Slashdot Mirror
Yahoo Revives Pay-Per-Email, With Charitable Twist
holy_calamity writes "Yahoo research have started a private beta of a scheme that resurrects the idea of charging people to send email to cut spam. Centmail users pay $0.01 for each message they send, with the money going to a charity of their choice. The hope is that the feel good effect of donating to charity will reduce the perceived cost of paying for mail and encourage mass adoption, making it possible for mail filters to build in recognition of Centmail stamps."
Do Good. Fight Spam.
So it sounds like an 'opt-in' program for doing otherwise would be suicide by a mail provider. And since it's opt-in, I highly doubt the spammers will be doing the opting. So unless your penny is going to an anti-spam organization, how are you fighting Spam?
Also, I'm not too clear on how this would work. Wouldn't it require a certificate-like central authentication server? And wouldn't this increase in traffic just exacerbate the situation of too much traffic? Especially if all Spam starts to come with fake 'stamps.'
My work here is dung.
Now here's something both the spammers and the ISP's will love. I presume somewhere in their long-term plan is a means of getting rid of all those pesky renegades who run their own email server and don't opt into this scam
How will this discourage spam if the spammers are just using pwned accounts?
This will surely make for some highly-entertaining tax return forms in the near future.
Their may be a grammatical error, misspeling, or evn a typo in this post.
I'm glad that goodwill and fuzzy feelings are able to cut transaction costs; because they'll be the real killer at $0.01 a pop.
I assume, because of this problem, that they'll either be billing you when your tab reaches some worthwhile value, and trusting you in the meantime, or forcing you to buy in large blocks ahead of time(which would be super annoying, goodwill or no).
Honestly, this is one of the stupidest things I have heard of. For one, if this is adopted it will lead to discrimination of services (as in, you are using Gmail and not our ISP's pay-mail, so your message automatically gets flagged). For another, I've found that Gmail and other webmail services are pretty good of not giving false positives, in the few years I've been using Gmail, I've gotten 3 spam messages total, none of which was a false positive and no spam e-mails in my inbox. But honestly, this is simply charging for what should be a free service to help solve a problem that doesn't exist if you use Gmail (can't say for any other mail provider because Gmail has been so good I really haven't used any other mail provider).
Taxation is legalized theft, no more, no less.
Once this service is up and running, they'll get a botnet which will take over people's machine and start sending spam. If it manages to send 10000000 emails from your machine, who pays the bill?
Your post advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante (x) charitable
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( X ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Cruise TT
$0.01 / email is WAY too much, even with spam filter on. A price range of $0.01 / 100 emails is more realistic and cost friendly.
If widely adopted, there is built in inflation and no incentive to keep costs low. We assume that spam is uneconomical at $.01 per email. If that is proven false and the threshhold is actually even slightly higher, does that mean we all pay more to send approved email? If you refuse to pay, is your corporate email likely to be marked spam?
With this scheme, all we do is put ourselves in a direct cost offset race with unscrupulous organizations, pitting our own "safe email" assurances against those already proven willing to go to unethical and illegal lengths to profit from the very people paying for the "safe email" certificate in the first place...
Am I missing something, or does the entire system just seem destined to leapfrog in price and crumble down in a pathetic heap? Then again, it's really not about the spam, it's about profiting from one of the last free forms of communication.
I was just wondering if you forged your From: to someone who uses this would they be charged for it, or is that technically not a problem? Other than that, I agree with previous posters' worries about pwned accounts getting griefed and racking up a substantial bill.
One convenient locations...in Africa.
So when will Microhoo start upping the charges for Redmond to take their pound of flesh?
Todd: I hope it proves as delicious as the farmers that grew them
If I could use any email client, I would participate in this.
I mean, why not? I give money to charity anyway. What difference does it make to me if I go through "Centmail" or any other intermediary, as long as "Centmail" doesn't charge a fee?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Meh, the day Yahoo! charges for an e-mail is the day I switch e-mail providers. It's not like they are the only free e-mail provider out there, gnome sayin'?
depends on your distro and what you need drivers for. your most common stuff can probably be added as a kernel module, or is available from your distro's package manager (if you are brand new to linux and your distro DOESN'T have a package manager, then switch distros. Seriously, they are good for beginners and experts alike)
Either the authentication traffic kills us, or the spammers clone any sort of component embedded in email to lend credibility. If you can fake an email as spam, you can fake a stamp.
