Unlimited 1 : lacking any controls : unrestricted 2 : boundless, infinite 3 : not bounded by exceptions : undefined
infinite 1: extending indefinitely : endless 2: immeasurably or inconceivably great or extensive : inexhaustible 3: subject to no limitation or external determination
Then broadband came along offering unlimited connect time, not data.
That's simple wrong. I NEVER get "unlimited" connect time- I am limited to 30 x 24 x 60 minutes per month, sometimes 31 x 24 x 60. Heck, a few months ago, I only got 28 x 24 x 60 minutes.
Um, you do realize the story you linked to involves "a BIOS level malware attack capable of surviving even a hard-disk wipe". This is very different from it surviving a BIOS wipe.
You might say you wish to profit from it, but you've already put it in my hands. If you restricted my access to it somehow until I'd paid you, then you'd have an example that held some water.
SO it's okay to copy TV shows and any movie that has been broadcast on TV?
Your last paragraph says "I'd agree, if the advertised "Up To X Mb Per Second" isn't available much of the day, the advertising would be dishonest, but in my limited experience, most times of the day, ComCast meets their "up to" bandwidth advertising."
Well, I'm happy for you. I have Optimum Online (BOOST), which should be 30/5. I'm getting 24.383/5.3227, according to Opttimum's own speed checker. At 1:14am on a Wednesday night. And that's the best I've ever seen it. 24/30 =.8: I'm getting 80% of the Download speed I should be- No, I'm getting 80% of the Download speed I'm paying for. And that's inside their network! if I go to a nearby outside speed tester, I get:
18.555/5.224 18.59/5.29 11.703/4.954 21.906/5.191
Even taking the best of these, my connection speed to outside Optimum's network (IE: more realistic) is 21/30 = 70%
SO, in the end, I'm happy that you get what you pay for. I only really get 70% of what I pay for.
I would probably decide it wasn't worth the risk of my ten dollars to take a chance on getting only one can if that seemed to happen very often.
It happens all the time. And this is one of only 2 'grocery stores' (Optimum, Verison DSL) in the area, so....
YES, If I pay for "200 AMP" service, I damn well expect to be able to pull 200 amps. If I can't, then it's not 200 amp service! If I pay for 30/5 (Optimum Online BOOST), then I should get 30/5. (I understand getting slightly less due to line conditions, etc, but when I pay for 30/5, I expect to at least get somewhere close to that thruput.)
You seem to be fine with an ISP giving you a 64kbps connection under a "Up To 10000000MBps" plan, simply because it says 'up to'.
I'm betting that if you read the medium sized print in your residential cable broadband contract, you will find that they don't guarantee bandwidth.
Well, if you went to the local grocery store, and saw they were offering 'up to' 10 cans of soup for $10, and when you paid your $10, they handed you ONE can of soup, wouldn't you be pissed? "But we didn't offer 10 cans, we offered UP TO 10 cans..."
The stuff that'll be around for "tens of thousands of years" is not that radioactive. It's the stuff that only hangs around for a few years that puts out a really dangerous amount of radiation. But, then, it's only dangerous for a few years.
heh. I read a book where a terrorist group buys a russian submarine (complete with non-nuke cruise missiles) and (among other things) sets up two bombs on an under-water oil pipeline. The first, more obvious hole gets fixed, and they start pumping oil again, only for it to spill all out the second hole.
BUT, if a spammer wants to self-certify, they'll get all the spam complaints about themselves. And, when they do nothing about their spam, people will begin to black-list that certifier. And then none of their email (spam or not) will get through.
But there are millions of them, all over the globe, getting infected with one bot as soon as another is removed.
Well, then maybe ISPs will need to take proactive measures to keep the bots of their subscribers systems. Blocking ports, sniffing for certain bot traffic, denying service to the idiots who get their computers taken over. Stuff like that.
Then my ISP's email certifier will get spam reports, They will contact my ISP. They will cut off my email and demand an explanation. I will clean my computer of malware before they turn on my email again.
They will wait until millions of doofuses sign up, with their individual credit cards, PayPal accounts and what-not, and then use the bot-infected PC's belonging to the hapless victims to log in and spam away.
...which is why captchas (and other methods that try to stop spammers from setting up accounts) are worthless.
You need to stop spam from reaching the users. If they don't see it, they aren't bothered by it.
I've said it before- Email Certification.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee. -You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it. -Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed. -Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist. -Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them. -This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
What do you want to bet his wife was right about the harassement to begin with ?
