Slashdot Mirror
Meng Wong's Perspectives on Antispam
netscoop writes "CircleID is running an interesting blog by Meng Wong, best known as the lead developer of the anti-spam authentication scheme, SPF. While touching on various recent hot issues, Meng has this to say about phishing: 'The final solution to the phishing problem requires that people use a whitelist-only, default-deny paradigm for email. Many people already subscribe to default-deny for IM and VoIP, but there is a cultural resistance to whitelist-only email -- email is perceived as the medium of least reserve. I believe that we must move to a default-deny model for email to solve phishing; at the same time we must preserve the openness that made email the killer app in the first place. The tension between these poles creates a tremendous opportunity for innovation and social good if we get things right, and for shattering failure if we get things wrong.' Right or wrong, definitely worth a read."
> "The final solution to the phishing problem requires that people
> use a whitelist-only, default-deny paradigm for email."
No, the final solution to the phishing problem requires that stupid, gullible people use a whitelist-only, default-deny paradigm for email.
Of course, that includes most of the human race...
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
To stop phishing, the banks and such have to STOP using email to communicate with their customers.
The banks have your home address and your phone number.
The only reason they use email is because it is incredibly cheap and allows them to attach advertising to their messages.
If the banks were responsible for any losses due to phishing, you'd see them drop email overnight. Once the cost exceeds the benefits, it's gone.
Inclusive, they are not, but they seem to be quite effective.
Once somebody arrives at a smart card used to implement DRM (quick: trademark DRMstick), society will transition from 'sheep' to 'card-carrying sheep'.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
If we default-deny email, what do we have left?
In the end, it is at times absolutely necessary that complete strangers can contact us without prior warning. If we don't have email for this role, then we need something similar to replace it.
But I still wonder why mail providers don't scan the typical phishing mails (PayPal and eBay) and check whether the links point to ebay or paypal's site or some obscure IP.
I'm pretty sure that checking such typical phishing mails for their authenticity this way would help getting inboxes rid of it. My two cents..
You just got troll'd!
The thing about email is you either will spend some of your time managing whitelists, or you'll spend some of your time managing spam. Likely some of both. But the idea of moving to a default-deny is not feasible for most people, because you often have to give your contact info out to someone you want email from -- AND YOU DON'T KNOW WHAT THEIR ADDRESS IS! So you can't whitelist them ahead of time. If a human is sending you the email, no big deal. Many times its not a human (receipt from a company, mailing lists I subscribe to, etc).
My proposal:
Charge 3 cents per letter. One cent goes to the ISP sending the mail, one cent to the ISP receiving the mail, and one cent to the recipient.
The ISP on either end would credit/debit the sender/receiver's account.
And watch the spam disappear.
Bill
There should be no mercy. Banks should positively tell their clients what phishing is. Then, the clients should acknowledge what phishing is; if they do not acknowledge, the banks shall cut their online access. And if ever they fall for a phish, well, though fucking noogies. They were warned, with proof on file.
I do use SPF and other methods to turn away crap at the smtp server (I see by the readout on my screen that I'm currently getting 0.647 emails per second; maybe two of those in a day will look genuine enough to be accepted by the server) but default deny is functionally the same as saying you don't use email.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
I think whitelisting is a pretty good idea. My SpamAssassin-oriented setup kinda does things this way. That is, a non whitelisted mail has to be pretty squeaky clean to get through, whereas whitelisted addresses get straight through.
But lately I've been hitting a different problem which totally destroys the point of e-mail in many cases for me. That is, idiotic sys admins who firewall out entire IP blocks for, seemingly, no reason.
Just because someone several machines down the co-lo rack let their machine get hacked is no reason for mail server administrators to *firewall out* entire ranges of IP addresses. Lately I've seen some ridiculous behavior where users of the other mail server can't even e-mail people on MY server because the block is two-way! So I end up with users complaining that only certain e-mail addresses appear unmailable (because only a small percentage of sysadmins are stupid enough to block entire classes) but it's still a major PITA that makes e-mail useless for many people. The worst part is when you complain to these sys admins/ISPs, many of them proclaim innocence and believe they have no blocks.. but it's their upstream provider, etc, etc.
I'm beginning to think that encouraging people to migrate over to systems like 'GMail for your domain' and the like are going to be the way to go. At least Google has teams of people working 24/7 keeping their machines whitelisted. Having the US government able to subpoena your private information is the least of your worries, as long as you can actually e-mail the people you need to.
And no, schemes like SPF do not help this problem, since if they're blocking IP ranges outright at their firewall, nothing can break through that except mail proxying (which I've been considering).
Sometimes I wonder if there is a middle ground in the area of shared whitelists.
If someone tries to email you, and they aren't on your whitelist but they are on the whitelist of someone who *is* on your whitelist, maybe let it through or at least give it some plus points for the filter based on how many degrees away they are.
Because you know that they have never used it, you will be VERY careful if you ever receive a message claiming to be from them.
Once they do start using it, they lose that edge.
Something that has never happened before attracts a lot more of you attention than something that happens frequently. Something that happens frequently, but is a bit different this time, may be missed.
People dumb enough to get phished probably think that whitelisting is something to do with the KluKluxKlan.
Engineering is the art of compromise.
I think the main issue that needs to be addressed is the ease of sending mail out as a false addresses. Default deny is great, except that the spammer will then pretend to be your aunty flow.
...is two have two e-mail addresses. One is whitelist only, and you never "publish" it. Only give that one out to people you want to have it explicitly. Make it clear they are not to share.
The second address is for public consumption. Use that one for everything else, including mailing list subscriptions, site subscriptions, Slashdot postings, and anyone else you even suspect will sell/give away your e-mail address. Ideally this would be something like a Google/Yahoo/MSN address or one from your ISP.
The first address should then be kept pristine and you never have to worry about spam on it. The second would be suspect, but some inbox rules and white/blacklists could clean up most of it.
I've been doing this for 3+ years now and have 0 spam on my private address. Gmail does a good job of keeping the other pretty clean.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Seriously, it's not that bloody hard to figure out. No legitimate corporation is going to send you emails threatening your account "unless you log on and confirm this information."
Look at it as the digital equivalent of the Survival Of The Fittest.
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
I say we should adapt education, not an e-mail whitelist. Some of us try that model for everything else in life.
If you moved to whitelist only email, some clever guy would write something to deactivate the whitelist mechanism -- whatever that took -- and then he'd be sending out highly-effective phishing spam.
Some of it would get through, and the people who'd get it would be far more likely to trust it, as their expectation of trust would be higher.
