Slashdot as a dating service? Well, if there are many female readers, they are certainly doing a good job of hiding themselves.
However, my speculation on the general topic is that most women are holding out for Mr Wonderful, whereas most men are only Mr Adequate. Many of the women hold out too long and wind up as old maids, even though they'd be happier married, even to Mr Adequate. Why do they make the mistake? Because the women are making false inferences about the availability of Mr Wonderful. Many women base their sampling on movies and television, where the large majority of 'featured' men are Mr Wonderful. How much camera time does Mr Adequate get?
Based on my real world sampling, I would say that there are very few men who actually qualify as Mr Wonderful, and they are all married at a young age. There is a much larger group of men who are skilled at pretending to be Mr Wonderful. Some of them are serial polygamists and the others are just pure cads.
If I'm so smart about these things, why didn't I ever get married? Simple. I'm just Mr Adequate and stupidly honest about it. Or as Popeye put it, "I yam what I yam, and that's all what I yam."
Oh yes, I should note that there's a statistical distortion working against me, too. The fake Mr Wonderfuls "use up" a lot of women. I don't blame them for being once bitten, twice shy--but it makes me think we'd have a very different and less frustrating world if the gender ratio was heavily in favor of the women...
Below is a general suggestion, but it is directly relevant to one of the main problems with Google's neglect of Blogger--several weeks ago (and several times in the past), the spammers have used Blogger as their reply channel for spam. Remember that the motivation of spamming is economic, and they need some way for their suckers to find them and send money. The suggestion below would be directly helpful in accelerating the response to this form of Blogger abuse--though it also applies to many other neglected systems that would more quickly receive the negative attention they deserve when they are abused by spammers.
Summary of Suggestion: How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are cons
We do invent the artifact we call pure mathematics. However, the fundamental truths of mathematics are not created just because we 'discover' them. Nor will those truths cease to exist just because we will eventually be extinct. Existence is not an attribute of the concept of a triangle. The confusion of the scope of 'existence' was at the kernel of Plato's problematic regressions.
In contrast, mathematical physics is purely discovered. That's just figuring out how things are. Applied mathematics is sort of stuck in the crack.
(While one of my degrees includes philosophy. However, I think the only important thing I learned studying philosophy was that you don't learn anything important from studying philosophy. The important philosophy is how you live.)
Well, the answer there is actually how much evolution you want. You could set a very low threshold and say there must be at least 10 competitors in the market and no competitor can have more than 20% before it has to be cut in half. That would result in more options and more freedom. Don't think of it as a penalty--it's actually a form of growth, kind of like one amoeba becoming two.
The situation as it exists now is quite abnormal. The economies of scale don't apply to software, and Microsoft has managed to define itself as the standard. There was enough pressure so that they got worried and decided they need to sustain a pretense of competition. Ergo, some years ago they propped up Apple when that company almost went bankrupt, and more recently, they have been willing to tolerate Linux in it's reasonably tiny place.
I like freedom and competition. Freedom is about my being able to choose what I like and need based on real information about real option--not just the advertising propaganda. Competition creates those options. Together they work to drive progress and the evolution of better products.
Microsoft's idea is that I should only be free to choose some flavor of Microsoft, and Microsoft gets to tell me what me needs are and what the options are. Change? Only when Microsoft has bled the revenue stream dry. Evolution? Only if the better ideas outside of Microsoft are getting too much cursed publicity.
I see this as a philosophic deadlock. However, there is an easy solution. Chop Microsoft into four or five pieces. Give each of them a copy of the source and let them compete with each other (and with Linux and Apple and the rest of the current crop of dwarfs).
Typical/. utility. Four random mods that cancel each other out (with the last one apparently winning), and not a single constructive reaction or suggestion. So guess why I'm not going to hop over and help out the metamoderation?
