Slashdot Mirror

← Back to Stories (view on slashdot.org)

Impoverish a Spammer Today

Posted by michael on from the lose-money-fast dept.

esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"

32 of 343 comments (clear)

  1. When do I get a shock-the-spammer protcol? by gevmage · · Score: 5, Insightful
    An interesting concept. Stamping of the mail is computationally intensive, verifying it isn't. I think that it's impressive for something that's calling itself an 0.3 version.

    This could really change the way e-mail is distributed.

    --
    Craig Steffen
    http://www.craigsteffen.net
  2. What happens... by BaltoAaron · · Score: 4, Insightful

    What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.

    --
    "We all know that Crap is King" - Don Henley
    1. Re:What happens... by Dark+Paladin · · Score: 4, Informative

      According to the FAQ, the calculations are that even with the number of "zombie" machines out there, there still isn't enough processing power to generate all of the necessary "stamps" - or at least it's enough to reduce the time.

      If nothing else, at least it's something, right?

      --
      52 Weeks, 52 Religions with John Hummel
    2. Re:What happens... by Jim+McCoy · · Score: 4, Interesting

      Others have mentioned that this will make it easier for the user to notice that their PC has been hijacked, but another side-effect is that it will perform a rate-limiting service on that zombie. If each zombie can only send 100 messages an hour instead of 100,000 then that is another important benefit.

  3. One Idea by th1ckasabr1ck · · Score: 5, Insightful
    One thing they should look towards doing is maybe circumventing the payment if you are sending to someone else in the same domain. Then businesses wouldn't have to pay for all internal e-mail.

    Or maybe businesses should find a new way to communicate internally?

  4. Impoverished or not by darth_MALL · · Score: 5, Funny

    they should be able to survive just fine according to the SPAM nutrition fact sheet

  5. 30% Larger! by Anonymous Coward · · Score: 5, Funny

    why replace Viagra ads from a scam artist with Viagra ads from Pfizer?

    Because I only trust my penis to professionals.

    1. Re:30% Larger! by RAMMS+EIN · · Score: 4, Funny

      ``Because I only trust my penis to professionals.''

      Meaning you only put it in people who charge for it? :p

      --
      Please correct me if I got my facts wrong.
    2. Re:30% Larger! by azaris · · Score: 4, Funny

      Because I only trust my penis to professionals.

      You know you can put it in the hands of your lawyer, but it won't stand up in court.

  6. Re:Two Words by skiflyer · · Score: 5, Informative

    RTFA, it handles mailing lists fine. You whitelist the sender and then they don't need to stamp the mail.

    The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.

    I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.

  7. Re:The problem is... by The0retical · · Score: 5, Informative

    The FAQ says that there is a white list. I assume from reading it that it means that they do not have to pay.

  8. The California law is a sender pay system by www.sorehands.com · · Score: 4, Insightful
    Under the California law, if you send spam, you can be sued for $1000 per spam. That is a spam sender pay system, if I have ever seen one.

    It is just bush and the other idiots who signed the federal law, killed it and made it a recipient suffers system.

    --
    Fight Spammers!
  9. Re:The problem is... by kramer · · Score: 4, Insightful

    Yes, but the point of this is making to make it trivial to send 50 or so e-mails a day, while making it prohibitively expensive in computation costs to send 50 million emails a day.

    If it takes 3 seconds per e-mail, the average user won't notice the addition, but the average spammer will have to spend 1700 hours computing stamps to send his 50 million emails.

  10. I will save you one step... by TuringTest · · Score: 5, Informative

    They have a page with Frequently Raised Objections. Now I've made redundant 40% of the remaining posts to this article.

    --
    Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
  11. There is no problem here. by Jim+McCoy · · Score: 5, Informative

    Why is this a problem? If what you are expected to pay depends on volume then it means that a non-spammer who only sends a few emails a day will have almost nothing to pay while a spammer will be unable to afford the work required to send thousands of emails. Since this is based upon proof of work and not an actual monetary amount, it will not be a cost that is difficult to bear.

    Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."

    Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.

  12. Re:The problem is... by Kenja · · Score: 5, Interesting

    I dont consider a white list to be a "good" method. For one thing, most spam I get is claiming to be from a known source (ie someone who knows me has a worm and is spamming from their address book). So you cant just filter by sender. Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  13. ok... I need to know if this will work or not by strictnein · · Score: 4, Funny

    where is that big form listing why it will not?

