Slashdot Mirror

← Back to Stories (view on slashdot.org)

Impoverish a Spammer Today

Posted by michael on from the lose-money-fast dept.

esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"

14 of 343 comments (clear)

  1. The problem is... by Kenja · · Score: 2, Interesting

    The problem is that I've seen no good way to stop non spammers from paying as well.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:The problem is... by Kenja · · Score: 5, Interesting

      I dont consider a white list to be a "good" method. For one thing, most spam I get is claiming to be from a known source (ie someone who knows me has a worm and is spamming from their address book). So you cant just filter by sender. Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    2. Re:The problem is... by GigsVT · · Score: 3, Interesting

      And how many messages does the Linux Kernel Mailing List send per day?

      You think large legitimate lists will count on everyone subscribing whitelisting the list correctly?

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    3. Re:The problem is... by jazmataz23 · · Score: 2, Interesting

      Interesting point, but the POW need not be done on the client. You can do it on the client, at the mail relay or even set up a dedicated computer to do the calculations. jaz

      --
      Death to Argument by Slogan!! (This post twice-encrypted with ROT-13. Replies not using same will be ignored)
    4. Re:The problem is... by BRSloth · · Score: 2, Interesting

      most spam I get is claiming to be from a known source (ie someone who knows me has a worm and is spamming from their address book)

      Even better! This will reduce the number of people that forget to fix their system. ISPs (there are ISPs involved? I didnt RTFA...) probably would give their customers a warning in the first time their budget gets too right due this kind of crap...

      Some people would never update their system if arent' forced to do it.

    5. Re:The problem is... by Felinoid · · Score: 2, Interesting

      For one thing, most spam I get is claiming to be from a known source (ie someone who knows me has a worm and is spamming from their address book)

      For now the term "malware" is probably the best for this topic.
      Today spammers use malware to send spam so the original source is a victom. I can see people forced to pay for other peoples spam.

      Also as much as there are whitelists there will always be someone who will implement this and refuse to put anyone on the whitelist forcing friends and famaly to pay for his own lazyness.

      I could even believe some ISPs tech support could "forget" to whitelist costummers (for example paid Linux users) or deside to not whitelist users of a given os for some impossably stupid reason.

      This topic came up before and I myself actually did suggest something like this on Slashdot.
      A number of insightful people pointed out just how bad my idea really was.
      They continue to be correct.

      --
      I don't actually exist.
  2. Re:What happens... by Jim+McCoy · · Score: 4, Interesting

    Others have mentioned that this will make it easier for the user to notice that their PC has been hijacked, but another side-effect is that it will perform a rate-limiting service on that zombie. If each zombie can only send 100 messages an hour instead of 100,000 then that is another important benefit.

  3. Standard Stamps by Roger_Wilco · · Score: 3, Interesting

    It seems to me that one should need only one stamp generator. I receive a payment request containing a message encrypted with a short private key, and as "postage" I need to decrypt the message and return it. As computers get faster, the key length used to encrypt the message gets longer. The receiver can thus decide how much postage is required.

    This way the stamp generator doesn't need to have any secret component, and could be written in any language. It could be part of the mail client.

  4. Could be a useful example of a token-based system by argent · · Score: 2, Interesting

    Like whitelists and keywords, this is a special case of a token-based system. Token-based systems depend on the sender performing some action that is, at the time they send it, sufficiently hard to predict, unusual, or onerous for a spammer to bother with it.

    For example, I have certain addresses that bypass my spam filter either partially or completely, and I have set up a scheme for my kids whereby a sender has to know a "magic word" to get in. Whitelists, of course, make the sender address the token.

    Right now, these are good enough.

    Spammers are beginning to respond to whitelists, though, and trying to guess sender names. It's only a matter of time before they start using the address books in their zombies to build up lists of probable whitelists, and start sending spam using pairs of addresses from the same address book the way viruses already are.

  5. Re:Hobbiests by NoMoreNicksLeft · · Score: 4, Interesting

    So the next spam zombie worm will just whitelist everyone?

  6. Many Major Flaws by Andy_R · · Score: 2, Interesting

    Not all devices will have enough computing power available. My grandmother has an Amstrad E-mailer. How long will it take the 4Mhz Z80 in there to generate a stamp? How about the cpu in my phone?

    From the Faq "You only generate a stamp the first time you mail someone." So when all 20 of the biggest spamhouses have generated a stamp for you, you are right back at square 1? Net cafes with changing clientelle pay a higher price than spammers? Forged headers cliaming to be from friends don't need a stamp?

    --
    A pizza of radius z and thickness a has a volume of pi z z a
  7. Worms by pmancini · · Score: 2, Interesting

    I agree - worms are the biggest problem with this scheme. You can't hold the spammer accountable because the spammer is most likely not even sending the spam but using millions of zombie machines.

    The best way to deal with the problem is follow the money then show up at 4am and stick a Glock in the face of the spammers and their family members. After they shit the bed give them the option to play nice or die anonymously. Harsh? Yes. But not quite as bad as prior reform methods such as the Pyramid of Skulls*. I may be biased, my computer system was compromised by trojans from those bastards last week and pretty much I am still pissed about it.

    * Historical note on the making decortive yet functional pyramid of skulls (taken, I shit you not, from kids.mapzones.com): 1258 Baghdad was conquered and sacked by Hulagu, grandson of the great Mongol conqueror Genghis Khan. Hulagu killed all the scholars in Baghdad and erected a pyramid from their skulls. He destroyed the elaborate irrigation system that the Abbasids had established. Iraq became a neglected frontier area ruled from the Mongol capital of Tabriz in Iran. In 1335 the last great Mongol ruler of this region died, and anarchy prevailed. The Turkic conqueror Tamerlane sacked Baghdad in 1401, again massacring many of its inhabitants. He, too, built a pyramid of skulls. Tamerlane's invasion and conquest marked the end of Baghdad's greatness.

  8. Re:When do I get a shock-the-spammer protcol? by robogun · · Score: 2, Interesting
    As an analogy, most airline travelers are "clean," too. But unfortunately, some people were not brought up quite right by their mommas. They would try to seize control and aim it at the nearest building if they got the chance.


    It may not seem fair to make everybody go thru a security checkpoint, just because of the actions of a few -- but you can bet your sweet ass it is necessary.


    As an aside, I would wager that the percentage of your messages that are actually read by the recipient goes up, after this protocol is put into place. Because for the simple fact that your legit messages will no longer be lost in the noise of illegitimate ones.

  9. What about RSS? by eugene+ts+wong · · Score: 2, Interesting

    Why can't they send out the messages via RSS or some simliar technology? You'd email your message to the list, & the list would RSS it to all the interested people. This has the advantage of letting people read without subscribing.

    Seriously, does anybody know why this hasn't been done? I'm not an expert, so I wouldn't know of any limitations. I'm thinking of a cross between newsgroups & mailing lists.

    --
    testing out my trending skills