Similarly, if you get on a plane in the US, the window-dressing security probably makes you less safe: resources are pointlessly consumed when they could be spent on real security, and people "go to sleep" as they figure the security has already been taken care of.
http://www.thebricktestament.com/the_law/when_to_
Even the least technically aware people are starting to realise what phishing is and the forms the scams take and are developing a healthy sceptisim of anything that arrives through e-mail. You only have to see a few scams for it to begin to register with people that e-mails may not be genuine no matter how convicing they look, thankfully the time taken to reach the current sophistication level has resulted in users having time to become aware of the frauds.
The nigerian scams have been well covered, receiving e-bay e-mail notifications when you don't even have an ebay account and banking security notices from a bank you don't even bank with have all raised awareness of the problem. The scams may now be of much higher quality but users are very skeptical. Most non-technical users have always been very wary of online banking and shopping.
I think sometimes we underestimate our users.
Jason
When a problem seems very very difficult, maybe it is being viewed in an incorrect way.
Spam is a social problem, not primarily a technical one, and the solution is social.
Here's a solution that would work if we had a real leader as president of the U.S., and not someone who is only interested in benefiting the rich.
The president could, during a scheduled speech, ask people never to buy anything advertised with unsolicited email. He could talk about several ways such email is dishonest.
It could be arranged that Oprah Winfrey ask people not to buy things from spam. Religious leaders could ask their congregations.
This kind of solution has already worked. Everyone in the world knows to wash their hands; that has become part of human culture. We need to make anti-spam part of human culture.
--
Before, Saddam got Iraq oil profits & paid part to kill Iraqis. Now a few Americans share Iraq oil profits, & U.S. citizens pay to kill Iraqis. Improvement?
Ever been to Vlad's house? I have. Here's what it is. Wall-to-wall three-foot piles of human shit. Puddles of urine everywhere. Infants and toddlers living in feral conditions. Human suffering unseen anywhere outside of sub-Saharan Africa. This is the truth. This is the face of Vlad, a wretched, sorry son of a fuck if there ever was one.
Seriously. Just create a central database of "valid" mail servers. Require anyone that wants to run a mail server to pay $25/year, and go through a "verification" process that shows they aren't spammers, and that their servers are setup correctly.
Anytime an e-mail is sent, the receiver checks to see if they're in this "master database", if not, their mail is dumped. Obviously, you'd have some kind of public key encryption going on to prevent spoofing.
Now, creating a central authority for mail servers would be difficult, but it's a hell of a lot easier than trying to change things on the CLIENT side.
As for those of you saying "But I want to run my OWN mailserver! Why should I have to pay! And what if I want to run it in a way that doesn't meet the standards!".
Well...fuck off. You don't need to run your own mailserver. There's just no valid reason to do so.
The banks can still deal with you by having a login to their system (as most do now) where you can check your balance and such (and even send messages to their staff and receive them).
There, almost all the functionality and none of the phishing issues.
Am I the only one to have read the title several times as "Men's wong..." and not made any sense of it?
Where have a heard this before?
However very few people understand security or the distinction beween their computer and what's on the internet. To many it is just "the computer" and part of "the computer" does not work when it isn't dialled up. Many can't understand the distinction and will dial up anyway, even to play Solitair, "just to be sure". With broadband the distinction is even more blurred.
Whitelisting is not going to be effective because it disrupts the normal flow of email and is too complicated for most people to do effectively, so most people will just disable it. They'll end up with a false sense of security.
Engineering is the art of compromise.
What about n00bs? I very recently had to convince a friend that that nice lady from Sierra Leone was not _really_ going to give him $300,000.
He only just got a PC, and has been oblivious to anything computer related for all his life. Suddenly, he gets a PC, an internet account, and he's told to go off and have fun.
Seriously, I sometimes wish you needed a license to operate a computer.
Bank institutions in many countries already don't use email to communicate with their clients. In my country they all spontaniously agreed on that.
But, unfortunately people seen to don't know this...
Bank of America recently implemented a feature where you get to select a random image and enter a phrase or your choice. Then on the screen where you enter your password, they display the image and text you chose, so you can be sure you logging into the right place. Pretty nifty.
Even e-mail addresses that are NEVER published are prone to SPAM. Why? Because spammers (or harvesters) scan mail servers by bulk mailing (doh) addresses and collecting those that don't rebounce.
I've gotten mails that are completely blank. They have no message, ANYTHING. Why do you think a spammer would send those?
An approach I'd choose to solve SPAM is to ask for the message first, check if the user exists later. This way the mail server could do some filtering and post a "recipient not found" if it's spam.
It provides useful service for legitimate mail (first contact) while making spam stand out even more than already.
The smartest thing a spammer could do is send out a fake first mail, but then the user can already blacklist them.
GMAIL certainly could implement it, while Yahoo and Hotmail probably have the capabilities if they'll admit to it.
It demands nothing of the enduser other than admitting that you've given up privacy in order to get free webmail.
Or if they do use email, they should use a digital signature that can be traced back to the bank and 100% verified.
A big education campaign would also help (i.e. "never trust emails claiming to be from this bank" or "only trust emails claiming to come from this bank if the digital signature was valid" along with "never follow links in any emails claiming to be from this bank" and "If the email is legitimate, the same information will be available by logging into the online banking and checking the messages")
If I got an email claiming to be from my bank, I would probobly delete it. If the information was geniune, it will appear on my online banking and/or a physical letter too.
VoIP and IM are interactive means of communication, where email is quite asynchronous. Of course you have to whitelist VoIP and IM, or else you could have to be online all the time.
I doubt this is her... All I remember her for was asking "Does the Black Hole suck in all the matter?!?" in a physics course, and the professor replying "There are only 3 kinds of orbits. There is no suck orbit."
Of course, this assumes that the institution doesn't sell its email list or doesn't leave laptop with their unencrypted customer database laying around to be Trojaned or plain stolen. Considering the number of companies that don't have a freakin' clue about security and privacy, that might be a tall order.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
If I might expand on that thought...
The problem with the whitelist solution isn't just that banks and businesses use email to communicate, it's that they don't tell their customers what email address they use to send mail, and most use many. Take eBay for example. I get emails from outbidnotice@ebay, member@ebay, status@ebay, ect. and there's no reason to. Why can't all the emails just come from user-alert@ebay or some other such address and let the subject lines tell me what the email is regarding alone. I can still filter just as effectively. And don't get me started on Sony and their multiple mail servers.
If companies/banks had one email address and made it easy to find out, customers could add it to their whitelist for the email account they give the business. This would stop phishing schemes that use a spoofed address if the email goes to the wrong acct. "Did I give BankofAmerica my Yahoo address, or my Hotmail?". But when a company uses a different email address for every concievable type of email they send out, it's harder for a customer to tell if something (even with proper SPF records, ect) from administrator@yourisp.com asking you to verify your account details is real or not.
True.