"Many of the reports she filed accused him of doing things when he was out of town....When he went to trial in May 2008, his charges were immediately dismissed because of lack of evidence"
First, it's a classic whitelist proposal with all the related problems.
Whitelists are's perfect. But they are effective. Someone who runs a whitelist gets NO spam (barring the one-in-a-hundred-million chance that one of their whitelisted contacts accounts gets hacked.)
You may not use it to get the spam out of your inbox unless there is 100% cooperation from anybody at once.
Simply not true. For example, I can route all Certified mail directly to my inbox, and all un-certified mail to a 'Possibly spam' folder. Then I look thru the 'Possibly spam' folder once a week or so. There- NO spam in my inbox. Please note, this is only necessary during the transition time from now to Certification. The faster everyone adopts it, the easier the transition, true. But it is NOT necessary for everyone to adopt it all at once- a simple temporary whitelist can allow uncertified email thru until they have their servers certified.
All you get is another factor to add to a bayesian filter to possibly improve it's sorting quality
And that's a bad thing?
Second, your certification fee will not guarantee you anything - since your ISP might get on the blacklist
Then I leave my ISP. And everyone else who can't send email leaves the ISP. And the ISP (which has virtually no customers left) goes out of business. Other ISPs see what happened to this one, and improve their responses for handling spammers so the same thing doesn't happen to them. Problem solved.
This your sentence effectively describes the existing publicly available e-mail server / open relay blacklists, dropping traffic from known offenders, with no added advantage over the existing situation.
There is an easy, one-click way to report spam to the blacklisters?
Third, the spam reporting mirrors the ancient practice (1980's?) of reporting offenders at links like abuse@yourIPS.com / postmaster@yourIPS.com. The certifiers would be just as effective in removing offenders as the IPS are removing them now - so no added benefit there.
Any Certifiers that don't do their job risk get blacklisted, and ALL the sites they certify are at risk for getting dropped. This can happen on an individual level ("Hi. You've reported your 10th spam from this Certifier. Would you like to completely block all emails that are certified by this Certifier? [Y] [n]", or at a higher level, such as an organization that keeps track of Certifiers and their responses and response times and sends out advisory blacklists users/isps can subscribe to....it will NOT be deleted by the recipients - you won't have 100% coverage, so recipients will expect to receive normal uncertified mail.
Of course, Certification works best when everyone adopts it. Duh. But it's still possible to whitelist individual accounts. Heck, a simple bit of code could pop up a dialog box that says "Hey, this user has lost their certification, do you want to add them to your whitelist so you continue to get their mail?" Problem solved- people click 'yes' to keep getting the email they want, the sending server is UnCertified, so all the spam gets deleted.
Fourth, the "stuck with it" part - if this system is implemented, then we will be stuck with an additional layer of complexity and a mandatory payment requirement that can be abused. This is a Bad Thing(tm).
Abused? I you don't like your ISP's rates for hosting a website, you can go to an outside company that hosts websites. Have website hosting prices been "abusive"? Besides, it's a one-time payment.
1) If not every one uses certified mail; then everybody will want and need to still appropriately receive and see non-certified mail.
During the transition, yes, this is perfectly true. It's perfectly true of ANY system- during the rollout, there will be a mix of old and new. Once everyone (or nearly everyone) is using certified servers, they can pretty safely drop the uncertified email. The rare exceptions can be han
I think the major reason why people flippantly dismiss solutions to the spam problem is that no solution immediately solves it. Once we get past that notion and instead think about eventually turning the tide against spam, things like your solution bear more investigation.
It's like Alternative Power. Mention Solar, and some people feel compelled to point out it's dark at night. Mention wind, some people feel compelled to point out some areas have very little. Same for Hydropower. The point they miss is that just One of these is not enough, and will not reliably meet All our energy needs. It's the Combination of them (with traditional power like nuclear/oil/coal) that will work.
Certification IS NOT perfect. There are ways around it (ISP hopping, hacking other people's email servers, zombie clients). But their are ways to patch those gaps (Spammer blacklists like the 'Black Book' Casinos use to look for cheaters, quick and drastic action taken against spamming servers to Force owners of hacked servers and/or zombie boxes to actually fix the problem or risk getting cut off for good).