    --
    Casual Games/Downloads
  14. Re:Hobbiests by Jim+McCoy · · Score: 5, Informative

    You will have to change your signup mechanism to notify the user that they have to add you to the whitelist, and you will need to change the list admin email to first send a message to a user reminding them of this fact and only after they reply to this standard response to all complaints message will the message filter up to your mailbox. This is a couple of hours of coding for anyone maintaining a mailing list package.

    READ THE PROPOSAL FIRST PLEASE!

    This is not asking you to spend money, it is asking you to perform a proof of work. This is hashcash, not real money.

  15. Hahahah, I love it ! by LordPixie · · Score: 4, Funny

    From Camran's FRO

    One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue.

    You just have to love a product that has the potential to toast a clueless luser's computer. I would be more than happy to shell out good money for software that has "Makes PC's burst into flames" listed as one of the features. And this stuff is Free !


    --LordPixie

  16. They claim... by TamMan2000 · · Score: 4, Insightful

    On their site they address zombie machines. They claim that users of zombies would be more likely to notice the infection if it sucked up all their CPU and made their systems run hot...

    I somehow doubt that.

    But what I can't disagree with, is that getting the same amount of spam sent as they currently are, would take many (orders of magnitude) more zombies. They claim on their site that if you maxed out every known zombie you couldn't generate stamps fast enought to send spam at the current rates.

    This could be a step in the right direction, but I am worried about many issues for a sender pays system.

    --
    "I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
  17. Re:The problem is... by the_mad_poster · · Score: 5, Insightful

    Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines.

    sender pays stamping is a decent solution to spam, but it's not any solution to stupid lusers.

    The solution to the luser problem is:

    • Education for the naive luser.
    • Network quarantine for the lazy luser
    • Criminal (or civil) penalties for the malicious luser.

    People need to stop objecting to spam solutions based on the existance of other problems. Sender pays stamping doesn't stop viruses and trojans because it's not supposed to, other systems like firewalls, patches, and anti virus tools are supposed to. Rather than complaining that spam solutions don't solve the malware problem, we ought to be educating people on how to use these things and working on improving them.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  18. Re:Two Words by Anonymous Coward · · Score: 5, Informative

    RTFA, it handles mailing lists fine.

    I'm reading TFA and it states quite clearly "Mailing lists don't really have a good solution"

  19. Read the website! by jschottm · · Score: 4, Informative

    This is a calculation based stamp, not anything financial. It's not going to cost anything. It allows for white-listing on a per user basis that exempts senders from the stamp requirement. Therefore, if you wanted to get on a mailing list, you'd add them to your white-list. Yes, it's an extra step, but what's one extra step when you sign onto a mailing list compared to having to dig through hundreds of spam messages a day?

    Have some (slightly out of date) documentation:
    One section
    Another section

  20. RTF-FRO ! by LordPixie · · Score: 4, Informative

    Ripped right from their website's Frequently Raised Objections:

    If anybody can generate a stamp, what is to stop a spammer from generating stamps?
    Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases.     "

    And....

    The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
    [all emphasis theirs]

    It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?


    --LordPixie

  21. simple by TamMan2000 · · Score: 4, Informative

    Require your users to whitelist your address, and then don't stamp your messages.

    --
    "I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
  22. Proof of work for complete idiots by Jim+McCoy · · Score: 4, Insightful

    Did you even read the proposal? I ask because both your original post and your response the the first reply iindicate that you still have no idea how this works, even after someone has been kind enough to save you from your own laziness and point out this proposal is not talking about a montary transation.

    So, for your benefit, here is the "proof of work for complete idiots" version:

    -You send your spam. Each recipient asks you to perform a proof of work, a mathematical problem that requires some CPU cycles.
    -Your CPU starts chugging away at the requests and eventually performs all of the required proof of work.
    -Your system responds to the proof of work request and the message is delivered.
    -Your spam to your users is delivered, but not instantly because several hours of CPU work were required.
    -Cost to you: nothing except a bit of electricity to keep your CPU chugging.

  23. Re:The problem is... by loxosceles · · Score: 4, Insightful

    It doesn't matter whether spammers hijack others' machines or not. proof-of-work stamps will still reduce the amount of spam. Without PoW stamps, a spammer with the same number of machines will be able to send an order of magnitude more spam.