I didn't mean the good rich, who earned their money honestly, I meant the corrupt rich, like spammers and illegal lobbyists.
a quick glance read:
mens wrong perspectives on antispam
hmmmm
Why not have your personal e-mail address for all non-official things, without whitelisting, and a business e-mail address that only accepts e-mail from your whitelist? That way if you get something claiming you need to update account information or whatever and it's to your personal e-mail address, you know it's fake. Businesses have no business (ha) contacting you unless you have prior contact with them, so you will add them to your whitelist before you give them your e-mail address.
In geek terms, personal e-mail = non-executable; business e-mail = executable (metaphorically speaking, not actual executable binary content).
I like messing with the Phishers, by leaving usernames like "ScrewYouBastards" with passwords like "IHopeYouDie". On a related note, ever seen 419Eater.com? They mess with the Nigerian 419 spammers with the theory that, by wasting their time, thats one less person they can scam.
I recently attended a conference for a large project that mutliple companies are involved in. While there, I listed my email address with the express intent of having an individual contact me later with the minutes from the meeting and any additional information that may come along.
If I had a default-deny system, I would need know what email address I would be mailed from, which I don't think they were organized enough to know ("someone loosely affiliated on some level with MITRE" isn't a valid whitelist criteria). When the emails did go out, many people hit "reply-all" and I was included in the discussion. I would need a client that was smart enough to figure out that I wanted to receive any replies to those messages.
Then there is the ever-present problem of "oh yeah, everyone, I switched email addresses" after someone has moved. It would require the foresight of everyone to send those notifications *before* moving or keeping an offline contact list.
Two other instances that come to mind are that a while back a senior engineer emailed me from his cell phone to tell me he wasn't coming in that day along with some brief instructions. Having never received email from that address, using a default-deny there wouldn't have been a good way for him to reach me at that time. I also have a bit of a website. That gets occasional email, and that is generally email I want to see.
Some of the things that make email attractive to me--open communication, many people can reach me from a variety of sources, people who don't know me can reach me with legitimate reason--are the very things that make it attractive to phishers, spammers, and scam artists. There is no good solution to the latter without removing a large part of the utility of the medium.
Integrate Keynote and LaTeX
Not only do they do as you say (use different email addresses), but they also use different DOMAINS. I forget if it was Bank of America or MBNA who was the worst offender.
It's like certain banks are doing everything they can to make it easy to defraud their customers.
Greylisting is doing pretty good for me at the moment.
Once the spammers adapt to it, and they will, I'll have to find something else.
One thing I'd like to do is to use SPF rules to identify the legitimate e-mail servers of some domains so that I can whitelist them to get around the greylist. The main reason for this is that if they are using RFC compliant servers, the e-mail is going to be delivered anyway. Except for Nigerian spams from hotmail.com, the big problem is zombie machines in people's homes. And some of our users don't understand why it can take an extra 20 or 30 minutes to deliver an e-mail through a server that hasn't sent us anything in a while.
For example, I might whitelist nasa.gov servers listed in their SPF records (if they had them), but not a provider that I don't know or that sends "targed advertisements to those who agreed to receive them".
One problem is not too many organizations create SPF records. I've read that ad mailing lists that border on spam are more likely to add them than regular companies and smaller service providers.
Another is that some providers don't try to list their e-mail servers, they list their entire address space. For example, look at panix.com:
I don't know if that is every address they have, but I doubt that have on the order of 66,000 mail servers.
But I'm thinking of writing a small program for my mailserver that checks the SPF records of a select list of domains each morning and creates a whitelist from the results. That way, if someone adds more e-mail servers to their SPF records, our whitelist will be updated within 24 hours and if someone of interest who has not published SPF records should do so, then we'll have them on the whitelist within 24 hours.
There is a simple solution - Naive Bayes Classifier 1) Customizable (per account) 2) 99.9% accuracy after training 3) Discovers non-obvious patterns Why does this keep getting ignored by the general public? There are several software suites that use this model to detect spam.
And it fucks up forwarded email - yahoo.com forwards internally from servers named prodigy*.* and from user's domains and it fucking bounces legit email - yeah, yeah, "just" have yahoo et al change the server architecture and blah fucking blah blah and it will work - fuck him and his fucked up "standard".
Yeah, I'm bitter and I have a "hard fail" SPF record - so STFU.
Fittingly, my captcha for posting is "cuckoo" - lol
I see his point, but I don't feel it's realistic.
Take for example someone who's job hunting. Unless you have some crystal ball (if you do, I'd like to borrow it!), you can't really determine who will be emailing you. You could have a per-user deny, perhaps - but the overhead in maintaining this on an active system wouldn't, in my opinion, be worth the trouble.
Whether it be spam or something else, there are always going to be idiots out there who like their little botnets, script kiddies, and the like. We have to accept that as a part of the environment in a "free" Internet, and adjust our technology accordingly.
This same problem applies to most source-based mail authentication systems.
Nobody sends spam from their own server any more. That gets the spammer shut down, fast.
What I took away from the article is that he's proposing a central authority (or a series thereof) that say "someone@somewhere.com is a real person's e-mail address." He is not proposing that you only accept mail from those who've already sent you mail; he's proposing that everyone in the world who uses e-mail be in this whitelist.
I'm not usually one to say "RTFA," but the majority of the comments right now have nothing to do with the article.
________________________________________________
suwain_2
How did I do it?
6
Simple:
http://www.kuro5hin.org/story/2004/3/16/13579/350
I track my email carefully, I use unique email aliases for all the websites I visit, I use special aliases for the mailing lists I'm on, I provide images to interpret for people trying to contact me, and I give out my "real" email address to close friends and family *only*.
I haven't been sent a spam that I couldn't immediately block--permanently--ever since I implemented this scheme. It was bliss turning off bogofilter for the last time. It was sheer delight when I no longer had to comb through spam- and hamlists for false positive or negatives.
I removed myself entirely from the spam/anti-spam wars. I have transcended the drudgery that those people put themselves through, and the best part? My now nonexistent spam filters never sort real emails into a spambin where they're neglected.
What happens when your sending out resumes to about billion companies? Are you to add them to you white list? What about contract companies that send out potential gigs your way? What happens if your a business; do you block potential customers? I know some accounts cannot be blocked; like sales account and marketing.
;-)
Well, we can trust the sales and marketing groups; right?
Am I the only person who read the above post as satire?
For instance ... Your MUA could still accept all email but any messages from senders not on your white list get flagged with a skull and cross bones, scripts are disabled and when you click on links the HAL/2001 sound clip "I'm sorry Dave, I can't do that" plays in Dolby 5.1 surround sound.
Then, when you go to add "Phisher Man" to your white list, your MUA asks you some questions along the way:
* is "Phisher Man" a financial institution?
* is "Phisher Man" a personal friend?