Some of the problem is Social. I think the problem of spam will drop in the next decade as more and more old people (usually computer-illiterate) die off and more 'tech savvy' kids grow up. My (fiance's) mom would probably respond to every damn email scam out there, but my kids never will.
Some of the problem is legal. Indeed, the government needs to start enforcing the laws more when it comes to spam. Again, as more tech-savvy people grow up and get elected (or just vote),I think that problem will fix itself.
None of these things alone will stop spam. That doesn't mean none of these things are worth doing.
Well I can see you don't work in the email department of an ISP. I would love to block traffic from Yahoo but do you know how many pissed off customers would be lighting up the phones if we blocked them? Plenty.
Simple solution: Clearly and simply inform the callers that you have had to (reluctantly, of course) cut off Yahoo because they are a source of spam, and then refer all the callers to Yahoo's Customer Service or Complaint number and have them bitch at Yahoo. Yahoo will get the point.
OK you've got this all figured out so how do you get Yahoo to clean up its act? Their mail is certified.
Who Certified them? The complaints are going to Yahoo's Certifier. And that Certifier demands Yahoo fix the problem. If they don't, no more Certification.
Without any controls over who is certified and who isn't and who keeps their certification this idea is just bull shit
Of course there are rules that the certified have to follow, and rules the certifier needs to follow, too. But this is implementational details.
You have to look at what powers spam to stop it. What makes it work? Greed. Greed is the power behind it. Remove the profit and you remove spam.
Block the emails, you block responses. Block responses, you block profits.
Yes another power that could control it is fear. Fear of being arrested
Or fear of having your entire ISP effectively black-listed by the entire world because you lost your certification because you didn't cut off a spammer.
Sorry but in my mind anyone that is motivated by greed does not deserve to live
So, you have a job? You don't get a salary, do you? Working for money sounds like 'greed' to me....
This does nothing to prevent spam from giants such as gmail, hotmail, etc. who get their captchas broken. You can't blacklist them.
Why not?
With Certification, you most certainly can (and should) report spam. If Gmail's certifier gets spam complaints, they contact gmail, and give gmail reasonable time to fix the issue. If gmail doesn't fix the issue (both immediately by cutting the spamming user off and demanding explanation, and long-term by developing better methods of stopping spammers from signing up to begin with), then gmail gets it's certificate pulled. If that happens, they risk losing users, and therefore money. SO, it's in their best interest to fix both the immediate and long-term issues.
And in the end, even if the web-mail providers do end up un-certified, Who cares? It's still possible for people to white-list any specific email addresses they want to receive mail from. The same with small-time mailing lists that don't bother to get certified. The same with 'home' email servers.
Until Certified servers get hacked. Until computers using certified servers get hacked.
Then a few thousand Spam reports come in, the server owner either 1)fixes the problem (result: no more spam) or 2)they get their Certification yanked (no more (certified) spam. Or certified email of any kind).
Until someone hacks the certificates.
Public/private key cryptography. With large enough keys, it'd take more computers to crack than exist atoms inthe universe. Or something like that.
Why not determine if something is spam based on not only where it came from, but also what it reads or contains?
Sure, why not? Certification is not the only criteria you can use to filter emails. Have whitelists, have blacklists. Have filters that delete emails that have the word "vi@gr@" in them. Whatever. But If Certification became the norm, I'm betting that additional filtering would become mostly superfluous.
Its been said before, but any competent computer user will only see maybe 1-2 spam mails per week.
Says who? Maybe if you never post your email online anywhere. But then, how can people email you?:-)
I HATE this stupid form letter thing. Firstly, it really shows lack of imagination on your part. Second, it's WRONG:
(x) It will stop spam for two weeks and then we'll be stuck with it
'Stuck with it'? What's that supposed to mean? Like we're 'stuck' with SMTP or HTTP?
(x) Users of email will not put up with it
What's to 'put up with'? It's virtually invisible to users, except for the filter option regarding what to do with certified email, and a Big Red Button in their email client to automatically report certified spam.
(x) Requires immediate total cooperation from everybody at once
Simply WRONG. I addressed this in my post:
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.... You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.... This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
(x) Many email users cannot afford to lose business or alienate potential employers
They wouldn't.
(x) Open relays in foreign countries
What about them? If the server is Certified, they'll get reported. If they're not, they'll probably be ignored.
(x) Asshats
?
(x) Huge existing software investment in SMTP
This is still SMTP, just with additional Headers to the email, and an additional protocol to request/retrieve the Key.
