Slashdot Mirror
Selling Your Attention to Spammers
Dotnaught writes "Can the free market stop spam where technology has failed? As described in InformationWeek, Professor Marshall Van Alstyne of Boston University School of Management has co-authored a soon-to-be-published paper that proposes an "attention bond" -- money put up by email senders that recipients collect only if they consider the message a waste of time. Supposedly, this market-based filter performs better than a perfect technology-based solution, with no false positives or negatives. A company called Vanquish already has a working model. Is selling one's attention the answer to spam?"
Your post advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
what? what I thought we were in the trust tree in the nest, were we not?
Like three or four years ago?
Technoli
I must be missing something...it seems like the same tactics spammers use to evade law enforcement today could be used to evade the imposition of this "attention bond mechanism".
____
~ |rip/\/\aster /\/\onkey
money put up by email senders that recipients collect only if they consider the message a waste of time
I get that already, it's called "my salary".
Trolling is a art,
I bill triple digits per hour (but still less than a phone sex operator at $4.99/min). Doctors and lawyers charge even more. Unsolicted messages are an uncompensable waste of time and a theft of network resources.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
Why is a spammer going to put up money when relaying through a zombie net or open relay is easy and free?
I don't need no instructions to know how to rock!!!!
money put up by email senders that recipients collect only if they consider the message a waste of time
Sounds like a fancy way of taxing the internet...
One man's Funny is another man's Offtopic.
looking over vanquish's feature page, it seems very cool and sure hope it works. they claim HIP involvement (human interaction), but to me, that almost seems worse than having a scanner rip through potentially delivered email and flagging it or not. /. :-}
yes spam is a problem, but only poorly setup web-based email apps or client apps (or bad sysadmins) keep email from you, you should get all of it and setup your own filters - kinda like the crap you can filter here at
do you have shinyfeet?
The other thing that can happend is that it is so hard to cash out this money, that noone will bother, since it'll be likely to take twice the time of hitting delete, or the sum has to be big enough to be worth the hassle ($1?) which agains brings us to the first point, people will cash out on every email.
Assembling etherkillers for fun an profit
The trouble is some of the pundits know so little to even know that they, (the pundits) know nothing. We live in interesting times, don't we?
I'm sorry, the whole "fee" idea just doesn't work for me... What is to stop someone signing up for a whole load of mailing lists, and then claiming that they were all a waste of time? The only time anyone would not bother taking that cash is if there was someone they knew on the other end, getting pissed off.
It sounds like a good idea, but it's not a solution any more than CAN-SPAM. Spammers will not cooperate if it's just going to hurt them. Until you crack down on spam in the same way that the telemarketer do-not-call list has, you won't see any improvement. And that's not even realistic given the ease with which email can be masked or forged.
It's similar to the argument that gun rights advocates make - stricter gun control laws or programs will hurt legitimate owners, but the real problems will still lie with the criminals who don't abide by those laws anyway.
Crack down on spammers. Make spam outright illegal and make penalties for ISPs that fail to comply.
While it'd be inconsequential to me to put up 10c to send each message (or probably even $1 if my employment related emails didn't count) it doesn't scale well between different countries.
Third world countries will find that sort of money a huge barrier to entry for sending email.
Similarly this will be open to google ad type exploitation. People will set up email addresses and sign up to all sorts of solicited and unsolicited email just to collect the cash. Again for people in poorer countries this might be a practical job.
So, I can just sit home and subscribe to mailing lists, flag them as spam, and watch the checks roll in? And if that doesn't work, how many EULAs will I have to click through to get a business to send me any email at all?
We would need someone to police this system, and that someone would need legal power in every country from which email is sent. No one has such legal authority. And we're back at square one...
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
What's to stop someone from signing up for every mailing list everywhere and setting up an automated application to flag it as spam so the money starts rolling in? Three or four thousand such flags per day, even at a few cents each should start to add up fairly quickly.
I'm a big tall mofo.
My time is free! I'll give them all the time they want and then some! They just need to come over to this dark alley... say, have I shown you my baseball bat? Look at these fine details... now just hold still.
How many times is this idea going to come up before it finally goes away? Nobody is going to put up any amount of cash to send their legitimate email. Nobody will use a service that requires such a fee.
It's a simple concept really... the only solution that will be accepted is one which requires the masses to do nothing different than what they do now. People will not change their ways, even if it meant a spam-free environment. When it comes to computers, most users are lucky to remember one way to do things. They can't be bothered with learning how to do things the *right* way.
the only field where you can get a nobel for being wrong
I'd like to try this on Slashdot. I can collect money for articles that I think are a complete waste of my time. Then this money can be used to post messages like this, which are a complete waste of other people's time.
I don't get it. This kind of "disincentive" has already been implemented in just about every business plan on earth in a much less logistically challenging way. When you advertise, you have to pay for it. Let's say you advertise too 1,000 people, it costs you two cents each, and only one person is receptive to your message. That person buys your product for $50. Great! Your ad campaign was successful. On the other hand, if nobody bought your product, you'd be out $20.
This is pretty basic stuff. The problem with spam is that spammers are continually finding ways to pay nothing to advertise. If one person in a thousand replies to a message you paid nothing for and sends you $50, you've made almost double the profits vs. if you had to pay 2 cents per recipient. That's always going to be an attractive market for people with useless crap to sell, because the real rate of return on crap might be considerably less than one in a thousand.