Anyway, I'm still in shock that my submission was accepted. First time in a number of attempts, and surely one of my least efforts. I actually submitted a link to The Register's review of the original article and about 7 words of admittedly unhelpful commentary. You'd think it would improve my opinion of/. that the editor evidently did some work with the tip... Sorry, but it slightly improves my opinion of the time zone advantage of living in Tokyo. (That's assuming the story isn't a dupe and that I just missed it... The reported events happened several days ago after all.)
You forgot the spammers on your list of.su registrants. They're supposed to be the leaders in all domain registrations. However, it gives me an excuse to post my latest proposal to reduce the volume of spam. (Excuse the somewhat polemical style from the original venue.) The directly applicable part is about the domain registrars in the Pass 1 section:
How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are constantly going to try to devise new tactics. Again there will be a submit option at the bottom for this Pass 1 form.
That will probably cover most of the responses, but in some cases there may still be a need for a Pass 2 form. I imagine that would be a kin
That has to be the Comedy Central website. Not only terribly, but freshly terrible at high frequency. I had no idea it was possible to find so many bad things to do to a website. That's just the fresh clunkers, and ignoring the neverending confusing about links. Why should a website have to manage links?
Much to my shock, it turns out the website isn't running a Microsoft webserver. I'd name names, but I'm going to assume the vendor is mostly innocent in this case for the abuse of their software. (But I'll leave you with a very bright and shiny hint.)
How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are constantly going to try to devise new tactics. Again there will be a submit option at the bottom for this Pass 1 form.
That will probably cover most of the responses, but in some cases there may still be a need for a Pass 2 form. I imagine that would be a kind of escalation system, mostly to address new forms of spam. There is no closure on spam, there will always be new kinds of spam, and the responses to spam need to be open and flexible, too--but fast. The spammer is trying to open millions of little windows of economic opportunity--and in an ideal world we should slam all of them before a nickel gets through.
Bad things happen to really dumb person. Details at 11.
Seriously, this guy was so dumb that the only news is how he stayed on the streets so long. (I confess, I didn't read the article. But I blame the editors or the submitter for a really dull pitch on the mile-wide trail.)
That is absolutely *NOT* true. Actually, there is a strong point of diminishing returns there. If Google received too many complaints, that would actually confuse the issue.
What they need to do is receive at least *ONE* complaint before the spammer gets any money--and act quickly enough to make sure the spammer *NEVER* receives any money. Pretty simple statistics, actually. The spammer is sending out millions of spams and expecting a few replies to trickle in. But what happens when the replies dry up completely?
No, you don't have to join in--but I'd be glad to be one of the people choking off the spammers' motivations.
How about some jokes paraphrasing Mark Twain:
In general I disapprove of murder, but when it comes to a spammer, it would be dangerous to offer me the temptation.
I was very sorry that I was unable to attend the spammer's funeral, but I sent a note saying that I heartily approved.
I can only hope that the reports of the spammer's death were greatly understated.
I suppose that comes back to the old fundamental question of human nature. Do you think most people are on the average good? If so, then empowering more people should, on average, produce more good.
You personally might be a total prick who simply wants to let other people take care of the spam problem for your personal benefit. That doesn't bother me. Hey, you might even be a spammer yourself--I always wind up wondering about the people who seem to be taking pro-spammer positions in such discussions. However, I've said several times in this discussion that there should not be anything that compels you to participate in any particular anti-spam measure, just as there is nothing forcing you to click on the spam/not-spam buttons. On the other hand, if you've been feeding the spammers (by sending them money), I would really dislike you very much--and we do know that someone has been feeding them.
Me? I think that if you look at the long-term trends, things are getting better, including increases in personal freedom and human knowledge--but that's only a long-term trend and looking at the overall average. There are plenty of counterexamples where bad things happen to good people, just to pick on one example that keeps bugging the philosophers. I don't believe in karma or payback after death, or any of those (mostly religious) evasions. However, I do believe that we need to dampen the negative oscillations, or we will fairly quickly become extinct. We have quite probably already reached the point where the individual power of one madman might be sufficient to exterminate us as a species. I see the spammers as an excellent example of the selfish and highly negative use of email technology--but all technology is morally neutral, and we are just lucky that spam email is not a doomsday technology. (Off topic, but I think our likeliest path to extinction would be a madman with biotechnology--and did you know that the #2 madman in Al Qaeda is (or hopefully was (because he is already dead)) a medical doctor? So have a nice day.)