* is "Phisher Man" a merchant?
etc. If you answer "yes" to the financial institution question, your MUA checks to see that "Phisher Man" is registered with the appropriate authorities (e.g. his email is signed with a public/private key that itself has been signed by "Trusty Co." that proves his identity has been verified or, at the very least, he has paid some decent bribes to the right people). If Phisher has not registered and you still want to add him to your financial institution white list your MUA warns you that "you may lose your house, family, wife and kids if this person is not who he says he is, are you really sure you want to do this?".
Heck I think even my parents could learn to use this system and they are serious luddites.
If ISPs scanned heavily on emails, what you would get are better and better phishing emails. It's what Darwin said for biology and applies as well for many fields. It may eventually get to a point where not even a slashdot geek will figure out.
For your example a machine will need to know the email is supposely coming from a bank, who deceive that better will pass.
From the white list point of view, it won't work if you expect to receive emails from any major company and from people you don't know yet.
You could do great use of technology to avoid phishing, like forcing users to use a smart card connected to their computers and charging an insurance from those who don't, instead of only using simple (almost) static strings for authentication.
But the definitive solution isn't only technological, some people will prefer to don't use those smartcards, smartcards will have defects. You need other approaches together.
A bizarr effect of technology only aproaches is what we are seeing today on spam. Spam filters today are really good, at least the filters I use, but they let pass a few spams. That's great right? From the point of the sys admin that avoid bouncing and storing emails it may be.
But on the spammer side it incentives their activity, because whoever pass that layer of filters will get exclusive access to the "market", and much more "profit". So you see little decrease on virus creation, hacking and the amount of traffic getting to your firewall.
To defeat spam and phishing we need to attack the other side of the equation: making spam more expensive and more risky (some may also say making the damage of the risk higher but, for me, that sounds draconian and a cheap response to bad efficiency).
You can partially get the first with technology, very good filters can make finding a mail hub harder but not impossible, and as AOL is proposing with taxes, until a spammer discover a way to bypass that, maybe on the expense of someone else (creating another problem).
The second aspect is more risk. Criminals knowing they have good chances of being busted and, if they do, will loose everything they got facing proportional time in jail.
But to that happen the government need to know that spam isn't about sending "funny" emails about V|AGRA and people complaining about how full their mailbox is.
There's a whole criminal activity in the background, the same used by asumed thieves (phishing) that needs the appropriate treatment by the law.
I forgot to mention but education is also a good idea, we should see commercials on TV saying "SPAM is bad", "Don't answer emails that somehow ask for your password" and putting these same messages on the back of your PINs and bills.
Before long, the phish won't have any money left, so the phishers will have to give up.
Mine was "Writer Wong: definately worth a read". Darn dyslexia.
Help poke pirates in the eyepatch, arr.
That said, filters can remove 98% of spam with about 0.1% false positives, which makes them pretty useful. Most, but not all, of those 1-in-1000 false positives are marginal anyway.
If you're interested in doing your own tests, there's a free toolkit and corpus with 92,000 messages.
Greylisting is the answer, because it works on the behavior of the spammer, something that cannot change easily, not on the content, something that changes with every message. If spammer cannot send as many emails as possible, as fast as possible, then the price of spam goes up dramatically. To overcome greylisting, a spammer must be willing to implement a full mail-server on thier end. In current implementations they must be willing to queue messages for resending, and must be on a traceable, non-changing IP that will not go down for at least an hour after the last message they sent went out. It forces spammers to be responsible. No more "fire and forget" style mass mailings. And the great thing about it is there is no defense, no way a spammer can change his stripes and still be capable of the volume of email that made spamming so profitable.
If you don't implement even a five minute greylist on yur mailserver, stop what you are doing and go implement it now.
The burden on intermediate ISP's would be lessend considerably due to the decreased volume of mail. What's to be unhappy about?
One ISP credits you for emails received, one debits you if you have more than one ISP.
"Problem #2: I get involved in some projects for which we send a LOT of email back and forth between client, contractor(s) and subcontractors. So, even at $0.03 per shot, that needlessly drives up the cost of the project. This means the client has to pay a higher bill, which in turn probably means they charge more for their product.
How are going to predict at the start of a project how many emails this project is going to take? We could flat-rate the cost, but imo that just adds a needless line-item to the proposal."
The same goes for the telephone and snail mail. These costs have historically been taken care of.
"Problem #3: My ISP currently invoices me for service; you are going to add to the complexity of their accounting system (and overhead on their systems keeping track of who got what email) to manage all this, for PENNIES a shot, and the net result is I pay the ISP a higher monthly rate. What about auditing? What if I show I received 500 legit emails a month and they show I only got 400?"
Yes, you will pay more. So what? You get added security and the cost factor will stop spammers who send out a zillion emails a day.
At the same time you could make money by having lots of people send you stuff.
We are talking about a whole new business model that follows the user fee concept and allocates true cost throughout the system.
Can you imagine if a similar rule were applied to the phone system? I would love to get, say, 25 cents for each sales call I receive and 10 cents per minute I am on the phone with them.
Yes, there are problems. But none are insurmountable.
Bill
I propose a better solution to the e-mail system.
We should change the way e-mail works from the ground up. Currently, the sender's server will send the message to the recipient server where it waits until the client downloads the message. Instead of this, an interesting idea would be to have the sender server HOLD the e-mail message and simply send a notice to the recipient's server that a message awaits. When the client connects, depending on his software configuration, he will download the message from the sender's server or click on a link to go download the message from the sender's server.
What does this accomplish? We add the ability to flag messages as spam or virii. Depending on the sender's server's configuration, if a message gets too many flags, it will block the message from being downloaded in the future. Here's an example of this in action. Spammer sends out 100 messages for V1agR@. The 1st, 5th, and 7th readers are dilligent and mark the message as spam. The server's threshold is 3 warnings and then deletes the message. The message never gets to recipients 8 to 100. The user's account is suspended, and the spammer becomes drastically less effective.
There are other positive side effects to this scheme. Internally, my company will send out big files to one another. Instead of always using a server share, some people e-mail these big files to multiple recipients. If one person e-mails a 20MB file to 10 people, that'll be 200MB of consumed space for the recipients' servers. In a sender-hosted e-mail system, it will still just be 20MB.
Drawbacks to this scheme? Let's say the spammer sets up his own e-mail server and sends out spam from that. Recipients flag it, but the sender's server is configured to ignore the flags. If this were to happen, the spam is still not as effective because the recipient only wlil get a notification that mail exists. The notification would probably be limited to something like 128 characters of text for a subject. The sender's address can't be as easily spoofed because it still must be able to resolve to the sender's server. And better yet, if the ISP is cooperative, reports of this type of abuse to the ISP could lead to the ISP taking legal/criminal actions against violators of their Terms of Service. If the sender wants their message sent, they need to keep their server connected to the ISP, thus making it a lot easier to physically trackdown. If the ISP doesn't care, then we simply add the ISP to a blacklist.