This plan gives people the warm fuzzies because it sounds like each individual will be able to profit from unwanted advertising, but in reality it would never work that way. On the other hand, you'd get the same "punitive" effect on spammers if you just found a way to force them to pay to send spam.
Breakfast served all day!
I would love to see the IT/Executive meeting over then one after it has been implemented:
IT: OH NO Mr. CEO, now, we don't filter SPAM anymore. What you do is look at the email and then decide if the email if worth your time or not. If not, then we charge the person who sent it.
CEO: Uh huh. So... Who sent it? How do I tell him it was not worth it, what if the link is broken, and more importantly I HAVE BETTER THINGS TO DO!!! From now on, it is *your* job to filter all the email the executives of this company.
IT: All 50 of them?
CEO: *grin*
This reminds me of the pay per click advertising boom of about 6 years ago. The only problem is it will just bring you more spam by opening the emails. So, is it worth selling your soul (or e-mail inbox) for the few cents youd make by opening all the messages for CHEEP V!4GR4 and Fr3e C redi t R3ports?
____
~ |rip/\/\aster /\/\onkey
Then why are you on Slashdot?
No, this will not work, for a variety of reasons which are obvious once you think about it for a little while.
-russ
Don't piss off The Angry Economist
Kind of. Cashette.com already has an email program similar to this. The way it works is if you want to send email to someone @cashette.com you need to have a cashette.com email address. From their if you aren't on their friends list or something you need to pay them X amount of money (as specified by the reciever) for them to get it. If we could get some sort of globalized version of this spam disappears.
There are 11 types of people, those who know unary and those who don't.
These show up on /. like clockwork. They all have the same problem: unless everyone uses them, they hurt the ones who do more than the ones who don't (network effect).
Go ahead -- demand a bond before you accept mail. Yes, you won't get any spam. You also won't hear from Hotmail, GMail, Yahoo, or your (ex-) customers.
All of these schemes depend on every government on Earth legislating them into existence, simultaneously, and somehow miraculously not adding enough bureaucratic red tape to make e-mail useless before spam gets a chance.
Lacking <sarcasm> tags,
This approach only seems to work for legitimate companies (or those that care about repeat customers). I don't see that strange web site selling V1aG4r@ participating in this system. I also don't see the Nigerian scammers participating. Or the phishers. I already don't get spam from L.L. Bean or Citibank. Has this professor even looked at who is sending spam to him?
And how do you handle international transactions?
I think I'd need to be able to specify a lower or higher cost to specific individuals as well. I don't want to have to "purchase" a bond to send email to my friend or family.
And if I don't have to, what's to stop a spammer from sending mail as if from me. I already get bounce-backs for spam I never sent.
Or even if I do have to, a spammer might infect a box and send it out as me legitimately. Again, said economics professor needs to do his research.
Or even worse, let's say this is automated to some degree. Which it will have to be for mailing systems to work instead of having a monkey click the button for every email. Spammers infect boxes for a million people and send spam to themselves. Then they reject it and collect a couple of cents per person.
While it's not a great idea, it's a fairly obvious one. Papers on this go back decades. I was one of the earliest to propose it in the Unix community almost a decade ago, but later denounced my own ideas.
But what amazes me is that like clockwork, somebody will publish an article on this "great new idea" for dealing with spam, several times a year it seems. They have clearly read none of the spam literature, nor done a search. And on top of that, journals and magazines also think it's new and publish the items, even slashdot publishes them.
What gives?
Has it been over a year since you last donated to the Electronic Frontier Foundation
Ah, I see...
Professor Marshall Van Alstyne of Boston University School of Management
That pretty much explains it.
Make it illegal for solicitations not to have how they obtained one's e-mail address. In other words, require how one obtained your e-mail address at the bottom of the e-mail message. Such as, "Your e-mail address _____ was obtained from ______." Something like a $500 fine for not having that in the solicitation, and a $500 fine for lying in the "disclaimer" too.
The force that blew the Big Bang continues to accelerate.
Where's the difference to Hash-cash? (from a technically POV) ...
Both ideas are about making it expensive for the spammer to send his email (using different methods, of course...) and Hash-cash was, AFAIK, proposed some years ago.
But somehow it never happened, that you used hash-cash when sending emails, and implementing hash-cash is so much easier than implementing this (I think at least).
But sure, it'd be great if it'd work this time
1) Once the system is broken, open the mass media valves and let it be known that it's the spammer's fault.
2) Angry lynch mobs wielding torches and pitchforks will take care of the rest.
3) Rebuild a spam-proof email infrastructure.
at http://www.cs.uwaterloo.ca/~klarson/teaching/F04-8 86/papers/loder04.pdf
I'm not so sure I want to support a program that turns "My $.02" into a literal statement. Seems that even when you get a "penny for your thoughts" you're still taking in only half as much as your spending.
If brevity is the soul of wit, then how does one explain Twitter?
On my gmail account, the service intercepts better than 99% of my spam (1 or 2 out of several hundred per week) with what has recently been a 0 percent false positive rate. So the technology exists and works.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Hey, this will be great for organized crime! Say Joe Spamola has 10,000 he needs to launder to his boss. Well, he puts the 10k up as his spam-bond, spams his boss, and the boss collects. Profit!
