Nice idea, and we have an impressive server room, but I am one of the few ISPs that does not filter based on message content. I exclusively use RBLs and homegrown relay blacklists. I have just as good a record of stopping spam as any of the more elaborate systems without blocking legit mail, but it's not something I can really use as a selling point because if even one spam gets through, it makes me look bad. It's a very tough situation to be in if you're not a big corporation with dozens of IT people to monitor things, but ultimately I think it's best for my clients.
I am lucky in that we got started in 1993, so we have a very loyal, long-term customer base, but at the same time, we've had problems in that our expenses have increased while the "whores" have lowered their prices. Clients don't seem to realize the difference until it's too late, and that's not something you can use as a selling point.
The dynamics of this industry are a lot different than what they used to be.
Is that an $8000 server for personal use? I doubt it; pass it on to the customer.
This is the problem with the industry now. I can't pass this on to the customers in any easy way - there are so many "internet whores" out there charging super-cheap rates that I'm limited in how much I can raise prices without losing business (because your average web hosting client really doesn't know or care about the difference between a solid Internet company and one that was born yesterday). I can't promise that this new mail system will be any better at stopping spam. I have to spend this money simply to maintain the status quo! It's sickening.
I am having to spend $8000 this month to build a new mail server.
Why?
Because 80% of the mail traffic to my system is unsolicited spam and now I need more resources to handle the mail services for my legitimate users because 80% of my resources are dealing with crap.
Because the authorities don't prosecute the spammers, people like me have to pay for the resources they consume even though I didn't invite them to exploit my resources in this manner.
Something needs to be done, and it has to do with enforcement, not figuring out yet another boneheaded way to inject profit motive into the SMTP stream.
Let me qualify this... I understand that ports are virtual, but it still consumes more resources to listen on more ports than it does on a single port. What technically is the difference between a single port with an elaborate encryption-based handshake scheme, as opposed to the same thing across multiple ports?
I don't know about you guys, but I get port scanned all day. The likelihood of my system being further probed by seeing some type of handshaking across multiple ports seems more likely to attract additional, unwanted attention.
And with a scheme like this, aren't you talking about wasting further resources keeping track of the "knock sequence?" What's the point? I could see it being used as an ALTERNATIVE to encryption if you didn't have encryption available, but other than that, it seems a waste of resources.
This isn't going to catch on. It's not more secure and it wastes more resources.
Why would this be any more secure than listening on a single port for the "unique knock sequence?" Any good admin knows the most secure system is one that is listening on as few ports as possible.
Why do people insist on pursuing humanistic metaphors in cyberspace when there isn't a practical application? This whole premise is ridiculous.
If you want to play with humanistic metaphors, remember the first rule of security is that its better to have ONE door in your house that you keep an eye on, than five windows and two doors with an elaborate security system. In the latter case, you have seven points of entry instead of one.
This really doesn't address the biggest problem which is the bandwidth and resources spammers steal from other systems.
I have a problem right now in that we're hitting 40,000+ bogus spam connections to the server per day! That is just recognized RBL'd hosts from conservative blacklists TRYING TO CONNECT! The system resources that our networks consume just trying to answer the "phone" from the spammers is tremendous, and it interferes with our ability to handle legitimate mail.
This doesn't even take into account the potential resources needed to examine the actual message content and act on it.
To say this problem has gotten out of hand is an understatement. I have spamming proxy relays from single sources opening up 5-6 simultaneous connections on the server. It would be adding insult to injury even fathoming the resources necessary to actually download the mail and try to filter it based on content.
What's worse is that when content-based filtering is used, the spammers can't tell they're not getting through, so this forces them send out even more and more spam, not knowing whether their messages are getting filtered. The client-side filtering just makes the problem worse!
I am now getting somewhere in the area of 40,000 spams a day to one of my servers. This system handles e-commerce for a number of small and medium-sized companies. The volume of junk e-mail has gotten so out of hand that it's bogging down my mail processes sending/receiving clients order acknowledgements and critical communication.
More than 80% of the mail my system handles is totally unsolicited. In fact, a substantive portion of it is random names @ random domains - there's no way it was ever solicited or welcome!