(x) Armies of worm riddled broadband-connected Windows boxes
Again, If the server they use is Certified, they'll get reported. This results in the ISP cutting off the "worm riddled" boxes, and forcing the user to clean the box before allowing internet access (or at least email access) again. OR, if the ISP ignores the problem, they get their Certificate pulled. This is a bad thing?
(x) Eternal arms race involved in all filtering approaches
The only way to 'beat' Certification is to Certify yourself (you'll get blacklisted for failign to deal with spam reports), or have a 'spam friendly' ISP Certifiy you. (and then they'll get blacklisted.) Or ISP-hop constantly.
(x) Extreme profitability of spam
It's not profitable if no one replies. No one can reply if they don't see the spam. They can't see the spam if their client trashes it. Their client trashs it if it's not certified. (probably- this is user settable for normal email clients, or server-settable for webmail.)
(x) Extreme stupidity on the part of people who do business with spammers
See above.
(x) Dishonesty on the part of spammers themselves
It doesn't matter if you can't get a ISP to certify you.
(x) Bandwidth costs that are unaffected by client filtering
Not at first. But when they get NO replies, they'll stop spamming.
(x) Outlook
Why is this a problem?
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
None have ever been tried.
(x) Blacklists suck
Despite my saying 'no one will get the non-certified emails', this is not technically true. Certification is not a blacklist. It is a one of several criteria that can be used to filter email. For instance, a email filter like SpamAssasin looks at many factors to decide if an email is spam ot not. 'is it from a real domain?' 'Does it contain the word 'viagra''? 'is it CC'd to more than a few people?'... and a lot of other criteria. "Is it C
Slashdot Mirror
Unlimited != infinite.
Unlimited
1 : lacking any controls : unrestricted
2 : boundless, infinite
3 : not bounded by exceptions : undefined
infinite
1: extending indefinitely : endless
2: immeasurably or inconceivably great or extensive : inexhaustible
3: subject to no limitation or external determination
Then broadband came along offering unlimited connect time, not data.
That's simple wrong. I NEVER get "unlimited" connect time- I am limited to 30 x 24 x 60 minutes per month, sometimes 31 x 24 x 60. Heck, a few months ago, I only got 28 x 24 x 60 minutes.
Um, you do realize the story you linked to involves "a BIOS level malware attack capable of surviving even a hard-disk wipe". This is very different from it surviving a BIOS wipe.
You said "It's like going to an all-you-can-eat buffet and expecting to get a week's worth of food for $5."
I corrected you : "No, it's like going to a all-you-can-eat buffet and expecting to get... all I can eat."
What was wrong with your analogy was the part I changed.
You might say you wish to profit from it, but you've already put it in my hands. If you restricted my access to it somehow until I'd paid you, then you'd have an example that held some water.
SO it's okay to copy TV shows and any movie that has been broadcast on TV?
There is a huge difference between a carrier marketing 30/5 and delivering 23/2 because of high load at times and them delivering 64k/s
The only difference is on of scale. In both cases, they offer more than they deliver. It's just a question of how much they under-deliver.
Second, "High load"? At 1 in the A.M. in the middle of the week??? That;s about the LOWEST LOAD you're likely to see.
Your last paragraph says "I'd agree, if the advertised "Up To X Mb Per Second" isn't available much of the day, the advertising would be dishonest, but in my limited experience, most times of the day, ComCast meets their "up to" bandwidth advertising."
Well, I'm happy for you. I have Optimum Online (BOOST), which should be 30/5. I'm getting 24.383/5.3227, according to Opttimum's own speed checker. At 1:14am on a Wednesday night. And that's the best I've ever seen it. 24/30 = .8: I'm getting 80% of the Download speed I should be- No, I'm getting 80% of the Download speed I'm paying for. And that's inside their network! if I go to a nearby outside speed tester, I get:
18.555/5.224
18.59/5.29
11.703/4.954
21.906/5.191
Even taking the best of these, my connection speed to outside Optimum's network (IE: more realistic) is 21/30 = 70%
SO, in the end, I'm happy that you get what you pay for. I only really get 70% of what I pay for.
I would probably decide it wasn't worth the risk of my ten dollars to take a chance on getting only one can if that seemed to happen very often.
It happens all the time. And this is one of only 2 'grocery stores' (Optimum, Verison DSL) in the area, so....
And I'm really tired of people who use bad analogies. Or worse, ones that are simply... wrong.