Another side effect is that now the recipient needs to rely on both his e-mail server and the sender's server to be online to get a message, but this should be trivial. Also the server must retain the message for long enough time for the recipient to download the message. This should also be trivial, and in my opinion, it's better to put the onus on the sender instead of the recipient. For example, if the recipient goes on vacation for a few days and comes back to find his mailbox quota is full and he lost a lot of messages, it is quite annoying, and this proposed solution will not have that problem.
The biggest drawback is that this is a fairly major overhaul to the e-mail system. It would probably have to be done in phases where there is one phase that most servers support both types of e-mail protocols. I think it's worth the effort.
you apparently mean "people who dont have my knowledge base."
If a majority of the users of a class of products, or even a significant minority, are prone to using that product in a way that gives their identities away and makes their finances vulnerable, then the problem is NOT with the users.
It is a design problem, or at best a serious unaddressed education problem.
Blaming the customers when a large number of them repeatedly experience the exact same problem, is simply scapegoating the customers for the problem.
I think this is ultimately the correct approach. I'm currently in the process of implementing something similar for my home email. Each user will get a base email address (say, foo at dreezel.org). Only whitelisted addresses will be delivered to that address; all other mail will bounce.
The user can create new, or targetted email alias from that base, say foo.slashdot at dreezel.org. If the user is very educated, they can create access lists for each specialized address. Otherwise, the aliases are default-accept. This has several advantages; not the least of which is, you can see how your email address is leaking to the spammers.
I'm working on a Thunderbird extension to handle alias management, so my wife and other users can automatically create new aliases when sending to an unknown email address, for instance, or for deleting a compromised alias.
It's not like you need to create a new default-access alias every day. It usually takes a while for a new address to get compromised. I don't think this creates undo burden on the user, and it's a hell of a lot easier to manage than sifting through a spam folder every day looking for the one important email that's sure to have been mis-identified as spam.
I hate when I think I've come up with something terribly clever, only to find someone has beaten me to the punch.
Microsoft is to software what Budweiser is to beer.
I don't know, yet, if I agree that paying for sending is the best solution. Its certainly _a_ solution that would do a lot to kill spam.
I do however completely agree with your statement that it is an economic problem for the same reasons you've outlined. I wish I hadn't used my mod points already, because I don't think the GP post is very accurate and it is modded pretty highly.
Asking people not to do something would probably just draw more attention to it. If the president got up and talked about spam encouraging people not to do it, people'd be all like "wow, I can get cheaper viagra off the Internets!"
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
"...it sends an email back asking if you are a real person."
This email causes the mail server of the person who emailed you to send you a message asking you if you're human. Both messages get flagged as spam; which they sort-of are.
I'd prefer it if we all used encrypted, digitally signed email with all that public/private key stuff. Keys can be linked to identities or anonymous. No one would buy anything from an anonymous key user*, and if a key with an ID attached is used then you know who sent the spam and can prosecute appropriately. As a bonus sysadmins, ISP techs and Echelon could no longer read your mail.
*I hope. Some people are real idiots, after all. Tying the keys to bank accounts so online money transfer is impossible without one might work, although I hate to give banks any more power.
or if you are thinking about running a mail server , you should take the time to read this page
http://www.acme.com/mail_filtering/
its not the be all and end all, but there are several very very good ideas.
OAM
... on a system that gives corporation a new avenue to collect revenue. If we allow ISPs to charge a penny per email this year then next year it'll be two cents, then five then a dime...
Once you start down that road email will become a corporate revenue source and the abuse will start.
The race isn't always to the swift... but that's the way to bet!
Am I the only one who read that as "Men's wrong perspectives on Antispam"?
I clicked the link hoping for a feminist IT diatribe, and all I get is a lousy interview. Lame.
Why don't we use this model? Introduce a backbone network of mutually trusting certificate authorities, and require all mail to be signed with a valid certificate. It is the backbone member's responsibility to take due actions in case anyone having their certificate starts sending spam (revoke certificate, prosecute the user, etc), or else the member will be kicked off the backbone. The backbone member may delegate the right to issue certificates, but the responsibility still holds.
This scheme would make the backbone members know who their users and child authorities are, and prosecute the violators. You would still be able to have a free anonymous mailbox to receive mail, but the sender identity would always be revealed, and you would always be responsible for what you're sending.
Unfortunately it's obvious that if we retain an open non-whitelisting scheme, we HAVE to give up anonymity to prevent spam. There should be an easy way to find, block and prosecute the violators, in all other cases spam will continue.
Hm. First time I ever heard someone suggest that, in order to stop criminals, you have to punish their victims.
I mean, I know we have a lot of "whack" social-engineering running around these days masquerading as "wisdom," but that one sure brought me up short.
Any technology distinguishable from magic is insufficiently advanced.
Like that ever really does any good?
It is idiotic. Why the hell would you take the simplest communication method we have and destroy it by making it a fee based system.
/rant
To thwart those preparing attack, I mean simplest as in cost and implementing. One could write a cheap email system without much effort. No need to hire a hundred thousand mailmen to hand deliver it either, a few thousand nerds locked in various closets will do nicely.
Those who are stupid enough to fall for spam will fall for direct mailed items and jackasses selling miracle tonic as well. You can't save them, so ignore them.
The problem is of course the exploiters.
Just create a trusted hierachy and stop using SMTP on clients to send email. Have them instruct their server to send email. We created a worldwide heirarchy that works fine with DNS, it would be fairly simple to have one for SMTP that mirrors it. Add excryption on the data between the clients or at least end point backbone servers, and you have a decent spam proof system.
But it's so much work (blah blah blah). No it's not. Just have everyone start building their trees and meshing until 99% of people run through it. Then click over. Businesses can still route in unsafe email, but it would be just that. Unverified email marked unsafe.
I have always wished that sites would implement a version of semi- public key encryption. When I log on to paypal or my bank or whatever I want all my communication with them to be automatically signed by my semi-public key. It isn't truly public, but I can use it to verify the authenticity of sender. One key pair for each of the critical communications senders sending to me. A lot of email clients have close to this capability built right in with their public key encryption, but not a lot of automated systems out there actually take advantage of that. I want to know on a per-message basis that 1) I am assured I am the person with which the initiator intended to communicate in a cryptographic sense and 2) that who is communicating with me is the same entity I'm used to doing business with and they have not changed.
It really isn't that hard to run that on top of good old open email, and make it user friendly enough for the public. It just hasn't been done.
Today was a minor tipping point for me. I've been using a filter that moves stuff not addressed to me to a junk folder for months. However, today I finally received enough phishing/spam in my inbox that I decided to do more.
:-)
My first instinct was to make a whitelist, but I settled instead on adding "href" and "img" to my filters (as in <a href="example.com"> or <img src="example.com/23489742.gif">). I cannot think of a legitimate reason why someone would send me an email with either of those words, and spam/phishing are pointless without them.