Herr Van Alstyne needs to watch Chinatown. Grandiosities like his get hammered flat on the anvil of the internet as do the promises of everything from a super phallus to a renovated political systems dissipating like fog in the morning sun. "It's OK, Jake, it's Chinatown."
Faith: n. -- That human impulse that drives them to steal appliances when the power goes out
The problem with this can be summed up best in two questions. 1) Why would spammers stop sending spam just because they had competition from a service that requires competant end-users? 2) Since the only way this bonded email could work is if it was excluded from spam filtering, why wouldn't the same people hiring spammers just keep buying bonds to send guaranteed-delivery spam? I have a better idea than this for stopping spam for anyone who would even consider this bonded email drivel useful: Shut down the SMTP port on your server. Conduct all business via phone. You will never get spam email again.
The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.
If we had an FBI director who made this a priority, most spam could be eliminated in a year. Just divert some of the FBI Baltimore people who do child pornography, who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.
In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.
Wallace & Rines' revamped spambone was to do just that. It didn't pan out.
So your recently stolen creit card not only includes charges for a weekend trip to Vegas you didn't take and life time subscriptions to "websites" you swear wouldn't interest you, but now you get socked with a million micro-payments for spamming yourself!!!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
So what if somebody would intercept these emails full with money, is this the new way to get rich?
Just intercept a couple of million emails, what a horrible concept!
This is not much different from an Opt - option. The opt-out brings "consquences".
This champ (with an i) is proposing that we cannot complain about the unsolicited emails unless we think that they are a waste of time. The issue is that "you think it is a waste of your time but you are mistaken; look at the additional gramatical and english spelling mistakes that you now know. You also learned that Viagra works, and if you disagree you are welcome to read our research.
The reimbursement will probably has some stuff tied to it where theses chimps (spammers) will have their way.
I still get baffled by how some people look for ways to legalize spam.
If I understand correctly, which I might not, this is how it will work: spammer sends me an e-mail, I mark it as spam and receive money, spammer gets a notice so he can remove me from his list.
What's to stop me from biting the cost of a large mailing, collecting all those notices, and reselling them to other spammers as a list of verified active addresses? My customers could use the lists in a country not on board with the idea, since this will require legislation to enact (which is a problem too obvious to need explanation.)
Seems like a major problem, but I'll wait until the paper is released before making my final judgement.
dont taco and co have Unlimited mod points?
Robert Heinlein in one of his stories required that telephone callers post a bond before the hero would answer the phone. If the hero agreed that the phone call was worth it, he'd reverse the charges.
Any user of "free" webmail service sells their eyeballs - hotmail, gmail, Yahoo, all of them charge money to advertisers to place those banners above, to the right of, and to the left of every page those users view. Nobody seems to kick too terribly hard about that. There *is* a web-based email service that shares some of those revenues with its users - while nowhere near enough to quit one's day job, extra income can be very nice, especially if it costs nothing.
My email address is un-obfuscated for a reason...
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
Note that this is how email works in "Earthweb" by Marc Steigler. Definitely not a new idea at all. I don't think it'd work for various technical reasons, but I can see how it might work for large companies in conjunction with whitelisting... a second, independent email network, almost. Support/sales email addresses would still have to put up with SPAM though.
In his 1996(?) book The Road Ahead. It was exactly the same, the recipient would have the choice to not collect if the message was wanted. For example, if it was from a long-lost friend. So it only took nine years to write a paper on this idea which was published by on e of the most famous figures in the technology industry?
Walt
Right.
People flag list traffic for which they subscribed as spam all the time. What is so special about putting up a financial bond that will cause people not to flag mail they requested in March as spam in May, or accidently marking mail from aunt Mildred as spam. I just don't see it.
This fails every test of an anti-spam proposal I can think of, including the most important: It doesn't stop spam.
--OgThe only way to stop spam is to start putting spammers in prison. Not jail; prison. A couple of years in stir as someone's boy-toy will cure a lot of this. I realize that not all, or even most, of the spammers are in the US. I think putting them in prison in Russia or Turkey or the PRC would be equally effective, if not more so.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
From TFA:
"...since under Van Alstyne's proposal, senders only risk their bond when initiating contact for the first time."
Uh, no. Even the provisions of the worthless Do Not Call List include only allowing calls within x months of that company having done business with you, not in perpetuity.
Attention zealots and haters: 00100 00100
> Is selling one's attention the answer to spam?
OK, let's assume for a femtosecond that the spammers take any notice of this approach. The fundamental idea is that email users submit to advertising in their email box, being compensated for advertising which is "a waste of time".
The problem with this idea is that this is a medium which its users already pay for. There is no such thing in this model as acceptable advertising: any unsolicited advertising, by definition, is a waste of time.
OK, that femtosecond is over. Let's get back to deleting spam.
Dunx
Converting caffeine into code since 1982
A: NONE
All solutions require spammers to participate. They won't. If they did/could/would, spam would not exist to begin with.
The best we can hope for is proactive reception, and it is going to ALWAYS be one step ahead of the spammers.
This kind of logic is akin to saying that making guns illegal will lower the crime rate: IF THEY OBEYED THE LAW, THIS WOULDN'T BE AN ISSUE!