I really can't decide which side of which issues you are trying to present there. Are you trying to defend the theory that email is supposed to be free (as in beer) because one of my points is that email is not and never has been truly free? I do think that if SMTP had included *ANY* provision for some kind of accounting, then the spam problem never would have reached the level it has. It didn't even have to be real money, but just something to back up the basic assumption of approximate equality. Mail for mail and byte for byte wasn't needed, but 10 million mails sent for 50 replies (with money) is *NOT* what the designers were thinking of.
It's not a matter of being willing to pay for my email, because I *AM* paying for it, just as you are paying for yours. The problem there is that the payments are disguised in various ways, and we don't even have any good ways of accounting for those costs.
My main reason for mentioning the mortgages was not to quibble with the question of how evil they are or are not. I mentioned them because a number of spammers claimed that was one of their most lucrative scams, with large premiums paid for each prospect they could produce. I do not know if any of the spammers were personally involved in the scammy mortgages--but if not, I'm confident it wasn't because of any ethical concerns. Happily, that's one scam that seems to have run its course, and this year those spams have been pretty scarce.
The "Spam" and "Not Spam" buttons are good and I'm certainly not suggesting that they be eliminated. However, there is much more to spam than the simple distinction between spam and ham, and my suggestion is to make it easier to do more for those people who want to go beyond that simple distinction.
Consider it a question of the motivation of the spammers. They are trying to get money by spewing out vast quantities of highly automatic garbage. Some of the negative responses are automatic, as with filters, but that doesn't really bother the spammers. What's another million spams to them? They just probe for new gaps in the filters.
However, the non-automatic negative responses can be much more effective in finding the holes the spam is creeping through, or in closing the windows of economic opportunity the spammer is trying to open. The spammers are only human, and we can pit lots of human intelligence against them.
It is quite important that the tiny percentage of positive responses to the spam are never automatic, but always depend on some sucker reading the spam and manually reacting to it, usually by visiting a website. However, it takes a certain amount of human effort to evaluate those spamvertised websites and shut them down. Similar problems with email addresses that are used for black hole disguises versus those that the spammer is using for valid replies or for address harvesting. A human can tell the differences quickly enough, but automatic approaches can't. Therefore this suggestion is to provide a way to tap into some of that human skill and pass the reports to Google more quickly so they can focus on slamming those windows shut as quickly as possible. Basically I would be glad to help in closing those windows before any money can get to the spammers through them.
The less money the spammers can make, the less spam they will send. No, I don't think it will ever go to zero, but that wouldn't bother me at all if it happened.
Then you must have some incompetent "execs" if they can't delegate your work to you and let you take care of it. I'm pretty sure I could not survive long in such an environment of micromanagement...
On the other hand, sometimes I think there are some "spam-fighting professionals" who are most concerned about protecting their existing positions. I'm not saying that they aren't sincere about fighting spam--but within limits and without rocking the boats too much. They have a variety of priorities... (There was once a period when I was the postmaster for one of the largest free email systems for a major metropolis. The spam problem was not nearly as severe in those days--but it still gave me plenty of headaches. Maybe I was just lucky that the big-time spammers stayed away from my system? However, I don't really believe in such luck.)
If you are working in a spam-fighting capacity, and documented complaints are coming form any source and you aren't able to deal with them... Well, I really don't feel that much sympathy for you. I think things should be escalated. For example, in the Blogspot case which is one of the focuses of this thread, I think these problems are due to be escalated to higher levels of Google's management.
In that case, the person would mostly be hurting their own credibility. Did you miss that part of the suggestion? It was near the end, but Google would be in a position to accumulate some very useful information about who is good at recognizing spam and who isn't. Obviously, if you've submitted many spam reports and they have been solid complaints, then Google should be paying more attention to your comments than if the reports are random guesses from a sock puppet. In particular, website-related Joe job's are a case that calls for human judgment. (Mostly those are 419 scams that fabricate a sob story around a real news story with URLs for CNN or the BBC or other credible sources.)