Now I have to build an entirely new server because F'ing assholes like this guy waste my resources and I have to handle his shit or else I'll lose my legitimate business. To say I'm furious is an understatement to the Nth degree. Any money this asshole makes is at the expense of thousands of ISPs who have to spend money and time on bandwidth and system resources. THIS GUY NEEDS TO BE IN JAIL!!!
The REASON we have spam is because some stupid people are BUYING the CRAP the spammers are selling.
Really? How's your penis doing these days?
You don't know anything about spamming if you believe what you're saying.
If spamming really was effective, there would be a lot more legitimate companies doing it, but there aren't, and there's a reason for it. It's really only economically viable if you can do it en masse and it's relatively cheap. The vast majority of spamming promotions are strictly commission-based. If people really were buying a lot of these products, that wouldn't be the model spam-promoting companies would employ.
Good luck getting the whole world and every mail server on the planet to bow to Microsoft and Yahoo in setting standards for e-mail. You're a lot more hopeful than I am, cryptography or no cryptography.
The reason we have spam is because it is pretty much free to send.
Bzzzt! Wrong. Thanks for playing.
99% of the reason we have spam is because authorities don't enforce the existing laws already on the books that these spammers violate. Breaking into innocent peoples' computers and repurposing foreign network resources are illegal in almost every jurisdiction, but the authorities have yet to demonstrate they have an interest or method of catching these crooks. Once they do, you'll see this problem drop off considerably.
I'm not against paying for services of this nature, but per-message is ridiculous and greedy.
We already "pay" anyway. More than half the bandwidth used is taken up by spam. Curbing the propagation of spam would have major returns in the form of saved system resources and bandwidth. It's analagous to noticing that the vaccine for an ailment is actually cheaper than the treatment.
That notwithstanding, there are a number of ways to pay for such a system; the most obvious is something like a few bucks extra for each domain renewal/registration - this would FULLY FUND a major centralized SMTP whitelist not unlike how the root server network is set up.
This pay-for-postage e-mail model.. what is the money paying for?
* The bandwidth and network resources used?
We already pay for that; we have quotas and guidelines in place regarding bandwidth, storage quotas and restrictions on spamming with all ISPs.
* Subsidizing a new mail system that is "spam free?"
Does anybody think that if Yahoo and Microsoft hijack the e-mail network, they won't abuse it? Both companies have a sordid history of deploying disposal privacy policies and spamming their own users, sometimes to the point of creating so much noise they upsell users on value-added solutions to solve the problems they create.
The only way a pay-for-postage model would work is if the major networks go private and make their e-mail systems un-integrated with the existing SMTP network. Do you want Microsoft, Yahoo or a handful of powerful corporations to be in control over the e-mail system?
* Why pay per-message anyway? It's an ineffective argument to claim such quantum pricing is necessary and that resources would require it, nor would it teach people to be more responsible in their mailing practices.
80% of the traffic on the Internet is junk mail. If we simply enforced existing laws regarding network exploitation and computer tampering, we'd instantly negate the main value of the pay-per-e-mail article, and even with the system in place, there's absolutely no provision to address the larger problem of unauthorized SMTP traffic hogging bandwidth.
I don't have a problem with the idea of paying extra to have a spam-free e-mail network, but on a per-message basis, it's just stupid and greedy. If we're going to pay, I recommend it go like this:
1. Add a small fee to each domain registration which goes to establish a regulatory group, that adopts an international standard for responsible mailing practices.
2. Contract out, just like we do with the TLD system, the administration of a centralized SMTP whitelist, with a system of checks-and-balances to effectively "license" responsible mail relays.
3. Offer anyone running a mail server, the option of using the centralized whitelist to approve the systems from which it will accept mail.
I have been saying for more than a year, this is the way to go. This scheme by MS and Yahoo is a flavor of what I'm saying, with the tacked-on idea of charging per-message, and instead of making the mail network an open system, it would be controlled by select corporate interests.
We're heading in the right direction, but this scheme by Microsoft and Yahoo has a long way to go.
There's no way to enforce this. The irony is that the only way a pay-for-email scheme would work, is in the context of a network of trusted mail relays, which is in effect, A WHITELIST.