If Centmail stamps are auto-verified, then either an API must authenticate the key and authorize the action - which is a lot of traffic - at a single server/authority, or we disperse it. With dispersal, possibly for abuse goes up, and then we have new keys arriving which means more traffic. We of course can't use keys per mail, but perhaps per-sender. This is still a huge number of keys to be managed.
Filters work as a form of decentralized authentication, where the proper "key" is passing the filter, which is slowly morphing from user feedback. This seems to me to degrade over time, as the filters cannot change quick enough, still weighing-in prior exclusions while accepting new ones. There's a fair amount of noise to ignore while people mark email they don't like as SPAM and similarities are extracted.
Blacklists and Whitelists are just filters with a central authority, but open to more abuse and too coarse-grained to remove much, as spammers hop or spoof origins quickly.
Overall, I don't feel like bolt-on public systems can categorize the messages other than how we're doing it today. If we had a re-do on email, it might involve some encryption for senders, certificate stamps, and a trust level of pathways and a distributed authorization system with feedback to violators. But we're a long ways off from that.
This has all been discussed for years.
I'll set myself up as a charity, and have the system pull money out of my account, and put into the my other - er, the charity's - account. Now all my spam is blessed.
Ibid.
So, if we all decide to boycot a particular gas company for a month, the price of gas will go down! BRILLIANT! Oi. Why would people pay for something that they use for free. If Yahoo is worried about spam protection, then they should just use Google's spam filter, like they use MS's search engine. Problem solved.
One never knows when one might need a rotten tomato... - King's Quest IV: Heir Today, Gone Tomorrow
Email is already used to deliver messages that have lower immediacy expectations than IM or Cellular. Authentication may slow down delivery even further, but this usage pattern is putting email behind-the-times on the technology ladder.
Right now it's still good for mixed-media and longer messages, but mostly its a holdover from an earlier era. Eventually, users will simply a document and then share it with a target audience, not actually clone content to inboxes.
I don't mind the death of email. "Offline" reading is redundant given content capture techniques, and the messages are vastly wasteful in their design (copied threads).
If this system were to go in place, Yahoo would be vilified and the program would be closed within weeks. Then a few months later, it would be resurrected as a new tax by the US government in a "cap and spam" bill.
Gamingmuseum.com: Give your 3D accelerator a rest.
Spammer/Hacker has already written program to spoof centmail stamps.
Still in my pyro...still in the mines! {POF}LrdDragoon
This message is to raise money for a litte girl with cancer.
Every time someone forwards this email it's tracked, and AOL, Microsoft, Yahoo, and Disney will donate $0.01.
The more people you forward to, the more money we can raise! So please...look into your heart and just take a few seconds to forward this message to everyone in your address book.
If you choose to be a meany, and not forward this email, you will die in 5 years, and so will everyone in your family.
Shameless plug alert: Game server control panel
I've installed a keylogger onto your computer to capture your login credentials for the Yahoo Centmail site -- I have now solicited over half of Nigeria and most of Scotland for monies on behalf of your cousins uncles nephews best friends room mate from college who is lying sick in a hospital bed in Sweden and needs a foreign bank account to deposit large amounts of monies into before he passes away
Signed -- Centmail Approved Message
"i lost my dignity on a slippery wiener"
Wow, that's really amazing. Neither the article nor the actual CentMail website has a single shred of technical information on how this will actually be implemented. I'm sure it has something to do with the evil bit.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
That schema would work only if Yahoo could be accounted for the most part of the SPAM.
And if Yahoo is not guilty for all the SPAM, then that move would work only if all free email services would follow.
And then you would need to force all ISPs to block TCP port 25.
And only then, maybe, you would be starting limiting the amount of spam!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Nah. There are several strategies unused. I'd like to start by not getting any foreign email. (I did accept some French spam on humor's sake, but any other language, forget it.)
Spellcheck. 80% of spam has beautifully awful spelling.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Centmail users pay $0.01 for each message they send...
In an unrelated story, the number of Gmail users has recently sky-rocketed.
Seriously, I hate spam too, but no way jose!
I knew MSFT would manage to infect Yahoo with their plutocrat ideas ...