Spread the word: Add "href" and "img" to your spam filters.
Multiple mail addresses, user picks. Examples: junk.joe@example.com, private.joe@example.com, knock.joe@example.com, tru-pr1v8.joe@example.com, slashdot.joe@example.com, alt.ufo.joe@example.com, blacklist.this.joe@example.com, etc.joe@example.com ...
User managed white-list and black-list. Black list can be set by user to either bounce or black-hole. Anything not on either list goes to a junkmail box.
Anything the user forwards to the blacklist.this.user@ address gets examined, and the sender automatically added to the black-list, to make it easier to manage the blacklist.
Multiple junkmail boxes possible if the user wants. shaded-lists and associated junkmail box for junk filters, also.
Knocking address, publicly given away. Also, a publicly known bulk mail target address. (Advertisers! USE THIS ADDRESS OR GET AUTO-BLACKLISTED! I won't even see it first if you don't.) Knocking provides the contact point for people you don't know, the junk-mail address provides a valid place for real advertisers to target you if you wish them to.
Dedicated mail-list addresses which are set to accept mail only from the list server and can be set by the user to auto-blacklist anything else. To help with contacting people on the mailing list, the mail list server provides list-only mail addresses for registered users and the server to handle the list-member private mail.
Other variations can be thought of. ISPs who aren't providing these things are the primary source of the problem.
Regardless, it'd be nice to have the option of whitelisted e-mail for personal accounts. People want to contact you randomly? Use the non-whitelisted e-mail. Otherwise give your whitelisted e-mail to friends and family and business associates, etcetera. Does it eliminate having to sift through spam? No, but it does at least offer a safe haven from it. If nothing else, at least you can be sure that your main address isn't going to get infected with pages upon pages of advertisements.
Is there even a provider for whitelisted e-mail?
I'm sorry to say this, but the Phishing problem would only a problem for idiots if companies stopped using email as an official means of communication.
What we really need is a method other then a simple password to authenticate. We need real a real bidirectional authentication method that's easy to use.
Here's one idea: Give the user something like a USB thumbdrive, you could even make it Bluetooth, it doesn't matter because a user would need to type in a password, and all sessions with it would be encrypted. This device stores all your 'official' passwords, and encrypts them with the other parties public key. so if you go to a fake website, you'd type in your basic password, the encrypted along with a salt sent by the sever.
Unless the receiving end has your organizations' private key, they'll never get any useful information.
(you wouldn't actually need a separate device, a computer program could do this, but the device method gets around the problem of Spyware or hackers getting the data. The system could be totally user-controlled, since it only serves to protect the user and no one else, there is no reason to prevent them from modifying its contents manualy. No DRM needed)
autopr0n is like, down and stuff.
I've actually gotten real letters that seemed more like phishing then anything legitimate, particularly dealing with student loans. Shady stuff like sending me something that looks like an invoice with the words "contact us immediately".
I also got an invoice looking letter from domain name type thing, something they've obviously sent out to tons of registration addresses. I could tell it was a small-time operation because they used a 'real' lick-on stamp.
(Ironically, I never use real, lick-on stamps anymore, not because I mail so much, but because I mail so rarely if I ever do it I make a trip to the post office)
autopr0n is like, down and stuff.
It's called TMDA
"Tempers are wearing thin. Let's just hope some robot doesn't kill everybody." --Bender
Since when has origin been a significant means for authentication? Whitelists are only useful when we have authentic sender information. Then, even if we have authentic sending information, what about hijacking address lists then spamming the people who recieve mail from you. Can't say this chain-mail approach has never been done before. Nope. Not once.
I say this, if we want to get rid of spam and phishing, we should find the people who are doing it and hire Bruno from "the local mafia" shop to make him an offer he can't refuse. Surely the iron fist approach will work were all else has failed. =)
As phishing scams get more elaborate, even saavy users such as myself have to go through complicated steps just to verify the identity of a website. i.e. whois, verification of SSL certificates, etc. No average user should have to become a detective in order to verify that www.chase.com belongs to the same Chase bank that issues his credit card. Especially when it's an URL such as chasenetaccesss.com or chaseonlinebanking.com, etc.
The point is to make faking or forging the identity of ownership much more difficult than the current state of affairs, which is deciding whether or not to believe that www.ebaysecurityreinstatement.com is a valid eBay website or not.
Whitelisting is not the final solution to the phishing problem.
Why? Simply because it does not offer authentication, that is, verifying the identity of the sender.
As an example, let's look at Instant Messaging. As Meng Wong write in his blog, many people subscribe to default-deny for IM. And yes, I agree, unsolicited messages are low on IM networks compared with e-mail.
However, who has not pulled the prank of sending a message with someone elses IM when they left their computer unsupervised? OR had that prank pulled on you?
Having someone abusing a whitelisted account can be very dangerous as it catches most people off-guard. It's like speaking to someone on the phone who is very good at imitating the voice of someone famous or someone you know.
Lack of authentication is the major key factor to phishing. To eliminate phising we need to have technology that can do authentication extremly fast, cheap and work in big-scale networks.
Totally read that as "Men's wangs' perspectives on anti-gasm"...
I don't know what an antigasm is, but I'm not sure I want to find out...
We're not moving toward whitelist-only default-deny for e-mail. A few people have tried that, but it just isn't realistic. What we're moving toward is using a broader variety of criteria to determine whether a particular e-mail should be blocked, and taking legal action against spammers.
Meng mentioned the Spamhaus SBL. I use the SBL-XBL and other blacklists to block 2500-3000 spams per week, just on my personal server at home. I have removed some other blacklists due to false positives, but the only complaint of a false-positive I've had so far with my current setup has been from someone who just switched to a new IP which apparently had been used by a spammer previously. I directed her to a removal request, and the IP was delisted in less than 24 hours.
On top of the various blacklists I am now running MIMEDefang with a bunch of custom perl functions I've writtem, SpamAssassin, and ClamAV (which detects some phishing scams, in addition to viruses). Quite a bit of spam still gets through, but I just need to add more rules to SpamAssassin.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
SPF is a failure. Unlike the submitter, its proponents don't even pretend that it's an anti-spam method (there are more spam messages with SPF than ham), focussing instead on its authentication promise. Now it seems even Meng has abandoned that as being worth anything if the FUSSP is whitelist-only. Imagine that - saving email by destroying it!
Email has been a phenomenal success because it costs close to zero to contact people with whom you otherwise would never easily be able to communicate. UBE is a problem precisely because it costs close to zero to contact people with whom you otherwise would never easily be able to communicate. Any FUSSP that destroys either of those two qualities, cost and ubiquity, is a cure that's worse than the disease.