All this does is prove that eventually, there will be a network of whitelisted SMTP relays that will do more to combat the spamedemic. You don't need to charge money - that's an extra, goofy idea to make profit for a few select corporate interests. It won't fly because millions of systems will refuse to pay the "postage" extortion fee in order to be whitelisted.
- I've never lost a signal in rain, but then I live in SoCal where we don't actually have weather for 300 days out of the year. Wind has no noticable effect, and we've had some real blustery days since I got the system.
Where I live, it rains 1/3rd of the time. I've gone through major tropical storms and seen trees and telephone poles downed and never lost my satellite service. Maybe the older services were more weather-vulnerable but I don't experience that any more. I had many more outages with digital cable.
Most satellite services, such as DirecTV now include local channels. I've never had the problems you site with reception and picture quality. That's probably the fault of poor installation and has nothing to do with satellite.
I have a TIVO, and I don't consider it "television". It records just what I want to see and I can skip over commercials. I don't "watch television", I grab certain feeds that interest me and watch "video". It's a completely different experience, NOT to be confused with "television", which is CRAP.
Subscribers will be able to watch "Trading Spaces," for example, but won't be able to see past episodes of network shows like "Friends" or "Everybody Loves Raymond."
The service lets users rewind, fast forward and pause the programs they choose as well as store them for up to 24 hours to watch them at their convenience. It also lets viewers rent newly released movies for $3.95 each and other select programs for $2.95 each.
"It's there at the touch of button, when you want it," Cleland said. "It also has the full functionality of a VCR."
The company will roll the service out in Detroit next year.
So you can watch favorite shows "at your convenience" ONLY if it's "convenient" for you to watch them within 24 hours of their original airing, unless you want to pay $2.95 to view it after that time, and that's subject to availability.
TiVo negates the value of all that crap. This is why Comcast doesn't want its users running Tivo.
So in essense, Comcast is going to force an inferior product and a more expensive service upon its customers and they'll have to deal with it.
If there's anything positive that will come out of this, maybe Comcast's crappy DVR and mafia-regular-programming-PPV services will make consumers aware of the value of DVRs and then they'll seek out other cable and satellite companies that aren't trying to rape their customers with inferior services and higher prices.
DirecTV is the way to go. It's cheaper than cable across the board, and I argue that cable is better quality than satellite - I think it's the other way around. I got a tri-LNB DirecTV setup with all the HBO and very cool channels like LinkTV and TechTV for $30+ less a month than I was paying for cable with less channels and only one receiver. DTV installation was $14.95 and I even got a free DVD player. On top of this, Comcast has one of the lowest customer-satisfaction ratings in the industry according to JD Powers & Associates, and DirecTV has the highest customer satisfaction rating.
I have used Cox and Comcast and both are the pits. Especially Comcast. I noticed a dramatic improvement in quality between Cox and DirecTV and DirecTV is much cheaper. In my experience, the only time cable is cheaper than satellite is when you have multiple services bundled (local phone, internet and tv) but IMO it's foolish to have too many critical utilities from a single supplier. If cable goes out or you have a billing issue, you lose 3 major services instead of one.
As for Comcast, trying to get a DVR to work with their network is kludgy at best. They are going out of their way to make their system un-compatible with Tivo. People hack their units using an IR signal box that is slow and often doesn't change channels properly and you end up recording the wrong shows. In contrast DirecTivo works perfectly and is fully-integrated and elegant.
It's also become apparent that Comcast has its own plans for launching DVR service which involves a heavily crippled system in comparison to Tivo. Their intent is to move regular programming into a PPV model by not allowing customers much freedom over what they can record and how long they can hold these recordings on disk. Comcast seems to have the brilliant idea they can charge their customers $2-$3 each to view regular programming 48 hours or more after the broadcast date.
Then there is the issue of Comcast being one of the largest sources of spam in the United States. I can't do business with them until they get their act together and offer their customers more reasonable choices and solutions.
Slashdot Mirror
Nice idea, and we have an impressive server room, but I am one of the few ISPs that does not filter based on message content. I exclusively use RBLs and homegrown relay blacklists. I have just as good a record of stopping spam as any of the more elaborate systems without blocking legit mail, but it's not something I can really use as a selling point because if even one spam gets through, it makes me look bad. It's a very tough situation to be in if you're not a big corporation with dozens of IT people to monitor things, but ultimately I think it's best for my clients.