....your minimum 2 hour per case charge.
-Valiss
I posted this before, but in case you missed it:
Here is how to deal with SPAM:
1 Get an webmail address with a SPAM filter that lets you see your SPAM messages before deleting them (or use a pop account and email client)
2 Go into your SPAM folder once a day (or less) and skim the list for legitimate emails
3 If SPAM folder contains more than 50 messages a day, get a new account and stop giving out your email all of the time!
4 Clear out the SPAM
5 GOTO Line 2
If you need help with 1, send me some faux-SPAM and I'll find your email and send you a gmail invite. When people rely on a computer to know what they want to read, it is inevitable that the machine will delete a legitimate email. Whitelists take more effort to maintain than the simple procedure above.
As a spammer, I love "recipient gets paid" spam solutions. I just reverse my army of zombie PCs to send ME mail. I mark them all as spam and collect the bonds that the innocent PC users put up.
Being a dyed-in-the-wool-pinko-commie-liberal, I've always been skeptical of claims that "the free market" can solve any particular problem. Solutions to problems have a nasty habit of changing paradigms, which the free market, by its very nature, is resistant to.
According to at least one source spam currently makes up 71% of current e-mail traffic and viruses account for another 1%. That's almost three out of every four e-mails. And how did it get this way? Because the free market let it.
The truth is that there is no financial incentive for the free market to address the problem, and in a way, it prospers by it. And not just the spammers, but every large ISP that gets paid for bandwidth by a smaller ISP benefits. An entire industry has grown up around "preventing" spam and viruses. Hell, the company behind the source I just referenced makes their money because of it . . . And that's why the problem continues to get worse not better.
However, show me a technical solution, with the backing of some kind of governmental enforcement mechanism (either one without the other doesn't work)and then you're actually talking about something that has a possibility (but note not a likelihood) of working.
Spam your home email account from work and give yourself a raise. $$$
Attention bonds don't work, as described here in more detail:
* Creates opportunity for traffic monitoring by people we'd rather not have doing that
* Creates money trail alongside email trail, making legitimate anonymity almost impossible
* Makes trolling a profitable business model
* Participants who are poor, or not allowed to form legally binding contracts (such as children) can't have email anymore
* If only applied to email, moves the spam problem to other media without solving it
* Creates obligation for email receivers to actually pay attention to the messages of paying spammers; can't set the price high enough to make that okay, without chilling too much non-spam communication from senders who can't risk being forced to pay a large bond
* Can be used as a payment system for underground economy (porn, gambling, drugs, general money laundering)
* Mustn't allow any communication beyond the bond amount, or else that'll be used for spam; but the bond amount isn't really enough information to make the read/don't read decision
* Senders often don't have the choice of talking to a different receiver on a given subject instead, so system can be abused by anyone you NEED to send mail to (e.g. legal notices, tech support, recipients of emergency communications, etc.)
* Human beings known to behave irrationally when involving transactions in small amounts of money (same reason micropayments fail)
* Creates complicated international payment system with huge numbers of participants; not possible to keep such a system secure. (Like credit cards but a thousand times worse)
* Large companies like Microsoft will use embrace-and-extend to create/extend monopolies and punish users of competing software
* Probably already subject to conflicting patent claims
* Creates need for middleman businesses that have no other function; opportunity for abuse, like the domain name registration racket.
* Escrow system likely to end up using anti-robot captchas (like domain name registration), making legitimate non-human, and disabled human, email users unable to participate.
* Either malware on your machine can make you owe a lot of money to random people, or else spammers can escape having to pay their attention bonds by invoking whatever mechanism protects malware victims.
Why not find emails from spammers (and lots of pop up ad creators), get the URl's and post them up here so they can feel the wrath of the /. effect? That will most certainly make them think twice before bothering another law-abiding nerd...
Sniper's Motto: One shot, One kill- If you run, you'll only die tired.
That said, the ultimate system I want would involve auctions for my time. I would specify how much advertising I'm willing to see, say 15 minutes worth per day. I would provide some personal information to a trusted intermediary who would lose out if my informatin ever leaked (since he would then be out of the loop). The information would include such things as what I am currently interested in buying, my location, and even my credit rating, and the intermediary would then auction my 15 minutes of advertising time to the highest bidders, with the profits split between me and the intermediary. Legitimate businesses would be able to reach pre-qualified customers, so that would be their incentive, and for big purchases like a car or a house, it would easily be worth paying to reach good candidates.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Suppose smtp was modified by version + 1 to include the following in the the negotiation process:
USER user
PASSWORD password
AUTHENTICATE user@emaildomain.com
Before the SMTP server responds to the authenticate, it contacts emaildomain.com (as part of version + 1 protocol) and inquires about the sender user. From there, several interesting thing can happen. The server at emaildomain.com can do an email name query cache to determine if a user is being used abnormally. Hundreds, thousands of hits per second, etc. The server at emaildomain.com can report several types of errors (too many queries, not a valid user, suspected spammer, etc). If an authoritative ISP list existed where every ISP that hosts email must register in that international ISP database, any legit SMTP server could cross reference the senders ISP domain or address, thus not any joe monkey can set up a fly-by-night SMTP server that would accept or authenticate delivery. Each ISP can also have an email address database of black lists, white lists, etc virtualized for each address. Before proceeding with the AUTHENTICATE request, the sender email address is compared against that list, the sender credentials and the senders isp credentials are all verified. If the SMTP server doesn't like any of those tests, it can reject the connection outright, based on preferences the owner of that email address dictates.