My next sig will be ready soon, but subscribers can beat the rush
Make a law with real teeth against unsolicited advertising. Simple as that. (Should have been on the books since 1994 already, though!) We probably still don't need something like "public executions of prolific spammers during the superbowl break" (yet) - just one day behind bars per UBE message sent should do to end eMail abuse.
(And don't get me started on an alleged "First Amendment right for making noise at everyone else's expense" - there's no such thing as a constitutional entitlement to writing your ads on bricks and smash them through other people's windows...)
I thought it said Men's Wang Perspectives... zoloto jr. might have a perspective, but it's limited to what the Mrs. has to offer and a good shower.
Anybody with a modicum of intelligence can sort out their own spam issues. Who is Mong Weng and why should we care about his prespectives??
If you want to use a white list, go for it - if you want to use a black list, go for it. Do you need articles like this to tell you how to run your e-mail systems?
You managed to get, and completely miss the point at the same time:
:)
At least Google has teams of people working 24/7 keeping their machines whitelisted.
As *any* responsible ISP should have. These peeps answer abuse mails, shut down offending accounts and generally are there to support both GMails customers and its peers.
Consider on the other hand Verizon, they ignored over 400 abuse mails from me, there wasn't any way to contact anyone at Verizon, and at one point I received over 100 spams/ssh attacks an hour from a network that would net me about 1 legitimate message per month: into the firewall you go.
And no, schemes like SPF do not help this problem, since if they're blocking IP ranges outright at their firewall, nothing can break through that except mail proxying (which I've been considering).
Then I have succeeded: you are considering moving to another ISP (if only for relaying your mail). I want to bankrupt ISP's who do not staff abuse, who do not kick the hackers and spammers of their network. So everytime I see a mail like yours whining about them meany sysadmins blackholing you, I have to smile: my approach is working, I'm upsetting the customers of the ISP's who upset me.
Note: My full name, adress and phone number are in the domain registry, if you need to contact me to whitelist your IP address, I'm only a phone call away. The problems blacklisting causes for my users is about zero. The spam and hack attempts stopped number in the thousands daily (about 1.2% of the total number of IP adresses is blocked at my servers). Blacklisting *works*. The whining from users with shady ISP's is bonus.
As my firewall says: "Have fun on you intranet!!"
Sorry bob, didn't get that e-Mail, I'll see you on monday!
Life is great! (as told by Lady Susan)
This is the idiot who claimed "spam as a technical
problem is solved by SPF". Why is anyone listening
to this incompetent buffoon any more?
http://it.slashdot.org/article.pl?sid=06/02/13/214 3251
On the heels of Valentine's Day, for some reason, I read the title as "Men's Wrong Perspectives on Antispam".
One more thing that we, as men, are wrong about?
And, where are _my_ heart-shaped chocolates?
Igi
Most nigerian spam I receive doesn't come as HTML, and so will avoid such filters. OTOH, even someone only the very slightest bit suspicious will spot those messages for what they are. Let's face it, if someone offers you lots of money out of the blue for doing something borderline criminal, you've got to figure it for a con or you're too stupid to have money in the first place...
"Little does he know, but there is no 'I' in 'Idiot'!"
How, exactly, is a "whitelist-only, default deny" policy going to stop email claiming to be from EBay? Oh, that's right--it won't. Not if you use EBay, that is. In other words, his suggestion helps phishers, if anything, by ensuring that the people receiving the emails are only those that really use EBay, or PayPal, or Citibank.
When will Meng,
- Universal Master of Obvious Flawed Ideas
(TM), ever cease to amaze us all?Got SPOOM?
With the ubiquity of IM services and wide adoption of standards coming in the near term, I can see IM taking over casual communications entirely, leaving email for use in more 'official' communications. This would parallel the decline in snail mail as a casual correspondence vehicle with the advent of telephone.
So there's really no need to stop the evolution of email or attempt to 'fix' it somehow so that it can remain a casual means of communicating.
What people need are ISP supported services for chat, file repositories, etc. that can streamline an email free process of sharing information between social peers. Businesses already can do this with network shares... I'm hoping most companies encourage the use of such for sharing larger files already, instead of attaching 5MB pdfs or ppt files, you just send a link to the shared resource on the network. Similarly home users could upload files to a protected internet share and provide a secure link for the other person to download the file via their IM client. There are services out there that do this sort of thing already (ad supported mostly).
IM needs to evolve more closely to email and take over some of it's functionality... ie: keep a running list of conversations that can be searched and orgainized. however it should not go so far as to open itself up to the known security issues with email (ie: the sending of html, the attaching of files, etc.) and relegate itself to text/voice/video only transmissions with a very discrete set of protocols and hooks that can be avidly protected.
This won't stop phishing attempts but it would segregate them into more obvious ploys. IMs from commercial entities would be deemed unorthodox and suspicious activity for most people since the more official email method would be the preferred form for businesses to send out info to consumers (which would of course have the new 'registered' verification methods in place to improve credibility of the email sender).
To clarify a way for home users to 'attach' pictures or other files to casually share, I see the IM client having a setting to configure a sharepoint url... this would abstract and make transparent the lack of real file attachments, it would show a preview or icon of the file being sent while in reality the file would be set to transfer to the sharepoint url and the same preview or icon would show up in the recipients client, while the file itself resided on the server similar to how and html email will often have images downloaded from a host server rather than embedded in the email itself.
A sharepoint could also benefit from bittorrent type protocols for widely shared files between friends (something i believe is already being implemented in a Firefox plugin soon to be released).
There are many benefits to a system such as this... too many to list out.
I hope I start a trend.
A fool throws a stone into a well and a thousand sages can not remove it.
Why not make it easy for mail users to create aliases in the system? For example, if they receive something to their normal account from their bank, they KNOW this is a phishing attack, because the bank would not have the normal address on record.
Before greylisting things, I used to have some phishing attacks slip through my spam filters. 'Ebay' would send to my gspath account. Too bad that is not who I am on Ebay.
I talked with meng wong at ISPcon few weeks before he publicly came out with SPF. I was proposing a system I call Choicelist (PDF)which is basically a centrally controlled, default deny, public whitelist management system.
At that same time I proposed a way to stop phishers to a man from the FTC,Brian Huseman.
This is how it goes:
1. When a buissiness gets a buisiness licence they also recieve a cryptographicaly signed certificate to be used in online commerce.
That's it!
Certificate authoritys like verisign and thawte are crap. That role should be filled by a government agency for the public good.
-John Fenley
FTA: "Just as the free market has voluntarily chosen a monopoly regime for desktop operating systems, maybe the free market will eventually choose a monopoly regime for messaging systems."
