds. Now how many people do you know that send so many emails a day that this becomes a problem? I am sure that there are some but not that many, so it should be easy to recognize them and make exceptions for just them and everyone else who does not send many will have no problem doing as they have always been doing.
And whereas this PC could send ten million messages a day previously by "chugging away", it can now only send ten thousand, due to the extra CPU time required. If it does not perform the required calculation for each email, the email is dropped before it ever reaches the eyeballs of a potential customer.
Result: Sent spam drops to one thousandth of its previous amount.
Result: People who received a thousand spams a day now receive one. The "just hit delete" option becomes valid for the first time in a decade.
Result: Profit levels per PC on spam drop. If a PC could generate $10,000 a month before, it can only generate $10 a month now. You can buy more PCs, of course, but each of them will only generate $10 per month.
Result: Spammers stop shelling out thousands of dollars for spamming hardware and software, because they can't afford it.
Result: Spammers rely more on armies of zombie machines.
Result: The zombie armies are also crippled and can only generate 1/1000 of the spam they used to.
Result: Anything else running on the zombie PCs is slowed to hell and back.
Result: Owners of the PCs get them checked out, or don't use the PC (keeping it switched off), or throw the PC away.
Result: Less spam.
If you really wanted to pick holes in the argument, try these:
1) How will the receiving PC know if the answer generated by a spamming PC is correct? Does the receiving PC have a bunch of pre-generated questions and answers? If so, does it generate them itself, and when? Will the 'questions' be random enough so that spambots can't pregenerate answers?
2) Will older PCs which have just enough pep to connect to the net be able to handle sending mail?
3) Is Microsoft likely to code this functionality into Outlook Express?
4) How will compatibility with older mail systems be handled so that the majority of the world's mail-using knuckle-draggers won't have to make any changes to their MUA for the next ten years?