This still places the burden of dealing with spam on the recipient. That is, always has been, and always will be unacceptable. The stuff should never have existed to begin with.
I have better things to do with my time than click through a pile of crap in my E-mail. Outlaw spamming, period, no matter how much the asshats at the DMA may scream about it (they screamed about the Do-Not-Call list as well, if I recall). It would be easy enough to do simply by extending the reach of the existing Junk FAX law.
In fact, had it not been for the DMA's spam apologists, that idea might have worked out from the get-go.
Bruce Lane, KC7GR,
Blue Feather Technologies
Education.
If we educate the users/unwashed masses(what every you want to call them) that BUYING from the SPAMMERS is A BAD IDEA(TM) and only makes the problem worse, the users might not buy cheap tobacco/blue pills/radio controlled cars/fake rolexes from the adverts.
Would the small minority please stop supporting this crud, then maybe I wouldn't stop one week fighting trojans nd the next fight the spam they've started spawning (Sober.o/p and sober.q).
All the naysayers about free mailing lists being forced to pay thousands of dollars are wrong. Unfortunately the article is not explicit about how it would work. It's basically a modified whitelist system. Imagine this: Your inbox is set to block all mail which is not on the whitelist. If the sender's address is not on the whitelist, it cannot get into your inbox. It doesn't matter if it came from armies of zombie windows boxes or whatever, it is blocked at the front door. But what about the free mailing list I want to receive? I put it on the whitelist, and it gets through, and no money changes hands. But what if I sign up for the free mailing list and then claim it is spam, can I collect money? No, you can't collect money, because the free mailing list is not willing to spend money to deliver the message. The message would get dropped on the floor, end of story. But what about my long lost friend who found my email address and wants to contact me? Your long lost friend must "escrow" the amount of your attention bounty in order for the message to be placed in your inbox. That doesn't mean you will claim the money. If you do, your friend may be upset and probably won't email you again. Probably you won't claim the bounty. You will add the friend to your whitelist, he will pay nothing, and everyone is happy. What about the spammer? He is not on the whitelist, so he must put up the "escrow" money to get the message into your inbox. If once you get the message, you decide it's wonderful, you don't take the money. If you are upset about the message, you take the money as your price for reading an unwanted message. If you don't take the money, the sender goes on your whitelist, and next time can send to you without charges. What if you later remove yourself from that sender's list and they still keep emailing you? You remove them from your whitelist. Now they have to pay the price again to get your attention. Do you think this will cause marketers to consider their audience much more carefully? Yes. Will spammers send fewer messages? Yes. Could other problems happen as a result of this? Probably... one I can think of is the zombie windows machines using the owner's "escrow" account illegally to put up the escrow money. In effect, the spammer would be stealing money from grandma's credit card to pay for his spamming. While that is bad, you can bet that grandma will be very motivated to secure her box now. At a minimum, she will protect that credit card info for the "escrow" account and not allow it to stay in her computer so that the spammer's worm could take advantage like that. Without that escrow money, the spammer's unsolicited messages will not get through the whitelist filters. I think the main problem with this is the complexity of it all. But I think another advantage of it is that it could be rolled out incrementally. Senders on the whitelists wouldn't be affected at all. So I could set up my inbox with the whitelist. People not using the system and mailing lists not using the system would all be able to communicate with me fine. During the transition, any new mails without the escrow money capability could have an automatic reply that I require the new system to be used to receive their email. If their email client doesn't support the new system, I'm sure some enterprising soul will set up a web-based email system supporting the scheme, and they could email me from that to get things started. Or I could even have my own website tied into my inbox, and that could require them to escrow some money in paypal before it puts the message in my inbox. The bottom line of the system: if the sender is on the whitelist, no money changes hands. If the sender is not on the whitelist, he must be willing to put up the escrow money for the message to be delivered. The receiver sets the price the sender has to meet. If the sender is unwilling to risk the price, the message is not delivered.
I think the idea is interesting.
A technical matter - it would have to work such that you first paid to send the email (therefore receiving servers could ignore unpaid-emails), and then got a REFUND when your email was deemed worthwhile. Otherwise, there's NO way to force the sender to pay.
However, in order to make it work in the first place you'd have to have a credit card or bank account associated with every sender, which simply won't work, because there are many people who don't have such things, but yet have (and are entitled to) email accounts.
Cheers
1. People like google on slashdot will still have ads show up for Eritrean Singles while reading this article. That's just plain wrong.
... there are other examples where few people read the fine print and sell their info to spamster without realizing it. So selling itself is not ok, not if most consumers will continue to be clueless about it.
2. When you buy a house - like I did this morning - they have to tell you in my state that they are going to sell all your info to everyone and you have to proactively opt-out after closing
3. Spamsters rely on the fact that 0.01 percent of all people who get their spam will reply or buy something from them. They are only willing to pay you - as a person - 0.0000001 thousands of a cent for selling them your info - it's cheaper just to buy it in bulk. So the profit motive isn't there, since I would require $500,000 per email per contact per info piece known.
Face it, the only way to deal with spam is hunt them down, drug them, and ship them to Iraq to die for us.