Actually, I think that personal credibility is very close to the heart of the spam problem. Spam basically looks like real email, and real email has a default credibility which is rather high... In the current higher level topic, it's actually Google's corporate credibility that is part of the target of the spammer's abuses. (That was especially true for the flood of Google search-engine URLs the spammers used a few months ago.)
Look, you don't want to help, you don't have to help. You don't have to do anything at all. I'm willing to help Google fight your spam for you if they will just give me some better tools for doing it.
Of course, if the idea is actually so effective that the spammer start avoiding Gmail, then you know that the other email services will adopt it, too. However, I like Google much better than Microsoft (and Yahoo is about to become Microsoft, too). Plus, the primary topic here is supposed to be Google-related spam.
I agree that would work, but it falls into the checkbox that it needs to be universally adopted or the spammers just move elsewhere. The thrust of my suggestion is more that maybe spamming Gmail can be made so troublesome for the spammers that the spammers will tend to reduce their efforts there. It would be really easy for them to delete all "*@gmail.com" email addresses from their databases.
When you talk about accumulative penalties, I'd like to see something like "aggravated stupidity" for public advertising of a criminal activity. Imagine a spammer is convicted for one million counts of aggravated stupidity. We could even given him a special discount, say cut it down to 1 hour per count--and still put him in jail for 114 years.
You certainly can implement the backspam thing into the suggestion I submitted, though I acknowledge that the original draft was actually prepared a few days ago for another venue. One thing we can be sure of is that the spammers will continue to mutate their techniques--which is why I emphasized the other options so that the humans can react to such variations.
The spam websites thing is more explicitly covered in the suggestion--but this is a place where Google has much more leverage over the webhosting services. Google can exercise very strong sanctions against websites, though the specific concern here is that they are not exercising strong enough sanctions against some of their own subsidiary's websites. Okay, so include an option for "This is one of *YOUR* own website's spam."
I can't really say much about the Google side of the equation, though I'm sure that they do have some people already working on spam fighting.
However, I certainly can say a lot about the other side of it. You don't want to fight spam, then don't use it. Me? I really hate the spammers and I would gladly do anything I can do that harms them.
You can argue that the harm of a particular piece of spam is very small. Perhaps a second or two if I'm just checking for misfiled ham--but the cumulative effect of *MILLIONS* of spams is enormous.
I also believe it is fungible evil. The same morally bankrupt spammer who will sell you addictive drugs will gladly sell you a subprime mortgage or support human trafficking. Where are the lines?
At no point did I suggest that my suggest was a FUSSP. It is intended as a flexible and adaptive tool that would allow more people to do something constructive about reducing the amount of spam.
The FUSSP is just another irrational argument for "No, we can't." The world is not perfect, and obviously there are no perfect solutions--but that doesn't mean we should just give up on good or even partial solutions.
Actually that last topic you mentioned is a very interesting problem in itself, but I think it's too far from the current topic to really discuss more... However, just in case the/. editors are looking for ideas for new articles, think about the problem of a celebrity, politician, or public figure who will receive a large amount of non-spam email from unknown people...
I'm not suggesting it is an ultimate solution, but I do believe there is a certain amount of wisdom in most crowds of people. The Japanese expression is "San nin wa Monju no chie" (Very loosely translated as 'Three people have the wisdom of Buddha').
More than that, I believe almost any weapon can contribute to making it harder for the spammers to intrude on my life. SpamCop is actually pretty good as far as it goes, but it doesn't go very far. I think their real problem is that they are now owned by Cisco, and Cisco's customers are mostly the backbone people. You can even argue that the backbone people have the ultimate powers over the Internet--but they don't care how much spam they transmit as long as someone is paying them for the packets.