It's like going to an all-you-can-eat buffet and expecting to get a week's worth of food for $5.
No, it's like going to a all-you-can-eat buffet and expecting to get... all I can eat.
Those analogies suck.
YES, If I pay for "200 AMP" service, I damn well expect to be able to pull 200 amps. If I can't, then it's not 200 amp service! If I pay for 30/5 (Optimum Online BOOST), then I should get 30/5. (I understand getting slightly less due to line conditions, etc, but when I pay for 30/5, I expect to at least get somewhere close to that thruput.)
You seem to be fine with an ISP giving you a 64kbps connection under a "Up To 10000000MBps" plan, simply because it says 'up to'.
I'm betting that if you read the medium sized print in your residential cable broadband contract, you will find that they don't guarantee bandwidth.
Well, if you went to the local grocery store, and saw they were offering 'up to' 10 cans of soup for $10, and when you paid your $10, they handed you ONE can of soup, wouldn't you be pissed? "But we didn't offer 10 cans, we offered UP TO 10 cans..."
I hate to commit a Farkism, but...
THIS.
Not on a scale of tens of thousands of years.
Morbo says: Half-lives do not work like that!
The stuff that'll be around for "tens of thousands of years" is not that radioactive. It's the stuff that only hangs around for a few years that puts out a really dangerous amount of radiation. But, then, it's only dangerous for a few years.
heh. I read a book where a terrorist group buys a russian submarine (complete with non-nuke cruise missiles) and (among other things) sets up two bombs on an under-water oil pipeline. The first, more obvious hole gets fixed, and they start pumping oil again, only for it to spill all out the second hole.
Who "decides" who can be a web site host?
A: No one.
BUT, if a spammer wants to self-certify, they'll get all the spam complaints about themselves. And, when they do nothing about their spam, people will begin to black-list that certifier. And then none of their email (spam or not) will get through.
But there are millions of them, all over the globe, getting infected with one bot as soon as another is removed.
Well, then maybe ISPs will need to take proactive measures to keep the bots of their subscribers systems. Blocking ports, sniffing for certain bot traffic, denying service to the idiots who get their computers taken over. Stuff like that.
Then my ISP's email certifier will get spam reports, They will contact my ISP. They will cut off my email and demand an explanation. I will clean my computer of malware before they turn on my email again.
See? Easy!
They will wait until millions of doofuses sign up, with their individual credit cards, PayPal accounts and what-not, and then use the bot-infected PC's belonging to the hapless victims to log in and spam away.
You need to stop spam from reaching the users. If they don't see it, they aren't bothered by it.
I've said it before- Email Certification.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee.
-You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
-Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed.
-Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist.
-Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them.
-This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
It may not be perfect, but it'd be a good start.
What do you want to bet his wife was right about the harassement to begin with ?
"Many of the reports she filed accused him of doing things when he was out of town....When he went to trial in May 2008, his charges were immediately dismissed because of lack of evidence"
The people who showed "contempt for the democratic process" were the people who left early.
First, it's a classic whitelist proposal with all the related problems.
Whitelists are's perfect. But they are effective. Someone who runs a whitelist gets NO spam (barring the one-in-a-hundred-million chance that one of their whitelisted contacts accounts gets hacked.)
You may not use it to get the spam out of your inbox unless there is 100% cooperation from anybody at once.
Simply not true. For example, I can route all Certified mail directly to my inbox, and all un-certified mail to a 'Possibly spam' folder. Then I look thru the 'Possibly spam' folder once a week or so. There- NO spam in my inbox. Please note, this is only necessary during the transition time from now to Certification. The faster everyone adopts it, the easier the transition, true. But it is NOT necessary for everyone to adopt it all at once- a simple temporary whitelist can allow uncertified email thru until they have their servers certified.
All you get is another factor to add to a bayesian filter to possibly improve it's sorting quality
And that's a bad thing?
Second, your certification fee will not guarantee you anything - since your ISP might get on the blacklist
Then I leave my ISP. And everyone else who can't send email leaves the ISP. And the ISP (which has virtually no customers left) goes out of business. Other ISPs see what happened to this one, and improve their responses for handling spammers so the same thing doesn't happen to them. Problem solved.
This your sentence effectively describes the existing publicly available e-mail server / open relay blacklists, dropping traffic from known offenders, with no added advantage over the existing situation.
There is an easy, one-click way to report spam to the blacklisters?