I am lucky in that we got started in 1993, so we have a very loyal, long-term customer base, but at the same time, we've had problems in that our expenses have increased while the "whores" have lowered their prices. Clients don't seem to realize the difference until it's too late, and that's not something you can use as a selling point.
The dynamics of this industry are a lot different than what they used to be.
Is that an $8000 server for personal use? I doubt it; pass it on to the customer.
This is the problem with the industry now. I can't pass this on to the customers in any easy way - there are so many "internet whores" out there charging super-cheap rates that I'm limited in how much I can raise prices without losing business (because your average web hosting client really doesn't know or care about the difference between a solid Internet company and one that was born yesterday). I can't promise that this new mail system will be any better at stopping spam. I have to spend this money simply to maintain the status quo! It's sickening.
You are totally right.
I am having to spend $8000 this month to build a new mail server.
Why?
Because 80% of the mail traffic to my system is unsolicited spam and now I need more resources to handle the mail services for my legitimate users because 80% of my resources are dealing with crap.
Because the authorities don't prosecute the spammers, people like me have to pay for the resources they consume even though I didn't invite them to exploit my resources in this manner.
Something needs to be done, and it has to do with enforcement, not figuring out yet another boneheaded way to inject profit motive into the SMTP stream.
Another whitelist-based idea. Imagine that.
Let me qualify this... I understand that ports are virtual, but it still consumes more resources to listen on more ports than it does on a single port. What technically is the difference between a single port with an elaborate encryption-based handshake scheme, as opposed to the same thing across multiple ports?
I don't know about you guys, but I get port scanned all day. The likelihood of my system being further probed by seeing some type of handshaking across multiple ports seems more likely to attract additional, unwanted attention.
And with a scheme like this, aren't you talking about wasting further resources keeping track of the "knock sequence?" What's the point? I could see it being used as an ALTERNATIVE to encryption if you didn't have encryption available, but other than that, it seems a waste of resources.
This isn't going to catch on. It's not more secure and it wastes more resources.
Why would this be any more secure than listening on a single port for the "unique knock sequence?" Any good admin knows the most secure system is one that is listening on as few ports as possible.
Why do people insist on pursuing humanistic metaphors in cyberspace when there isn't a practical application? This whole premise is ridiculous.
If you want to play with humanistic metaphors, remember the first rule of security is that its better to have ONE door in your house that you keep an eye on, than five windows and two doors with an elaborate security system. In the latter case, you have seven points of entry instead of one.
This really doesn't address the biggest problem which is the bandwidth and resources spammers steal from other systems.
I have a problem right now in that we're hitting 40,000+ bogus spam connections to the server per day! That is just recognized RBL'd hosts from conservative blacklists TRYING TO CONNECT! The system resources that our networks consume just trying to answer the "phone" from the spammers is tremendous, and it interferes with our ability to handle legitimate mail.
This doesn't even take into account the potential resources needed to examine the actual message content and act on it.
To say this problem has gotten out of hand is an understatement. I have spamming proxy relays from single sources opening up 5-6 simultaneous connections on the server. It would be adding insult to injury even fathoming the resources necessary to actually download the mail and try to filter it based on content.
What's worse is that when content-based filtering is used, the spammers can't tell they're not getting through, so this forces them send out even more and more spam, not knowing whether their messages are getting filtered. The client-side filtering just makes the problem worse!
I am now getting somewhere in the area of 40,000 spams a day to one of my servers. This system handles e-commerce for a number of small and medium-sized companies. The volume of junk e-mail has gotten so out of hand that it's bogging down my mail processes sending/receiving clients order acknowledgements and critical communication.
More than 80% of the mail my system handles is totally unsolicited. In fact, a substantive portion of it is random names @ random domains - there's no way it was ever solicited or welcome!
Now I have to build an entirely new server because F'ing assholes like this guy waste my resources and I have to handle his shit or else I'll lose my legitimate business. To say I'm furious is an understatement to the Nth degree. Any money this asshole makes is at the expense of thousands of ISPs who have to spend money and time on bandwidth and system resources. THIS GUY NEEDS TO BE IN JAIL!!!