Google is in a different position, however. They really do have a vested interest in making Gmail valuable as an email system--and spam is the #1 liability of email.
Slashdot Mirror
Slashdot as a dating service? Well, if there are many female readers, they are certainly doing a good job of hiding themselves.
However, my speculation on the general topic is that most women are holding out for Mr Wonderful, whereas most men are only Mr Adequate. Many of the women hold out too long and wind up as old maids, even though they'd be happier married, even to Mr Adequate. Why do they make the mistake? Because the women are making false inferences about the availability of Mr Wonderful. Many women base their sampling on movies and television, where the large majority of 'featured' men are Mr Wonderful. How much camera time does Mr Adequate get?
Based on my real world sampling, I would say that there are very few men who actually qualify as Mr Wonderful, and they are all married at a young age. There is a much larger group of men who are skilled at pretending to be Mr Wonderful. Some of them are serial polygamists and the others are just pure cads.
If I'm so smart about these things, why didn't I ever get married? Simple. I'm just Mr Adequate and stupidly honest about it. Or as Popeye put it, "I yam what I yam, and that's all what I yam."
Oh yes, I should note that there's a statistical distortion working against me, too. The fake Mr Wonderfuls "use up" a lot of women. I don't blame them for being once bitten, twice shy--but it makes me think we'd have a very different and less frustrating world if the gender ratio was heavily in favor of the women...
Below is a general suggestion, but it is directly relevant to one of the main problems with Google's neglect of Blogger--several weeks ago (and several times in the past), the spammers have used Blogger as their reply channel for spam. Remember that the motivation of spamming is economic, and they need some way for their suckers to find them and send money. The suggestion below would be directly helpful in accelerating the response to this form of Blogger abuse--though it also applies to many other neglected systems that would more quickly receive the negative attention they deserve when they are abused by spammers.
Summary of Suggestion: How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are cons
We do invent the artifact we call pure mathematics. However, the fundamental truths of mathematics are not created just because we 'discover' them. Nor will those truths cease to exist just because we will eventually be extinct. Existence is not an attribute of the concept of a triangle. The confusion of the scope of 'existence' was at the kernel of Plato's problematic regressions.
In contrast, mathematical physics is purely discovered. That's just figuring out how things are. Applied mathematics is sort of stuck in the crack.
(While one of my degrees includes philosophy. However, I think the only important thing I learned studying philosophy was that you don't learn anything important from studying philosophy. The important philosophy is how you live.)
Well, the answer there is actually how much evolution you want. You could set a very low threshold and say there must be at least 10 competitors in the market and no competitor can have more than 20% before it has to be cut in half. That would result in more options and more freedom. Don't think of it as a penalty--it's actually a form of growth, kind of like one amoeba becoming two.
The situation as it exists now is quite abnormal. The economies of scale don't apply to software, and Microsoft has managed to define itself as the standard. There was enough pressure so that they got worried and decided they need to sustain a pretense of competition. Ergo, some years ago they propped up Apple when that company almost went bankrupt, and more recently, they have been willing to tolerate Linux in it's reasonably tiny place.
I like freedom and competition. Freedom is about my being able to choose what I like and need based on real information about real option--not just the advertising propaganda. Competition creates those options. Together they work to drive progress and the evolution of better products.
Microsoft's idea is that I should only be free to choose some flavor of Microsoft, and Microsoft gets to tell me what me needs are and what the options are. Change? Only when Microsoft has bled the revenue stream dry. Evolution? Only if the better ideas outside of Microsoft are getting too much cursed publicity.
I see this as a philosophic deadlock. However, there is an easy solution. Chop Microsoft into four or five pieces. Give each of them a copy of the source and let them compete with each other (and with Linux and Apple and the rest of the current crop of dwarfs).
Typical /. utility. Four random mods that cancel each other out (with the last one apparently winning), and not a single constructive reaction or suggestion. So guess why I'm not going to hop over and help out the metamoderation?
You forgot Duke Nukem Forever?