-- Tigger warning: This post may contain tiggers! --
I'll have my email fees donated to BigSpamCompany, my employer.
Nice in theory but this is too easy to get around.
The only charity with zero administrative load!
you pay one cent for the privilege of Y! adding a their cryptographic signature to your message. filters everywhere learn that the aforementioned mail is less likely to be spam.
sounds like a worthy experiment to me.
-- I was raised on the command line, bitch
After all this time of me saying this from previous posts, I always said that pay per email no matter how small the cost, would atleast
let most people know their infected machines are spewing out mail...and that enabling SMTP by default is not a good thing.
So for those not able to understand what this means, it means look forward to your ISP sending you a bill next time you have a virus and are too cheap to take care of the problem.
You spend on the emails or on the maintenance of your machine...and 5million emails per month .01 cent each is still a sh*t load of money...hopefully the ISP companies will figure out early on that this should fall under the category of extra bandwidth and have a maximum per month you can charge no matter what happens
that
(my cap is 30$ a month unlimited ).
Spellcheck. 80% of spam has beautifully awful spelling.
Which leaves about 95% of legitimate email with beautifully awful spelling
Miller Lite tastes like water that's somehow managed to rot.
On a more basic note, what's to stop new malware from installing itself into a user's computer and sending emails on behalf of users with their accounts - on someone else's credit card?
I want societal expectations and systems to support the following.
I'll be glad to read a message from a stranger for a price. After my escrow agent informs me my message reading fee has been placed in escrow, I'll gladly look at the message. If I don't like the message, I'll cash your check. No problem! If I like the message, depending on how much I like it, I'll leave the money in escrow or refund it; and if I reply, I may send you an unguessable email address for future free correspondence.
Friends and relatives would have each have an unguessable email addresses for me (and presumably each other).
This would enable folks without a personal assistant to be reachable yet not open themselves up to the spamming scum of the earth.
This would be useful for social networking sites that focus on professional relationships, like LinkedIn.
It's essential that the terms be set by the recipient.
Instead of sending the 1c to a charity, why not send it to the receiver? I receive some x number of mail's per day and send y , but the number is small and the x-y is even smaller. However for the spammer x is probably similar, where y is 8+ orders of magnitude higher resulting in a financial disincentive to spam. Commercial email is incentivized to reduce its mailing lists and target more accurately, yet is not significantly punished for its high output to input ratio.
Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
YHBT
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
yahoo will just use a clever computer program to skim all the fractions of cents off the top of every transaction.
The idea sounds very good... in theory. I would like to understand in more detail how this payment method will work. First, people should pay that fee in their local currency, whatever that might be. Euro, USD, CAN $, Yen, Swiss FR, etc, will not work - most people in this world don't have easy access to them. Also, the charities in question should either be local (so that they are appealing to people in, say, Mongolia, or New Zeeland, etc), either truly worldwide (Unicef). The second problem - how will the internet users pay in Surinam, for example ? Should they go to the bank, exchange their local money in some convertible currency, and then deposit that in some kind of micro-payments account ? What will happen to internet cafés all over the world (in some countries they are still the only way to have access to the net)? In case of a payment conflict, who will arbitrate ? Of course, it cannot work in any other way than pre-pay (otherwise you can install a virus on someone's computer and let that person fight the charges). So then what happens when you need to send an important email in the middle of the night and you have no money left in your account ? Remember that many people do not have a credit card to load their account with ! Will all the ISPs in this world agree to police their subscribers and provide accounting tools and supervision for ? I have many, many questions. I'd like to see this implemented, but...
My own corporate email server could cut 95% of my spam by just checking if arriving mail "from me" was actually sent out by it only moments before.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
$5.00 is a *very* cheap advertising investment to hit 500 potential customers. This won't keep spammers away, not by a long shot.
-Troll, Flamebait, and Offtopic are NOT equivalent to disagreement.
I can't believe you fell for this.
Why is it so hard to only have politicians for a few years, then have them go away?
I say you have to give the receipiant a penny. I'd gladly get spammed then.
This has been tried. Remember Bonded Spammer? That was a flop. Then they were sold, reduced their standards (senders no longer have to post a bond) and are now called ReturnPath.. For $82,500/year you can send 100 million spams. They pay off ISPs to whitelist their senders. There's a way to query DNS to determine if an address is a "Bonded Spammer". It's an indication that the message should be sent to the "bulk" folder.