-- Tigger warning: This post may contain tiggers! --
When I say zero percent, I am not rounding off - I really have not seen a legit email in my spam folder in a couple months. I don't get any legit foreign language email.
./ - almost all of my mail is from people I already know. But I am job-hunting right now and the occasional "offers" are not being rejected as spam; they have all been from SPF neutral rated sites.
I could very well be a special case for which gmail's system works particularly well. There was a discussion of this last couple days on
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
ok, here's what we do if this goes into effect. We make a fake email account. Then we go and sign up on every spam ridden and diseased site we can possibly think of, drugs, penile and breast enhancements, the works. Then we write a program to automatically submit "This SPAM was a waste of my time, I want my money" requests to the spammers. The more spam you get, the richer you get. After you set up a healthy inflow of spam, you're set for life.
...will be when the day comes that every e-mail I receive has a "Detonate Sender" button that I can click to instantly cause all PCs owned by the sender (and ideally, through the wonders of GPS and RFID, the sender him/herself) to explode.
A similar feature, "Caller Detonate", is still also something that would be useful to have for the telephone and cellular networks.
If elected president, I promise to make spamming a federal crime punishable by the death penalty, along with driving slow in the fast lane, riding up on people's bumpers to try to get them to drive faster, and yakking away on cell phones in movie theaters.
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
"school of management" WANKERVILLE
If you mod me down, I will become more powerful than you can imagine....
The only solution to spam? Replace SMTP.
SMTP is an outdated, insecure protocol which is ill-suited to modern email.
We need to replace it with a protocol which is authenticated at both ends. A friend and I came up with the following; which although not perfect and probably subject to a few tweaks is a step in the right direction.
J Random Hacker/Company/Joe Sixpack leases a domain name from J Random Registrar. Let's call it jrh.com
That registrar provides a private key and a public key pair based on the domain name.
The CMTP (or Complex Mail Transport Protocol - I made that up) server on jrh.com wants to send an email to target.com. It signs the outgoing message with the private key (ie puts a hash in the header - and you could base it on time and date or other arbitrary data to make sure there's no forgery) and then connects to target.com. target.com then asks jrh.com's registrar for jrh.com's public key (either that or it's propagated over DNS). If the pair match up, the email is accepted. If not it's dropped at the door. No questions asked.
During the phase in period, SMTP traffic could be configured for a 15 minute delay on each target server, whereas CMTP traffic is dealt with immediately. I compare it to how Telnet was slowly phased out in favour of its more secure replacement, SSH.
So, if a spam zombie Windows box is spewing out SMTP traffic in a CMTP world, most servers would drop it at the door. The spammers can't go to CMTP because:
1) They can't use a private key they made up because it's checked against the public key held at the registrar.
2) If they use the private key of a domain they hold (ie install it as part of the worm infection) when people get even 1 spam from them (yes 1 spam - it would be that unusual) the server just ignores mail sent with that signature.
The solution works because the motivation would be there for companies to prevent spam on their networks. As soon as they switch to CMTP, they get no spam over it. And eventually they will get no SMTP email at all. Just as nobody uses Telnet anymore, SMTP will die out if replaced with something better. You can make all the laws you like but at the end of the day, the SPAM solution is a technical one.
"And then I visited Wikipedia
RTFA. The premise is that once you mark an address as spam, the sender will no longer send you messages because it's against his economic interest to pay you again. Therefore, you only receive payment once per mailing list, which will be too small to make it a feasible source of income.
Possibly, but if thousands (or millions) of users do this to a mailing list whoever runs it is screwed. I cannot fathom why any mailing list EVER would sign on to such a system.
Nor would I ever send an email to anyone that had such an address personally.
Basically is it not just simpler to not have an email account at all? The result is the same, there is almost no-one on earth that will send you an email after you hook up with a service like this.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You hire me to find spammers and kill them.
I get a bounty for every spammer's computer I bring in that shows he was a spammer.
And I get to keep the computer.
And the mailing lists...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
The problem is that people will want backwards compatiblilty or the ease of use that the simple method uses. When's the last time I used telnet? Today. SSH? Last year sometime. It's not extinct by any stretch of the imagination.
The bottom line is this:
Spammers keep spamming because they make money doing it.
Zombie boxes are just a means to an end. If we figured out how to solve that problem, they'd come up with something even more insightful. The folks who run spam rings and zombie nets are intelligent and resourceful people. Yes, they're all fucking assholes, but they're good at being fucking assholes.
If we want legislators to start dealing with spam seriously, we should disable all filters worldwide and show everyone just how much spam is out there. If nobody anywhere gets their email for a week, something will likely get done.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
dspam + all features enabled + correct it with a single button
or
thunderbird + "Junk Mail" button
I think the box to check would be "Eternal arms race involved in all filtering approaches"
but
98% of my spam is caught by this, and the other 2% get filtered soon enough once I retrain the filter.
I haven't found spam that can get through bayesian filters yet. Am I not trying hard enough?
Don't thank God, thank a doctor!
Why can't my insurance the money they'd have spent on my Ritalin straight to the spammers?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I bill triple digits per hour
;)
Lemme guess - 000
Next time word it carefully - I bill triple non-zero digits per hour
Bond is an interesting word - in my view it's something of value you put up as a guaranty for a good behavior - this is the key - if you are GOOD you get it BACK - so my friend will get it back - spammer will not
I am looking at this from capitalistic prospective:
Every one has the same rights as the guy next to us
BUT NOT everyone can afford it.