/. that the editor evidently did some work with the tip... Sorry, but it slightly improves my opinion of the time zone advantage of living in Tokyo. (That's assuming the story isn't a dupe and that I just missed it... The reported events happened several days ago after all.)
Anyway, I'm still in shock that my submission was accepted. First time in a number of attempts, and surely one of my least efforts. I actually submitted a link to The Register's review of the original article and about 7 words of admittedly unhelpful commentary. You'd think it would improve my opinion of
That has to be the Comedy Central website. Not only terribly, but freshly terrible at high frequency. I had no idea it was possible to find so many bad things to do to a website. That's just the fresh clunkers, and ignoring the neverending confusing about links. Why should a website have to manage links?
Much to my shock, it turns out the website isn't running a Microsoft webserver. I'd name names, but I'm going to assume the vendor is mostly innocent in this case for the abuse of their software. (But I'll leave you with a very bright and shiny hint.)
How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are constantly going to try to devise new tactics. Again there will be a submit option at the bottom for this Pass 1 form.
That will probably cover most of the responses, but in some cases there may still be a need for a Pass 2 form. I imagine that would be a kind of escalation system, mostly to address new forms of spam. There is no closure on spam, there will always be new kinds of spam, and the responses to spam need to be open and flexible, too--but fast. The spammer is trying to open millions of little windows of economic opportunity--and in an ideal world we should slam all of them before a nickel gets through.
Beyond that? I think Gm
Bad things happen to really dumb person. Details at 11.
Seriously, this guy was so dumb that the only news is how he stayed on the streets so long. (I confess, I didn't read the article. But I blame the editors or the submitter for a really dull pitch on the mile-wide trail.)
Point taken, especially as regards botnets used for spamming. Another interesting article on the topic:
http://www.secureworks.com/research/threats/topbotnets/?threat=topbotnets
And on the main topic of the original article, I see:
http://www.theregister.co.uk/2008/04/10/web_mail_throttled/
That is absolutely *NOT* true. Actually, there is a strong point of diminishing returns there. If Google received too many complaints, that would actually confuse the issue.
What they need to do is receive at least *ONE* complaint before the spammer gets any money--and act quickly enough to make sure the spammer *NEVER* receives any money. Pretty simple statistics, actually. The spammer is sending out millions of spams and expecting a few replies to trickle in. But what happens when the replies dry up completely?
No, you don't have to join in--but I'd be glad to be one of the people choking off the spammers' motivations.
How about some jokes paraphrasing Mark Twain:
In general I disapprove of murder, but when it comes to a spammer, it would be dangerous to offer me the temptation.
I was very sorry that I was unable to attend the spammer's funeral, but I sent a note saying that I heartily approved.
I can only hope that the reports of the spammer's death were greatly understated.
I suppose that comes back to the old fundamental question of human nature. Do you think most people are on the average good? If so, then empowering more people should, on average, produce more good.
You personally might be a total prick who simply wants to let other people take care of the spam problem for your personal benefit. That doesn't bother me. Hey, you might even be a spammer yourself--I always wind up wondering about the people who seem to be taking pro-spammer positions in such discussions. However, I've said several times in this discussion that there should not be anything that compels you to participate in any particular anti-spam measure, just as there is nothing forcing you to click on the spam/not-spam buttons. On the other hand, if you've been feeding the spammers (by sending them money), I would really dislike you very much--and we do know that someone has been feeding them.
Me? I think that if you look at the long-term trends, things are getting better, including increases in personal freedom and human knowledge--but that's only a long-term trend and looking at the overall average. There are plenty of counterexamples where bad things happen to good people, just to pick on one example that keeps bugging the philosophers. I don't believe in karma or payback after death, or any of those (mostly religious) evasions. However, I do believe that we need to dampen the negative oscillations, or we will fairly quickly become extinct. We have quite probably already reached the point where the individual power of one madman might be sufficient to exterminate us as a species. I see the spammers as an excellent example of the selfish and highly negative use of email technology--but all technology is morally neutral, and we are just lucky that spam email is not a doomsday technology. (Off topic, but I think our likeliest path to extinction would be a madman with biotechnology--and did you know that the #2 madman in Al Qaeda is (or hopefully was (because he is already dead)) a medical doctor? So have a nice day.)