Nobody uses this much any more. The last Bonded Spammer e-mail I received was in 2007.
Any system like that will fail not because it costs money, but because it's too hard to implement globally. And, as someone else pointed out, spammers *can* afford to pay for it. But ease of use is the biggest hurdle --- otherwise everyone would be digitally signing and encrypting their mail.
I proposed something like this years ago as a method of resolving the SPAM problem, and while there are many naysayers and as many real technical and political challenges to the process, the only way to ensure that nobody sends out spamvertisements to millions of recipients is to raise the cost of emailing from nothing to something. Even if it's a tiny fraction of a penny, the ROI drops significantly and spammers move on to greener pastures.
The CB App. What's your 20?
Seriously, I have a new plan to can spam. If you want me to see your email, you send me $0.01 cents along with the email. If you don't pay your email winds up in the great bit bucket in the sky.
We can set up a settlement system to keep track of how much we each owe versus how much we are owed. Most of us will wind up making a few cents per week from the emails from our banks and the few spammers that are willing to pay. A few of us (like one of my friends) who forwards everything to everybody will wind up paying a few cents, or even a few dollars, per month for the privilege of sending email. The charge is small enough that real businesses, those that spam my snail mail, will happily pay it. But, your average Nigerian prince with erectile dysfunction will not.
Hey we could even make it a bidding system. Let me set a price for accepting your email. If I want your email I set the price to $0. If I hate you I'll set the price much higher. Your email software would fetch the acceptance price and decide if I am worth sending a message to.
Stonewolf
As an insurance agent, I assure you (I promise you) that there is no way in hell we would insure you (provide indemnification coverage against a specified loss) against getting spam. The only way to ensure (make sure) you don't get spam is to turn your computer off.
If your dictionary tells you that "assure", "ensure" and "insure" are synonymous and, moreover, interchangeable, please send it directly to the nearest paper recycling mill and buy yourself a set that doesn't retard your language skills.
Cue the "languages evolve" crowd. Languages may evolve, but evolution through ignorance and stupidity is hardly evolution at all; the words exist with their entirely different meanings for a reason: to convey an idea to another party. If that idea ends up being open to interpretation due to the use of ambiguous words, odds are you have failed to convey your idea entirely.
Have I? Well damn >:)
So, spammer creates or acquires charity. They can actually be doing charitable things, for appearance sake, but their prime reason for existence is to launder money for the spammer.
Spammer opts into centmail, choosing their own charity, and continues to blast out spam, bypassing the centmail-enabled spam filters.
Profit!
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Isn't the point of using email that it's fast and DOESN'T require postage?
your post advocates a
(X) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. your idea will not work. here is why it won't work. (one or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) spammers can easily use it to harvest email addresses
( ) mailing lists and other legitimate email uses would be affected
(X) no one will be able to find the guy or collect the money
(X) it is defenseless against brute force attacks
(X) it will stop spam for two weeks and then we'll be stuck with it
(X) users of email will not put up with it
( ) microsoft will not put up with it
( ) the police will not put up with it
( ) requires too much cooperation from spammers
( ) requires immediate total cooperation from everybody at once
(X) many email users cannot afford to lose business or alienate potential employers
( ) spammers don't care about invalid addresses in their lists
( ) anyone could anonymously destroy anyone else's career or business
specifically, your plan fails to account for
( ) laws expressly prohibiting it
(X) lack of centrally controlling authority for email
( ) open relays in foreign countries
( ) ease of searching tiny alphanumeric address space of all email addresses
(X) asshats
( ) jurisdictional problems
(X) unpopularity of weird new taxes
( ) public reluctance to accept weird new forms of money
( ) huge existing software investment in smtp
( ) susceptibility of protocols other than smtp to attack
( ) willingness of users to install os patches received by email
( ) armies of worm riddled broadband-connected windows boxes
( ) eternal arms race involved in all filtering approaches
(X) extreme profitability of spam
(X) joe jobs and/or identity theft
( ) technically illiterate politicians
( ) extreme stupidity on the part of people who do business with spammers
(X) dishonesty on the part of spammers themselves
( ) bandwidth costs that are unaffected by client filtering
( ) outlook
and the following philosophical objections may also apply:
(X) ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) any scheme based on opt-out is unacceptable
( ) smtp headers should not be the subject of legislation
(X) blacklists suck
(X) whitelists suck
( ) we should be able to talk about viagra without being censored
( ) countermeasures should not involve wire fraud or credit card fraud
( ) countermeasures should not involve sabotage of public networks
( ) countermeasures must work if phased in gradually
(X) sending email should be free
(X) why should we have to trust you and your servers?