    Proof of Work stamps don't magically give spammers a horde of zombie machines to spam with. They have those machines whether or not real people use stamps.

  24. Re:The problem is... by brunes69 · · Score: 4, Informative

    Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.

    Er, if an "online retial outlet" is sending me email I did not sign up for, then that is SPAM and is exactly the thing this is supposed to prevent!.

    If you *do* want email from a certain company, and you signed up for it, then you should add that domain/email to your white list. Simple as that.

  25. Re:Hobbiests by NoMoreNicksLeft · · Score: 4, Interesting

    So the next spam zombie worm will just whitelist everyone?

  26. Re:Hey Clueless !! by squiggleslash · · Score: 4, Informative
    Actually, much as I find this checklist amusing, in this case I think most of your checkboxes are misplaced.

    The first is semicorrect, but remember the system falls back to whitelisting and CRM114 if an email arrives without a stamp. You can always whitelist mailing lists even if you feel confident enough to turn off the CRM114.

    (x) It is defenseless against brute force attacks
    Yes, but to perform a useful brute force attack, from the point of view of a spammer, you'd need to hijack more computers than exist on Earth.
    (x) Users of email will not put up with it
    Again this goes back to the fall-back. This is a "only if both parties choose to play will they benefit, and if one chooses not to they lose nothing" scheme. So users of email will put up with it.
    (x) Requires immediate total cooperation from everybody at once
    No it doesn't. Again, players benefit, those who opt out lose nothing, they end up back with their sent emails screened by users with whitelists and CRM114, which is no different to the situation right now.
    (x) Many email users cannot afford to lose business or alienate potential employers
    Again...
    (x) Lack of centrally controlling authority for email
    Doesn't require a centrally controlling authority. In fact, this is touted by the proposal's proponents as being one advantage it has over the stupid identity verification systems proposed by anti-spam zealots.
    (x) Unpopularity of weird new taxes
    This proposal has nothing to do with taxes.
    (x) Public reluctance to accept weird new forms of money
    No money is sent. Look, it's quite simple. You have an email client that, on sending email to someone for the first time from a particular email addresses, generates a "stamp" which is computationally difficult to generate - ie it'll take some time. There's no money involved, except in that people wanting to send huge amounts of email may - may mind you, not will, depending on how they send the email - have to invest a few billion in Apple twin G5s.
    (x) Dishonesty on the part of spammers themselves
    No, spammers can be as dishonest as they wish. They'll have to be unbelievably smart to get around this.
    (x) Blacklists suck
    What blacklists?
    (x) Sending email should be free
    It still will be.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    I think this is a remarkable idea, and is the first rational anti-spam system I've seen proposed for a while. It solves the false-positive problems inherent in AI filters like Bayesian and CRM114. It doesn't hurt innocent parties. It's interesting, I'd like to see more analysis but I think it actually has a chance of working.

    Which presumably means the anti-spam zealots will fight it with all they can muster...

    --
    You are not alone. This is not normal. None of this is normal.
  27. Re:The problem is... by njcoder · · Score: 4, Funny
    For those of us that relly on people we don't know contacting us via email to inquire about new business... this doesn't make sense. There shouldn't be a fee for email or any other hoops that might confuse legitimate email senders. Last thing I want is missing a big contract because someone forgot to fill up their email payment reserves or couldn't make out the mangled letters in the image.

    What needs to be done is to go after the spammers directly. Can you imagine the law enforcement coming up with a plan to fight drugs that involved making crack vials and little ziplock bags cost $5 each. Sure the people that buy them for legitimate reasons can register for a discount or their volume is so small it doesn't make a difference. Does this make sense? This is not a problem that will be solved with technology. Laws have to change and they need to be enforced.

    Legitimate bulk emailers, isps, large corporations and the govt should do something about it. It's gotten insane.

    --
    Open Source Java DAO Generator
  28. Re:SImple... but annoying by squiggleslash · · Score: 5, Informative
    That's actually what this system does.

    The algorithm appears to be:

    Does it have a stamp? If so, add to white list and PASS
    Is it on the white list? If so, PASS
    Does it pass a CRM114 check? If so, PASS
    Otherwise, FAIL.

    The information is on the configuration page. It ought, I think, to be in their FAQ.

    --
    You are not alone. This is not normal. None of this is normal.