I really can't decide which side of which issues you are trying to present there. Are you trying to defend the theory that email is supposed to be free (as in beer) because one of my points is that email is not and never has been truly free? I do think that if SMTP had included *ANY* provision for some kind of accounting, then the spam problem never would have reached the level it has. It didn't even have to be real money, but just something to back up the basic assumption of approximate equality. Mail for mail and byte for byte wasn't needed, but 10 million mails sent for 50 replies (with money) is *NOT* what the designers were thinking of.
It's not a matter of being willing to pay for my email, because I *AM* paying for it, just as you are paying for yours. The problem there is that the payments are disguised in various ways, and we don't even have any good ways of accounting for those costs.
My main reason for mentioning the mortgages was not to quibble with the question of how evil they are or are not. I mentioned them because a number of spammers claimed that was one of their most lucrative scams, with large premiums paid for each prospect they could produce. I do not know if any of the spammers were personally involved in the scammy mortgages--but if not, I'm confident it wasn't because of any ethical concerns. Happily, that's one scam that seems to have run its course, and this year those spams have been pretty scarce.
The "Spam" and "Not Spam" buttons are good and I'm certainly not suggesting that they be eliminated. However, there is much more to spam than the simple distinction between spam and ham, and my suggestion is to make it easier to do more for those people who want to go beyond that simple distinction.
Consider it a question of the motivation of the spammers. They are trying to get money by spewing out vast quantities of highly automatic garbage. Some of the negative responses are automatic, as with filters, but that doesn't really bother the spammers. What's another million spams to them? They just probe for new gaps in the filters.
However, the non-automatic negative responses can be much more effective in finding the holes the spam is creeping through, or in closing the windows of economic opportunity the spammer is trying to open. The spammers are only human, and we can pit lots of human intelligence against them.
It is quite important that the tiny percentage of positive responses to the spam are never automatic, but always depend on some sucker reading the spam and manually reacting to it, usually by visiting a website. However, it takes a certain amount of human effort to evaluate those spamvertised websites and shut them down. Similar problems with email addresses that are used for black hole disguises versus those that the spammer is using for valid replies or for address harvesting. A human can tell the differences quickly enough, but automatic approaches can't. Therefore this suggestion is to provide a way to tap into some of that human skill and pass the reports to Google more quickly so they can focus on slamming those windows shut as quickly as possible. Basically I would be glad to help in closing those windows before any money can get to the spammers through them.
The less money the spammers can make, the less spam they will send. No, I don't think it will ever go to zero, but that wouldn't bother me at all if it happened.
Then you must have some incompetent "execs" if they can't delegate your work to you and let you take care of it. I'm pretty sure I could not survive long in such an environment of micromanagement...
On the other hand, sometimes I think there are some "spam-fighting professionals" who are most concerned about protecting their existing positions. I'm not saying that they aren't sincere about fighting spam--but within limits and without rocking the boats too much. They have a variety of priorities... (There was once a period when I was the postmaster for one of the largest free email systems for a major metropolis. The spam problem was not nearly as severe in those days--but it still gave me plenty of headaches. Maybe I was just lucky that the big-time spammers stayed away from my system? However, I don't really believe in such luck.)
If you are working in a spam-fighting capacity, and documented complaints are coming form any source and you aren't able to deal with them... Well, I really don't feel that much sympathy for you. I think things should be escalated. For example, in the Blogspot case which is one of the focuses of this thread, I think these problems are due to be escalated to higher levels of Google's management.
In that case, the person would mostly be hurting their own credibility. Did you miss that part of the suggestion? It was near the end, but Google would be in a position to accumulate some very useful information about who is good at recognizing spam and who isn't. Obviously, if you've submitted many spam reports and they have been solid complaints, then Google should be paying more attention to your comments than if the reports are random guesses from a sock puppet. In particular, website-related Joe job's are a case that calls for human judgment. (Mostly those are 419 scams that fabricate a sob story around a real news story with URLs for CNN or the BBC or other credible sources.)