( ) incompatiblity with open source or open source licenses
(X) feel-good measures do nothing to solve the problem
( ) temporary/one-time email addresses are cumbersome
( ) i don't want the government reading my email
(X) killing them that way is not slow and painful enough
furthermore, this is what i think about you:
(X) sorry dude, but i don't think it would work.
(X) this is a stupid idea, and you're a stupid person for suggesting it.
( ) nice try, assh0le! i'm going to find out where you live and burn your house down!
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
It would work if only centmail users can email centmail users. That would isolate a huge bunch of people though, so that would not work. But if it was government sponsored... Everyone has their one individual email address that they are linked directly to. That could work.
Spammers send email by taking control of innocent victim's email accounts and using them to launch spam. I should know, my email has been hijacked (hotmail)...but there's nothing I can do about it. I can't imagine if they tried charging ME for spam email sent from my account because they allowed someone to hack into my account.
That might work for you, but many people receive legit emails in more than one language.
"You can't allow somebody to commit the crime before you detain them." [Condoleezza Rice]
This is the most stupid idea that I heard today
Won't that just mean that the cost of buying a spam campaign increase by $0.01 a message? The only way to stop spammer is to stop businesses paying them for it. There is of course the problem of spamming viruses.. this approach might make people more dilligent about keeping patched though?
I just can't be bothered.
then you don't understand email or spam.
The Kruger Dunning explains most post on
Imagine for a moment that this becomes a regular part of your ISP charges. You pay 1 cent per email you sent last month. Might seem reasonable.
Then one day your computer is hit by some kind of malware (virus, trojan, worm, whatever) and starts sending one spam email per second, fully authenticated and with a centmail stamp on it.
It does this on the first day of the fiscal month. 1 mail per second isn't all that much extra traffic, so you probably won't notice. Computer on 4 hours a day, every day, you end up sending 432,000 emails costing $4,320.
Now imagine it hits a company instead. Small office, 10 computer. Now we're talking 8 hours a day x 10 computers, totalling $86,400.
Yeah - I can't wait.
It's a little tricky to see what you're getting at, but I think you want SPF.(more)
An SPF record is a DNS record that is roughly opposite to an MX record. MX says were to send mail for a domain; SPF says where mail is allowed to come from for a domain.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Now we will not only get a whole lot of spam, but the spammers can feel virtuous because they are donating so much money to charity.
And the charities will all be hiring black hats to try and pwn as many machines as possible: you will just keep getting these mysterious bills each month for huge donations to charity.
I am anarch of all I survey.
No, no, no, no, no... No.
The proper solution is not for ISPs to block access between their clients and their client's mail servers. If I want to send a message from my computer at home through my companies mail server, I should be able to. If I don't want my ISP reading my email, I should be allowed to use ESMTP with auth and TLS. Your solution ignores this. It also complicates laptop setups something fierce. You're solving the problem in the wrong place by giving too much responsibility and authority to the wrong people.
The problem(1) is that SMTP is used as both a sending and a relaying protocol. There is no easy way to distinguish between an outbound SMTP connection being used to connect to a legitimate relay (work server) and as a spambot (forged headers).
The problem(2) is that SMTP servers blindly assume the sending address is legitimate. Thus, forging someones email address is easy. This is true even if the originating IP address reverse resolves to imgoingtospamyou.com or adsl-nn.nn.nn.nn.dsl.somewhere01.pacbell.net. This is what's broken, not what ISPs allow through their network.
The proper solution is for the receiving SMTP server to determine if the sender is allowed to send mail for that domain. This was not a consideration of the original email paradigm, but it is now. Sender Policy Framework If you're receiving spam from botnets, then your mail provider needs to tighten up their default SPF settings. (They may need someone to demand that they implement SPF.)