I did not have a cell phone until I could afford one...
This system is interesting example of this approach - but it does not solve the global problem of spam - yet I can see that it's solves it for me, an individual.
As a predator (strongest survive) I would really care for my self - by that making the world a better place.
I don't know if the spamers will be able buy the bond before sending me an email - but, would I really care - and if they do then I will capitalize on that - if not... I win (no spam)
When I want to move in to a nice house in the middle of Manhattan next to Central Park - I have the right - but don't have the means
If my friend wants to get in to my mailbox - he knows up front that I will not take his money - no risk for him.
This article advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a poorly
thought-out, ineffective federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
(x) Jurisdictional problems
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam (via theft of resources)
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
Send all of the spammers who are breaking the law to jail. Guess what you get? Spammers in other countries with slacker laws picking up the slack.
The problem is simple, and has been simple for years. The solution is hard, but the problem is this: spam is noise, and noice is a bitch to filter.
Self-correcting, goal-oriented noise (e.g. diseases or spam) is even harder to deal with. No cute payment scheme will resolve the basic problem that in exchange for the benefit of everyone in the world being able to reach you, you get the drawback that everyone in the world can reach you.
Want a solution to spam? Go start a closed email service, where only paying members who have had their identies checked are allowed to send mail to each other, and yank anyone who misbehaves. Problem solved. Of course, you'll only be able to talk to a tiny fraction of the world, and employers won't be thrilled with "join this service so I can send you my resume," but you take the bad with the good, right?
Bill Gates put this idea in The Road Ahead back in 1996. Basically, in order to send an unsolicited message, you have to attach some e-cash to it. If it's just a message from some long lost friend presumably you won't actually redeem the attached e-cash.
Anyway, like a million other ideas about solving spam, it'd work if you could just convince everyone in the world to adopt it. Convincing everyone in the world to switch over to the new system is left as an exercise for the reader.
Storm
Create hundreds/thousands/millions of fake email addresses.
Robot submits them on every scammy site on the web. Another robot harvests the spam, earning money for you.
If it's expensive to send out millions of spams, it will be profitable to receive millions.. The fun part is, you will never have to look at them.
Sorry.. but I have Adult ADD and won't be able..
oh look, a kitty!
() Lack of centrally controlling authority for email
-- it doesn't appear to use this - it appears to be recipient's-end charging, which can be deployed in a decentralized manner
() Open relays in foreign countries
-- those don't matter here - if they sender doesn't pay, the recipient doesn't read it, and relays only make it harder to pay.
(*) Mailing lists and other legitimate email uses would be affected
-- you correctly marked "whitelists suck", which is part of why it's hard to implement this one correctly.
(*) Users of email will not put up with it
-- this is the big problem with TMDA, hashcash, and many similar systems
(*) Many email users cannot afford to lose business or alienate potential employers
-- you missed this one too. See previous.
() Requires too much cooperation from spammers
-- not a problem. This one requires cooperation from non-spammers.
() Unpopularity of weird new taxes
-- unless I grossly misread the article, this doesn't apply here - the sender pays the recipient or recipient's ISP, not some third party.
(*) Public reluctance to accept weird new forms of money
-- Yup. Either you need weird new money or old-fashioned real money, and the latter is usually too expensive per transaction.
(??) Armies of worm riddled broadband-connected Windows boxes
-- Maybe. If enough people start using this, and there's a convenient mail-sender interface so senders don't need to pay attention very often, then worms will start to abuse it. Otherwise they won't care, and the five people who still use it will have whitelisted each other.
() Dishonesty on the part of spammers themselves
-- Doesn't hurt the recipient, who sets the price high enough that he's willing to read an occasional Nigerian Herbal Fake Vi***a ad and keep their $5 just to annoy them. This proposal suffers from dishonest recipients, who convince legitimate that they should be willing to pay the money to get the recipient's attention. It's a serious enough problem that it can even lead to "Make Money Fast By Reading Email At Home" spammers inviting you to become a recipient
() Why should we have to trust you and your servers?
-- Because you want me to read your mail. Don't care? Don't send money, and I'll ignore you. If I'm a sufficiently interesting public figure, like Rush Limbaugh or Daily Kos or the Editor of the New York Times or Britney Spears, maybe you'll pay to get my attention. Alternatively, maybe the fact that I'm charging for my attention will make you think I'm some over-inflated ego who's not worth the effort, and my 15 minutes of fame will time out faster.
(*) Sorry dude, but I don't think it would work.
-- My conclusions's a bit more positive than yours
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"What information consumes is rather obvious: it consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention, and a need to allocate that attention efficiently among the overabundance of information sources that might consume it."
from a giant in economics, cognitive psychology, and artificial intelligence
Hehe.. Just kidding.. ;)
(I hope I didn't just sign a death-wish for my karma...)
Just when you make it idiotproof, some idiot builds a better idiot.
Well, one thing spammers are really good at is compromising Windows machines and setting up thousands of fake email accounts. Do the math, 1000 addresses, 1000 mailing lists. At 1 penny per list per address, 1,000,000 pennies = $10,000. Not bad for a few hours work. That pays better than spam. The idea is simply stupid.