Third, the spam reporting mirrors the ancient practice (1980's?) of reporting offenders at links like abuse@yourIPS.com / postmaster@yourIPS.com. The certifiers would be just as effective in removing offenders as the IPS are removing them now - so no added benefit there.
Any Certifiers that don't do their job risk get blacklisted, and ALL the sites they certify are at risk for getting dropped. This can happen on an individual level ("Hi. You've reported your 10th spam from this Certifier. Would you like to completely block all emails that are certified by this Certifier? [Y] [n]", or at a higher level, such as an organization that keeps track of Certifiers and their responses and response times and sends out advisory blacklists users/isps can subscribe to. ...it will NOT be deleted by the recipients - you won't have 100% coverage, so recipients will expect to receive normal uncertified mail.
Of course, Certification works best when everyone adopts it. Duh. But it's still possible to whitelist individual accounts. Heck, a simple bit of code could pop up a dialog box that says "Hey, this user has lost their certification, do you want to add them to your whitelist so you continue to get their mail?" Problem solved- people click 'yes' to keep getting the email they want, the sending server is UnCertified, so all the spam gets deleted.
Fourth, the "stuck with it" part - if this system is implemented, then we will be stuck with an additional layer of complexity and a mandatory payment requirement that can be abused. This is a Bad Thing(tm).
Abused? I you don't like your ISP's rates for hosting a website, you can go to an outside company that hosts websites. Have website hosting prices been "abusive"? Besides, it's a one-time payment.
1) If not every one uses certified mail; then everybody will want and need to still appropriately receive and see non-certified mail.
During the transition, yes, this is perfectly true. It's perfectly true of ANY system- during the rollout, there will be a mix of old and new. Once everyone (or nearly everyone) is using certified servers, they can pretty safely drop the uncertified email. The rare exceptions can be han
I think the major reason why people flippantly dismiss solutions to the spam problem is that no solution immediately solves it. Once we get past that notion and instead think about eventually turning the tide against spam, things like your solution bear more investigation.
It's like Alternative Power. Mention Solar, and some people feel compelled to point out it's dark at night. Mention wind, some people feel compelled to point out some areas have very little. Same for Hydropower. The point they miss is that just One of these is not enough, and will not reliably meet All our energy needs. It's the Combination of them (with traditional power like nuclear/oil/coal) that will work.
Certification IS NOT perfect. There are ways around it (ISP hopping, hacking other people's email servers, zombie clients). But their are ways to patch those gaps (Spammer blacklists like the 'Black Book' Casinos use to look for cheaters, quick and drastic action taken against spamming servers to Force owners of hacked servers and/or zombie boxes to actually fix the problem or risk getting cut off for good).
Some of the problem is Social. I think the problem of spam will drop in the next decade as more and more old people (usually computer-illiterate) die off and more 'tech savvy' kids grow up. My (fiance's) mom would probably respond to every damn email scam out there, but my kids never will.
Some of the problem is legal. Indeed, the government needs to start enforcing the laws more when it comes to spam. Again, as more tech-savvy people grow up and get elected (or just vote),I think that problem will fix itself.
None of these things alone will stop spam. That doesn't mean none of these things are worth doing.
Well I can see you don't work in the email department of an ISP. I would love to block traffic from Yahoo but do you know how many pissed off customers would be lighting up the phones if we blocked them? Plenty.
Simple solution: Clearly and simply inform the callers that you have had to (reluctantly, of course) cut off Yahoo because they are a source of spam, and then refer all the callers to Yahoo's Customer Service or Complaint number and have them bitch at Yahoo. Yahoo will get the point.
OK you've got this all figured out so how do you get Yahoo to clean up its act? Their mail is certified.
Who Certified them? The complaints are going to Yahoo's Certifier. And that Certifier demands Yahoo fix the problem. If they don't, no more Certification.
Without any controls over who is certified and who isn't and who keeps their certification this idea is just bull shit
Of course there are rules that the certified have to follow, and rules the certifier needs to follow, too. But this is implementational details.
You have to look at what powers spam to stop it. What makes it work? Greed. Greed is the power behind it. Remove the profit and you remove spam.
Block the emails, you block responses. Block responses, you block profits.
Yes another power that could control it is fear. Fear of being arrested
Or fear of having your entire ISP effectively black-listed by the entire world because you lost your certification because you didn't cut off a spammer.