I know that SPF must be implemented everywhere for it to be fully effective, but good default policies will still block a vast majority of address spam.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Does Yahoo even understand where spam comes from? To whoever at Yahoo thought this joke up: It isn't coming from people sending email to random email addresses. It comes from peoples' PCs that have been ...
Oh I give up. Now I think I know why Microsoft wanted to buy Yahoo. MS wanted their super smart anti-spam team.
CUR ALLOC 20195.....5804M
It would be easier to use SPF. Man, I'm sounding like a broken record today.
SPF is a DNS counterpart to the MX record. MX says where you can send a message destined for a given domain; SPF specifies what servers are allowed to relay messages for a given domain. It addresses most (but not all) of the problems that TLS records would. The main difference would be what point-of-failures could be used to circumvent them (ca, dns, ip routing, etc), and what other things DNSSEC would be useful for.
Note that SPF is designed to work if the sender and receiver both use it. That being said, the receiver can still use reasonable defaults and block a majority of forged spam.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Sigh. I've already said this once today. ISP blocking port 25 is bad, not good.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
& # 1058;& # 1077; & # 1088;& # 1072;& # 1073;& # 1086;& # 1090;& # 1077;& # 1090; & # 1086;& # 1076;& # 1080;& # 1085; & # 1091;& # 1079;& # 1080;& # 1082;? (thank you, SlashCode's inability to handle most characters) Only one? and you only work in that one language. How quaint. It must be nice being able to ignore the other 60%-plus of the world and your potential trade.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Won't work. An email server can't check SPF records for email from its own domain, since it also receives client connections, and therefore it'd need every single client PC to be in the SPF record.
What you could do is have a frontend SMTP server and a backend one which clients connect to, and configure the backend server to reject email from its own domain if it comes from the frontend server.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Yet so far, I've only received spam in English. Sure, spam from different languages exists, but it's rare and negligible for now.
I still think that the best way to ensure that you're not getting spammed is by just being careful about your e-mail address. Don't sign up for every idiotic web page, avoid posting your e-mail on the large social networking sites (forums tend to be OK), etc. That, combined with a good spam-filter (GoogleMail's filter is fine enough), gives me the "pleasure" of reading spam about 2 or 3 times a year and that's all.
A good education is a bit like a STD - it makes you unsuitable for a lot of jobs and gives you a desire to spread it.
Yet so far, I've only received spam in English. Sure, spam from different languages exists, but it's rare and negligible for now.
That depends on your email address as far as I can see... in my Google Mail spam folder, I pretty much only see English. In my work spam folder (".eu" domain) I get French, German and English. In one of my other private accounts (".nl" domain) I get English, Dutch and German. The amount of spam in German seems to be on the rise in all three though.
My book about LSD and Self-Discovery
Also on facebook as: DroppingAcidDaleBewan
A bit like dkim then (but that's free).
Does anybody use Yahoo anymore ? I suppose some people do but we have problems with groups at yahoo and there mailing lists with our 'users' / accounts that have never existed regularly hit our postfix servers.
If they implement this at yahoo I hope those people who pay to send email to our ever expanding new members of staff sue the life out of Yahoo for fraud.
How about you take the .01 per email or what ever amount, if it looks like they are not spamming or any thing like that at the end of the month you give the money back. If the money is just to keep people honest about what they are doing, then getting the money back after it is proven that they are.
Don't ask for money. Ask for an arm, a leg, but not money.
:P
People will rather watch hours of advertising and spend hours managing insane amounts of spam instead of paying a cent.
Never underestimate the power of shortsightedness in most people. After all, most people still prefer the "free"(read: ad-supported) television. Yea, I'm right and most people are wrong, go on, mod me down
Centmail will fail because ultimately email will fail.
In the future, emails won't be around. Instead there will be the Wave.
http://wave.google.com/
Ride the Wave. Ride it hard.
K.
Why has no system for identifying and deleting spammer freemail accounts been devised yet? Wouldn't it be relatively simple to query, say, Google's anti-spam filters and delete every account that's sent more than a certain amount of spam?
Sure, it would require the freemail providers to work together, so it's unlikely to happen - but wouldn't it theoretically be possible?