Yes, that is the danger of a little FUD combined with a lot of unchecked ignorance, isn't it Meng. Of course, the free market is slowly correcting itself, and more and more people are rejecting the monopoly regime in the O.S. arena and moving to Linux. Many of those who don't choose to still don't know they have a choice. Why don't we use default deny for PSTN (landline) system or cellphone system? Take away the abusrd security vulnerabilities injected by the monopoly regime and you have an exact analog. Don't give information to people you don't know over the phone, via E-Mail, or any other way.
Meng Wong doesn't get it at all. Every problem he outlines is the result of under-education or FUD based miseducation of the user, from what to do when a stranger asks for your social security number regardless of medium, to what OS to use - ( i.e. "You mean there is something besides Windows? A choice? - so the information cannot be extracted through security holes.
If landline companies had security/systems that allowed people to tap into and monitor their private conversations without consent, the solution would be fix the broken technology, or use a provider that is secure, not default deny
Meng Wong does not propose a viable solution. He is instead part and parcel to the problem.
FUD should not just be unacceptable, it should be punishable in the justice system.
Users could become more savy as the percentage of the population schooled in the subject of computer issues from a young age increases, but as it stands now schools are still pumping out more people who don't know they don't know. The Meng Wongs of the world are merely exacerbating the problem.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Meng Wong definately has a point analyzing the current problems with the email system. But I don't think all those changes he sees coming up will affect the SMTP mail system. Default deny and whitelists would break the free-spirit character of the mail network, banning people from communication who are already limited in their freedom of speech. This was also the main point brought up against most of the anti-spam proposals we have seen over the last year or two.
What I think will come is some kind of "trusted mail" protocol, with its own servers and clients apps. Everyone participating will have to register and prove his identity, and there will be measures to prevent people (at least mostly) from forging identities. Just making sure the thief is caught should be enough to scare them off. But this system has to be so strict it won't hit home in a rush. I expect it to be an alternative messaging system for geeks at first, then drifting slowly towards a business-only communications system, until finally it will become an accepted alternative to classical smtp mail.
Once companies see that there is a reliable system that can also be used to reach customers without putting them at risk for phishing attacks, they will happily jump on that train. Of course, there has to be a global registry, but if it works out for domain names and ip addresses, then the community can surely establish something similar for identity verification.
And maybe we also get some bonus addons, like standardized attachment wrapping, unicode character sets in the headers, more detailed header entries and having to implement just one identification protocol between clients and servers.
Even if banks entirely stop sending email, it won't stop phishing - as long as the gullible recipient believes the email, and can give the phisher some information he can use to get money, phishing will work. If the bank provides web access to their account, or the credit card number can be used by itself, and a login/account/password or other static information is enough to access it, the phisher can win. Smartcards, one-time passwords, etc. cut down on the risk, by limiting the phisher's ability to make money to active attacks rather than collecting info and selling it or using it later, but it's hard to say if that's enough. Banks can improve safety by careful use of REFERER variables and captchas and such, but unless they're willing to stop giving accounts to gullible customers, they probably need to do something like client-side certificates.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Nobody is marketing 747s to the entire population.
I can go down to Walmart and buy a consumer computer for a few hundred dollars. That box is designed and marketed specifically to allow large numbers of naive consumers to access the internet. If that target-market naive consumer buys the box, follows instructions exactly, and reads all the accompanying literature --in other words, if from the naive consumer viewpoint s/he does everything exactly right-- there is NOTHING that mitigates this risk.
That is bad design, or bad education, and it is NOT the fault of the masses of people who behave exactly as the marketing folks expect them to behave.
In practice, yes, people are more likely to read mail from people they know, and social-network things are good ways to do filtering, but that doesn't mean we need full default-deny. Even a yes/maybe/spam prioritization system helps - read the mail that's got some reason to believe it's authentic first, and the maybe-box later.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I would agree with Eric that spam is an economic problem. The spammer, like any freeloader, criminal or otherwise, has found ways to *shift* his costs onto others, and is essentially getting something for nothing.
Spam is incredibly cheap to send. Fighting it is expensive, and supporting the huge explosions in infrastructure is also expensive, but the spammer doesn't see the costs. Honest users pay, adding some small percent to their Internet bill to pay for spam filters, extra sysadmins, more storage for the Junk folders, etc.
Now, I disagree that charging everyone for email is the answer. There are other ways to force the spammer to pay his own way. For one thing, if we had all the technology we need to correctly bill people for the email they send, we would already have the accountability tools in hand -- and we could easily block mails that don't track back to a real sender from the system. We wouldn't actually need micropayments; if we just had the technology to track every email back to a real person, we'd already be done.
One way to tip the economic scales back to being even would be to rate-limit accounts -- for example, deny access to email after 1000 messages have been sent in one day. That's more than enough for most users but low enough to cause spammers some grief. However, the zombie armies keep growing too, thanks to viruses, and soon spammers will be able to find 10,000 machines to send 100 emails each. *sigh*.
Default deny doesn't have to be used exclusively to work.
One address can be "whitelist only", while another can be "accept all".
If "mybank@mydomain" can whitelist only my bank while "firstname@mydomain" can be open to anything. Mail "from" my bank sent to my "public" address obviously is not from my bank.
For clueless users (most users) there need to be automated systems for doing this so they can avoid thinking. These would blacklist the bank on all addresses except the one that has only the bank whitelisted, and would apply additional tests to determine that mail claimed to come from the bank actually originated from the bank's servers (e.g. VarA http://wiki.outboundindex.net/VarA)
OK, I know it sounds weird for someone to request his own comment to be modded down, but really, that doesn't deserve a 5, Informative. It's pretty much the comment that everybody does, it's just that I made it early enough after the publishing of the article to get noticed.
You just got troll'd!
The model for the solution already exists: the postal service! Seriously, you can approach the problem from two directions. Either set up a system whereby everybody pays a per e-mail charge, or create a charge-back model where mailers who aren't on your whitelist have to pay you to get their e-mail through your filter. If there were a charge of , say, 1/10th of one cent per e-mail most users wouldn't even notice the charge. Most legitimate business would have no problem paying the cost. However, maniacal spammers and Nigerian hoaxers would find it a very expensive proposition. The revenues from such charges could be used to fund maintenance and improvements to the network, or to pay for more security.
Rate limiting doesn't solve the problem. Sure, AOL and MSN, and even many smaller ISPs could do that. And many already do. But because it isn't done everywhere, it's not effective. The spammers simply buy service from a provider that doesn't rate-limit SMTP. The problem with the rate limiting approach is that it tries to add the cost at the wrong end of the pipe. Spammers can circumvent attempts to charge at their end, but if the intended recipients charge to receive email, the spammer can't circumvent that.
Perhaps not everyone would charge to receive email, but the proposed system doesn't require that. It would solve the problem for those people that do charge, which would likely wind up being nearly everyone.
Whereas trying to charge or rate limit at the sending end doesn't benefit anyone until all ISPs do it. It only takes a few ISPs that don't charge or rate limit to keep that method from working.