I noticed there appears to be an error generated if your home page uses the user@pass inclusion in a URL (whtn invoking IE for the first time).
The page cannot be displayed
The page you are looking for might have been removed or had its name changed.
Subsequent attempts seem to work, but the initial spawn of the browser does something different in terms of URL qualification it seems.
This is kind of like the U.S. following U.N. resolutions ; )
The REASON we have spam is because some stupid people are BUYING the CRAP the spammers are selling.
Really? How's your penis doing these days?
You don't know anything about spamming if you believe what you're saying.
If spamming really was effective, there would be a lot more legitimate companies doing it, but there aren't, and there's a reason for it. It's really only economically viable if you can do it en masse and it's relatively cheap. The vast majority of spamming promotions are strictly commission-based. If people really were buying a lot of these products, that wouldn't be the model spam-promoting companies would employ.
You think this can be enforced?
Good luck getting the whole world and every mail server on the planet to bow to Microsoft and Yahoo in setting standards for e-mail. You're a lot more hopeful than I am, cryptography or no cryptography.
The ONLY way to stop Spam is to make it too expensive for spammers to send it.
I agree with you, however I think the best way to do this is make spammer's "costs" involve BAIL MONEY and CRIMINAL DEFENSE LAWYERS FEES!
I will say it again too...
That's what is commonly referred to as a "whitelist".
The reason we have spam is because it is pretty much free to send.
Bzzzt! Wrong. Thanks for playing.
99% of the reason we have spam is because authorities don't enforce the existing laws already on the books that these spammers violate. Breaking into innocent peoples' computers and repurposing foreign network resources are illegal in almost every jurisdiction, but the authorities have yet to demonstrate they have an interest or method of catching these crooks. Once they do, you'll see this problem drop off considerably.
One thing to realize is that you don't have Yahoo and Microsoft asking themselves, "What can we do to solve this spam problem?"
What they are pondering in reality is, "How can we make money off this spam problem?"
Once you understand this, their goofy, impractical ideas make sense... at least to them.
I'm not against paying for services of this nature, but per-message is ridiculous and greedy.
We already "pay" anyway. More than half the bandwidth used is taken up by spam. Curbing the propagation of spam would have major returns in the form of saved system resources and bandwidth. It's analagous to noticing that the vaccine for an ailment is actually cheaper than the treatment.
That notwithstanding, there are a number of ways to pay for such a system; the most obvious is something like a few bucks extra for each domain renewal/registration - this would FULLY FUND a major centralized SMTP whitelist not unlike how the root server network is set up.
This pay-for-postage e-mail model.. what is the money paying for?
* The bandwidth and network resources used?
We already pay for that; we have quotas and guidelines in place regarding bandwidth, storage quotas and restrictions on spamming with all ISPs.
* Subsidizing a new mail system that is "spam free?"
Does anybody think that if Yahoo and Microsoft hijack the e-mail network, they won't abuse it? Both companies have a sordid history of deploying disposal privacy policies and spamming their own users, sometimes to the point of creating so much noise they upsell users on value-added solutions to solve the problems they create.
The only way a pay-for-postage model would work is if the major networks go private and make their e-mail systems un-integrated with the existing SMTP network. Do you want Microsoft, Yahoo or a handful of powerful corporations to be in control over the e-mail system?
* Why pay per-message anyway? It's an ineffective argument to claim such quantum pricing is necessary and that resources would require it, nor would it teach people to be more responsible in their mailing practices.
80% of the traffic on the Internet is junk mail. If we simply enforced existing laws regarding network exploitation and computer tampering, we'd instantly negate the main value of the pay-per-e-mail article, and even with the system in place, there's absolutely no provision to address the larger problem of unauthorized SMTP traffic hogging bandwidth.
I don't have a problem with the idea of paying extra to have a spam-free e-mail network, but on a per-message basis, it's just stupid and greedy. If we're going to pay, I recommend it go like this:
1. Add a small fee to each domain registration which goes to establish a regulatory group, that adopts an international standard for responsible mailing practices.