Comment removed based on user account deletion
If all email providers charged for email, spammers will hack accounts to sends spam or they will use stolen credit card numbers to create fake accounts. Hell, they could probably even set up a charity for themselves under this specific case and have all the money go right back to them. But since they will most likely always be free-to-use email providers, spammers will just always use those, making the pay-per-email ones just money grabs for the think-in-the-box'ers. I'm not really convinced that 100% of the money will go directly to charity anyways.
Yet so far, I've only received spam in English.
Which leads us to the money question: how do you tell gloriously misspelt English apart from some other language, then?
If your SMTP server accepts email from client machines without requiring authentication, then you're doing it wrong. (by today's standards - it used to be acceptable.)
Email properly encrypted and authenticated should bypass SPF for exactly the reason you've pointed out. Any unauthenticated email for your own domain should be checked against SPF in case you have (or later setup) multiple relays. (I realize email will not necessarily have end-to-end encryption, but it is vital for the hop that includes a password.)
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
I want to throw into the discussion that micro-payment systems have been advocated for a decade and with great implementations and great arguments for their use, all systems I know of failed in the end.
This seems to be the same idea with the same caveats about transactions decisions etc. How can it succeed?
If I want to send a message from my computer at home through my companies mail server, I should be able to.
I figured somebody would say this, but the thing is that if you want to contact an external SMTP server it is pretty straightforward. You can either use the alternate SMTP port (587) with SSL/TLS or you can use a VPN. You could also just contact your ISP and ask for the restriction to be lifted for your account.
95% of home users don't need access to port 25. The 5% that do can either use an alternate method to access it or get their ISP to open it for them. I agree it isn't the most ideal solution, but the preferred methods (such as SPF) have two big issues: They just aren't in widespread use enough, and way too many mail servers are poorly configured which would lead to dropped mail.
What would be better is ISPs throttling the number of SMTP connections their clients make. Say anything over 300/day and they're blocked for 24 hours. Downside is that's probably asking too much from many smaller ISPs. Big ones (Comcast, Qwest, etc) should be able to do it easy.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
... the thing is that if you want to contact an external SMTP server it is pretty straightforward. You can either use the alternate SMTP port (587) with SSL/TLS...
If your work provides it (they should, many don't).
...or you can use a VPN.
And how is that a "straightforward" part of an email deployment? Unless VPN is really needed for other work functions, it should be avoided. It's overkill.
You could also just contact your ISP and ask for the restriction to be lifted for your account.
It took me about 4 tries before my ISP listened to me. Each time they told me it would be fixed, but it wasn't. People shouldn't have to go through that for something so fundamental to Internet service.
95% of home users don't need access to port 25.
Agreed, due to gmail, yahoo mail, etc. I don't think it's relevant, but I see why you do.
I agree it isn't the most ideal solution, but the preferred methods (such as SPF) have two big issues: They just aren't in widespread use enough,...
True, which is why I bring it up. I hoped to introduce the idea to someone who in turn might cause it to be implemented somewhere. I'm spreading the word.
I maintain that it can be very effective with reasonable and very loose default settings. (not entirely effective -- that would require universal participation; certainly worth using, though.)
...and way too many mail servers are poorly configured which would lead to dropped mail.
In what way? Can you give me a brief use case detailing SPF gone wrong? Any case where the sender causes problems by not supporting SPF? Any case causing email to actually be lost?
What would be better is ISPs throttling the number of SMTP connections their clients make. Say anything over 300/day and they're blocked for 24 hours.
Assuming this doesn't apply to business lines, there are still many small businesses that are using "residential" connections. This would solve the problems for 4.9% of the remaining 5% perhaps. It would leave the rest in a bit of a pickle.
The problem is the way email is handled. It was designed without good security practices, and now the industry is struggling to very, very slowly fix the problem. I don't want my ISP to feel like it's their job to monitor my connection. I want raw bandwidth from them, nothing more.
I prefer the philosophy: fix the problem, not the symptom.
Downside is that's probably asking too much from many smaller ISPs. Big ones (Comcast, Qwest, etc) should be able to do it easy.
also:
... or get their ISP to open it for them.
Maintaining complex port filtering is probably asking too much from many smaller ISPs.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
A more simple approach would be to put a delay around each mail sent by a non-athenticated agent. For most people sending a couple of mails at a time, a 1 sec delay would not change their experience. For spammers trying to send hundred thousands... it would take too long. Easy, cheap and simple.