Sorry but in my mind anyone that is motivated by greed does not deserve to live
So, you have a job? You don't get a salary, do you? Working for money sounds like 'greed' to me....
This does nothing to prevent spam from giants such as gmail, hotmail, etc. who get their captchas broken. You can't blacklist them.
Why not?
With Certification, you most certainly can (and should) report spam. If Gmail's certifier gets spam complaints, they contact gmail, and give gmail reasonable time to fix the issue. If gmail doesn't fix the issue (both immediately by cutting the spamming user off and demanding explanation, and long-term by developing better methods of stopping spammers from signing up to begin with), then gmail gets it's certificate pulled. If that happens, they risk losing users, and therefore money. SO, it's in their best interest to fix both the immediate and long-term issues.
And in the end, even if the web-mail providers do end up un-certified, Who cares? It's still possible for people to white-list any specific email addresses they want to receive mail from. The same with small-time mailing lists that don't bother to get certified. The same with 'home' email servers.
Until Certified servers get hacked.
Until computers using certified servers get hacked.
Then a few thousand Spam reports come in, the server owner either
1)fixes the problem (result: no more spam)
or
2)they get their Certification yanked (no more (certified) spam. Or certified email of any kind).
Until someone hacks the certificates.
Public/private key cryptography. With large enough keys, it'd take more computers to crack than exist atoms inthe universe. Or something like that.
Why not determine if something is spam based on not only where it came from, but also what it reads or contains?
Sure, why not? Certification is not the only criteria you can use to filter emails. Have whitelists, have blacklists. Have filters that delete emails that have the word "vi@gr@" in them. Whatever. But If Certification became the norm, I'm betting that additional filtering would become mostly superfluous.
Its been said before, but any competent computer user will only see maybe 1-2 spam mails per week.
Says who? Maybe if you never post your email online anywhere. But then, how can people email you? :-)
I HATE this stupid form letter thing. Firstly, it really shows lack of imagination on your part. Second, it's WRONG:
(x) It will stop spam for two weeks and then we'll be stuck with it
'Stuck with it'? What's that supposed to mean? Like we're 'stuck' with SMTP or HTTP?
(x) Users of email will not put up with it
What's to 'put up with'? It's virtually invisible to users, except for the filter option regarding what to do with certified email, and a Big Red Button in their email client to automatically report certified spam.
(x) Requires immediate total cooperation from everybody at once
Simply WRONG. I addressed this in my post:
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible. ... ...
You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
(x) Many email users cannot afford to lose business or alienate potential employers
They wouldn't.
(x) Open relays in foreign countries
What about them? If the server is Certified, they'll get reported. If they're not, they'll probably be ignored.
(x) Asshats
?
(x) Huge existing software investment in SMTP
This is still SMTP, just with additional Headers to the email, and an additional protocol to request/retrieve the Key.
(x) Armies of worm riddled broadband-connected Windows boxes
Again, If the server they use is Certified, they'll get reported. This results in the ISP cutting off the "worm riddled" boxes, and forcing the user to clean the box before allowing internet access (or at least email access) again. OR, if the ISP ignores the problem, they get their Certificate pulled. This is a bad thing?
(x) Eternal arms race involved in all filtering approaches
The only way to 'beat' Certification is to Certify yourself (you'll get blacklisted for failign to deal with spam reports), or have a 'spam friendly' ISP Certifiy you. (and then they'll get blacklisted.) Or ISP-hop constantly.
(x) Extreme profitability of spam
It's not profitable if no one replies. No one can reply if they don't see the spam. They can't see the spam if their client trashes it. Their client trashs it if it's not certified. (probably- this is user settable for normal email clients, or server-settable for webmail.)
(x) Extreme stupidity on the part of people who do business with spammers
See above.
(x) Dishonesty on the part of spammers themselves
It doesn't matter if you can't get a ISP to certify you.
(x) Bandwidth costs that are unaffected by client filtering
Not at first. But when they get NO replies, they'll stop spamming.
(x) Outlook
Why is this a problem?
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
None have ever been tried.
(x) Blacklists suck
Despite my saying 'no one will get the non-certified emails', this is not technically true. Certification is not a blacklist. It is a one of several criteria that can be used to filter email. For instance, a email filter like SpamAssasin looks at many factors to decide if an email is spam ot not. 'is it from a real domain?' 'Does it contain the word 'viagra''? 'is it CC'd to more than a few people?'... and a lot of other criteria. "Is it C