2. Contract out, just like we do with the TLD system, the administration of a centralized SMTP whitelist, with a system of checks-and-balances to effectively "license" responsible mail relays.
3. Offer anyone running a mail server, the option of using the centralized whitelist to approve the systems from which it will accept mail.
I have been saying for more than a year, this is the way to go. This scheme by MS and Yahoo is a flavor of what I'm saying, with the tacked-on idea of charging per-message, and instead of making the mail network an open system, it would be controlled by select corporate interests.
We're heading in the right direction, but this scheme by Microsoft and Yahoo has a long way to go.
There's no way to enforce this. The irony is that the only way a pay-for-email scheme would work, is in the context of a network of trusted mail relays, which is in effect, A WHITELIST.
All this does is prove that eventually, there will be a network of whitelisted SMTP relays that will do more to combat the spamedemic. You don't need to charge money - that's an extra, goofy idea to make profit for a few select corporate interests. It won't fly because millions of systems will refuse to pay the "postage" extortion fee in order to be whitelisted.
- I've never lost a signal in rain, but then I live in SoCal where we don't actually have weather for 300 days out of the year. Wind has no noticable effect, and we've had some real blustery days since I got the system.
Where I live, it rains 1/3rd of the time. I've gone through major tropical storms and seen trees and telephone poles downed and never lost my satellite service. Maybe the older services were more weather-vulnerable but I don't experience that any more. I had many more outages with digital cable.
Most satellite services, such as DirecTV now include local channels. I've never had the problems you site with reception and picture quality. That's probably the fault of poor installation and has nothing to do with satellite.
I agree with you. However, I'd qualify this.
I have a TIVO, and I don't consider it "television". It records just what I want to see and I can skip over commercials. I don't "watch television", I grab certain feeds that interest me and watch "video". It's a completely different experience, NOT to be confused with "television", which is CRAP.
So you can watch favorite shows "at your convenience" ONLY if it's "convenient" for you to watch them within 24 hours of their original airing, unless you want to pay $2.95 to view it after that time, and that's subject to availability.
TiVo negates the value of all that crap. This is why Comcast doesn't want its users running Tivo.
So in essense, Comcast is going to force an inferior product and a more expensive service upon its customers and they'll have to deal with it.
If there's anything positive that will come out of this, maybe Comcast's crappy DVR and mafia-regular-programming-PPV services will make consumers aware of the value of DVRs and then they'll seek out other cable and satellite companies that aren't trying to rape their customers with inferior services and higher prices.
DirecTV is the way to go. It's cheaper than cable across the board, and I argue that cable is better quality than satellite - I think it's the other way around. I got a tri-LNB DirecTV setup with all the HBO and very cool channels like LinkTV and TechTV for $30+ less a month than I was paying for cable with less channels and only one receiver. DTV installation was $14.95 and I even got a free DVD player. On top of this, Comcast has one of the lowest customer-satisfaction ratings in the industry according to JD Powers & Associates, and DirecTV has the highest customer satisfaction rating.
I have used Cox and Comcast and both are the pits. Especially Comcast. I noticed a dramatic improvement in quality between Cox and DirecTV and DirecTV is much cheaper. In my experience, the only time cable is cheaper than satellite is when you have multiple services bundled (local phone, internet and tv) but IMO it's foolish to have too many critical utilities from a single supplier. If cable goes out or you have a billing issue, you lose 3 major services instead of one.
As for Comcast, trying to get a DVR to work with their network is kludgy at best. They are going out of their way to make their system un-compatible with Tivo. People hack their units using an IR signal box that is slow and often doesn't change channels properly and you end up recording the wrong shows. In contrast DirecTivo works perfectly and is fully-integrated and elegant.
It's also become apparent that Comcast has its own plans for launching DVR service which involves a heavily crippled system in comparison to Tivo. Their intent is to move regular programming into a PPV model by not allowing customers much freedom over what they can record and how long they can hold these recordings on disk. Comcast seems to have the brilliant idea they can charge their customers $2-$3 each to view regular programming 48 hours or more after the broadcast date.
Then there is the issue of Comcast being one of the largest sources of spam in the United States. I can't do business with them until they get their act together and offer their customers more reasonable choices and solutions.