Heinlein came up with it first -- one of the characters had a doorbell which would only ring after a deposit was made -- refundable if it was agreed that her time was not being wasted. I think someone else here referred to Heinlein doing the same thing with a telephone call at some point or another -- I'm not sure if it's the same reference (and one of us is misremembering it) or if he used the same idea twice (which is really quite plausable).
That's not a problem. I have NO DESIRE to receive any e-mail from third-world countries--they don't have to use the system. I would actually like to be able to personally blackhole all IP traffic, e-mail or otherwise, coming from the entire continent of Africa, and I'd like to only allow outbound connections on port 80 to all Asian IPs. That would fix at least a third of the spam problem for me--I realize some people can't afford to blacklist that much of the Internet.
Russia I would whitelist. Allofmp3, etc. Allow. Anything I haven't heard of in Russia I don't need.
Anyone know an easy way to do this?
So the mails stating Bill Gates will pay me money if I forward them are real!?
Need a Wiki? Check out DokuWiki
Why would a spammer possibly want to pay for something he can already do for free?
In your innocent minds maybe this makes sense, but to spammer, he has already moved onto the next slashdot article. He does not care about this one bit.
The April 2005 issue of Scientific American also has a couple of lines about this approach in an article about general anti SPAM efforts.
No spammer can be trusted. They lie about the fact that you opted in to get their spam, they lie to your e-mail filter, their products are lies, etc. So how could this, or any system, affect spam? At best, they'll just find a way to break the trust of the system. ("I am Mr. M'Bogo from Nigeria. If you click on my spam, I will deposit US$1,000,000,000.00 in your account") Where are the proposals which take spam into account for what it is, a system of dishonesty? All these schemes assume that spammers can be trusted to obey the scheme's rules. Surely we understand the nature of spam by now.
I have absolutely no problem with this. I'd love a second income, and I'd be more than happy to sell my att.. oooh, shiny!
https://www.eff.org/https-everywhere
2) Requires spammer cooperation? -- nope. No realistic solution will do this. Instead, it's a modified form of challenge response in which spammers simply cannot reach you unless they commit something of value.
3) Honeypots? -- definitely yes! This puts the burden on marketers to clean up their lists, which cuts the flow of wasteful traffic; which is the point, right?
4) Beat a perfect filter? -- yeah sure?!? Actually, yes, this really is possible, but not always true. It can happen for two reasons. (1) Imagine that you got paid for mail you didn't want. Wouldn't you be better off? (2) Also, filters take a static view, but try considering a dynamic alternative. What if you could increase the volume of good mail you wanted, but curtail the mail you didn't want? Wouldn't you be better off?
For anyone who's interested, the academic (read equation laden) article is available here, and comments are welcome: http://www.paritive.com/bej/spam-bej.pdf
Cheers,
Prof. Van Alstyne
As a public service, would you mind adding a link to your .sig?
http://slashdot.org/comments.pl?sid=125856&cid=105 43621
http://tinyurl.com/dakp4
Yeah, admittedly some of my answers are subjective or borderline. And some results are not immediately obvious without thinking through a series of consequences. (Especially with this proposal.) I probably should have use a few question marks in some of the boxes. Still, the original poster was WAY off the mark.
;)
Also, I was thinking that the onus to collect would fall on the recipient. After re-reading the article, I guess it falls on the sender to send a bond that the recipient determines to be 1) legitimate, and 2) worth enough money.
> () Lack of centrally controlling authority for email
It's hard to imagine a system of determining "legitimate" bonds that can be collected on, without some central authority. Would probably be a CA system, like SSL uses. Perhaps we could use the same CA system. I guess you're right in that a central EMAIL authority wouldn't be required though.
> (*) Mailing lists and other legitimate email uses would be affected
This was definitely in my "not sure" list. I assumed they'd be white-listed. Looking at the article again, the mailing-list of my LUG would send un-bonded messages. We'd just require that the recipients white-list us or miss out. I guess you could call that "affected".
> (*) Users of email will not put up with it
I don't know. This one actually shows some promise.
> () Unpopularity of weird new taxes
I took a very inclusive reading of the word "tax".
> () Dishonesty on the part of spammers themselves
I was assuming that the spammers could somehow spoof their sending info. Even after re-reading I believe this is possible in several ways: 1) hack someone's bond authenticator; 2) spoof the from address in order to pass though white lists; 3) send spam from zombied systems to recipients in the infected user's address book. Perhaps those could be viewed as separate issues from spam though.
BTW, you seem to have made 2 contradictory assumptions: that recipients won't be presented with emails that don't meet their lower limit on bond prices, and that recipients can choose to view emails from well-known people who don't send bonded messages.
Anyway, good discussion.
Software sucks. Open Source sucks less.
My dspam, I train myself and upgrade myself. It's not much of an upgrade, and it's the best we have. Basically, I almost never get false positives, so I only check the spam folder for specific stuff I need. Total time spent on spam a day: 2 mins, including retraining, which I haven't set up a good way to do, so I have to manually log into the server and run the "dspam --source=error" command.
Don't thank God, thank a doctor!
Posting a bond requires some way of putting cash up front and it's not trivially easy to keep opening bank accounts.