Actually, I think that personal credibility is very close to the heart of the spam problem. Spam basically looks like real email, and real email has a default credibility which is rather high... In the current higher level topic, it's actually Google's corporate credibility that is part of the target of the spammer's abuses. (That was especially true for the flood of Google search-engine URLs the spammers used a few months ago.)
Look, you don't want to help, you don't have to help. You don't have to do anything at all. I'm willing to help Google fight your spam for you if they will just give me some better tools for doing it.
Of course, if the idea is actually so effective that the spammer start avoiding Gmail, then you know that the other email services will adopt it, too. However, I like Google much better than Microsoft (and Yahoo is about to become Microsoft, too). Plus, the primary topic here is supposed to be Google-related spam.
I agree that would work, but it falls into the checkbox that it needs to be universally adopted or the spammers just move elsewhere. The thrust of my suggestion is more that maybe spamming Gmail can be made so troublesome for the spammers that the spammers will tend to reduce their efforts there. It would be really easy for them to delete all "*@gmail.com" email addresses from their databases.
When you talk about accumulative penalties, I'd like to see something like "aggravated stupidity" for public advertising of a criminal activity. Imagine a spammer is convicted for one million counts of aggravated stupidity. We could even given him a special discount, say cut it down to 1 hour per count--and still put him in jail for 114 years.
You certainly can implement the backspam thing into the suggestion I submitted, though I acknowledge that the original draft was actually prepared a few days ago for another venue. One thing we can be sure of is that the spammers will continue to mutate their techniques--which is why I emphasized the other options so that the humans can react to such variations.
The spam websites thing is more explicitly covered in the suggestion--but this is a place where Google has much more leverage over the webhosting services. Google can exercise very strong sanctions against websites, though the specific concern here is that they are not exercising strong enough sanctions against some of their own subsidiary's websites. Okay, so include an option for "This is one of *YOUR* own website's spam."
I can't really say much about the Google side of the equation, though I'm sure that they do have some people already working on spam fighting.
However, I certainly can say a lot about the other side of it. You don't want to fight spam, then don't use it. Me? I really hate the spammers and I would gladly do anything I can do that harms them.
You can argue that the harm of a particular piece of spam is very small. Perhaps a second or two if I'm just checking for misfiled ham--but the cumulative effect of *MILLIONS* of spams is enormous.
I also believe it is fungible evil. The same morally bankrupt spammer who will sell you addictive drugs will gladly sell you a subprime mortgage or support human trafficking. Where are the lines?
At no point did I suggest that my suggest was a FUSSP. It is intended as a flexible and adaptive tool that would allow more people to do something constructive about reducing the amount of spam.
The FUSSP is just another irrational argument for "No, we can't." The world is not perfect, and obviously there are no perfect solutions--but that doesn't mean we should just give up on good or even partial solutions.
Actually that last topic you mentioned is a very interesting problem in itself, but I think it's too far from the current topic to really discuss more... However, just in case the /. editors are looking for ideas for new articles, think about the problem of a celebrity, politician, or public figure who will receive a large amount of non-spam email from unknown people...
I'm not suggesting it is an ultimate solution, but I do believe there is a certain amount of wisdom in most crowds of people. The Japanese expression is "San nin wa Monju no chie" (Very loosely translated as 'Three people have the wisdom of Buddha').
More than that, I believe almost any weapon can contribute to making it harder for the spammers to intrude on my life. SpamCop is actually pretty good as far as it goes, but it doesn't go very far. I think their real problem is that they are now owned by Cisco, and Cisco's customers are mostly the backbone people. You can even argue that the backbone people have the ultimate powers over the Internet--but they don't care how much spam they transmit as long as someone is paying them for the packets.
Google is in a different position, however. They really do have a vested interest in making Gmail valuable as an email system--and spam is the #1 liability of email.