I've read a lot of the traffic here, and I'm surprised that so many people still just don't get it.
The only way to deal with spam is to end its anonymity. Any method you choose: white list, black list, heuristic filter, blocking server names, blocking server types or Net access methods etc are all gonna fail.
First, some unsolicited email is welcome. So there has to be a way to get welcome unsolicited mail (the comments below about the ATT exec and ATT marketing people wanting to get blocked mail make that point.) So there will always be holes in the wall blocking spam.
Second, spammers are persistent, and can engage in nearly costless experiments to penetrate spam barriers. Actions taken to block the less persistent will breed fewer but more aggressive and persistent spammers. (That's also why laws can't work. They only work on the law-abiding. Only outlaws remain, routing through China.)
The only thing that will solve the spam problem is authenticating the sender. This could be over in a matter of months. If AOL and MSN were to provide digital signatures to their subscribers (they already have authentication information for them), and offered to block any incoming unsigned mail, everyone else would have to sign their mail in order to reach aol and hotmail accounts. In ATT's case, if they were to provide a digital signature to each users account, and only use the whitelist filter on unsigned, incoming mail, they would also foster the end to anonymous email, and, as night follows day, to spam.
In that environment, the various countermeasures actually work. Or you simply block any unsigned mail, and pursue any signed spam through laws or civil action.
The rub, of course, is that ATT, MS and AOL send out their share of spam......
This, and all other spam "remedies", won't work unless there is widespread mail authentication. And if there is widespread mail authentication, this, and all other spam "remedies" would be superfluous.
It wouldn't take much either. AOL and MSN already have authentication information for each of their users, through their credit card subscriptions. AOL and MSN simply have to announce that by January 1st they would issue a digital signature for each subscriber, and include that signature on all outbound mail. At the same time, they could offer the capability to block all unsigned mail as of, say, March 1.
That'd be enough to force everyone else to get a signature. And that would be the end of spam.
However, MS is a pretty active spammer, and I suspect AOL is as well.
Tamara Amey has tried to instill solid values in her daughter on everything from schoolwork to sex, but what Kyla Amey, 16, did on her computer was up to her. Or at least until Ms. Amey heard that the record industry was planning to sue Internet file swappers.
Last month, Ms. Amey ordered Kyla to delete the software she used to download popular songs without paying for them. But in their debate about online sharing and stealing, Ms. Amey sometimes feels more confused than confident.
"The Internet is so gray when you come to these kind of areas," Ms. Amey of Shelby Township, Mich., said after the lawsuits were filed. "When I was a kid, we used to tape music off the radio. You never heard of record companies suing people for that."
Yeah. That "next five years" thing is a good trick. They've got, what, two or three year's of useful data? And from that they make five year projections. Reminds me of the first round of pen-based computing. In 1989/90, we're five years away from the death of the keyboard.
Slashdot Mirror
I've read a lot of the traffic here, and I'm surprised that so many people still just don't get it.
The only way to deal with spam is to end its anonymity. Any method you choose: white list, black list, heuristic filter, blocking server names, blocking server types or Net access methods etc are all gonna fail.
First, some unsolicited email is welcome. So there has to be a way to get welcome unsolicited mail (the comments below about the ATT exec and ATT marketing people wanting to get blocked mail make that point.) So there will always be holes in the wall blocking spam.
Second, spammers are persistent, and can engage in nearly costless experiments to penetrate spam barriers. Actions taken to block the less persistent will breed fewer but more aggressive and persistent spammers. (That's also why laws can't work. They only work on the law-abiding. Only outlaws remain, routing through China.)
The only thing that will solve the spam problem is authenticating the sender. This could be over in a matter of months. If AOL and MSN were to provide digital signatures to their subscribers (they already have authentication information for them), and offered to block any incoming unsigned mail, everyone else would have to sign their mail in order to reach aol and hotmail accounts. In ATT's case, if they were to provide a digital signature to each users account, and only use the whitelist filter on unsigned, incoming mail, they would also foster the end to anonymous email, and, as night follows day, to spam.
In that environment, the various countermeasures actually work. Or you simply block any unsigned mail, and pursue any signed spam through laws or civil action.
The rub, of course, is that ATT, MS and AOL send out their share of spam......
This, and all other spam "remedies", won't work unless there is widespread mail authentication. And if there is widespread mail authentication, this, and all other spam "remedies" would be superfluous. It wouldn't take much either. AOL and MSN already have authentication information for each of their users, through their credit card subscriptions. AOL and MSN simply have to announce that by January 1st they would issue a digital signature for each subscriber, and include that signature on all outbound mail. At the same time, they could offer the capability to block all unsigned mail as of, say, March 1. That'd be enough to force everyone else to get a signature. And that would be the end of spam. However, MS is a pretty active spammer, and I suspect AOL is as well.
More to the point, they're trying to scare the parents. From the front page of today's NYTimes:
S I.html
http://www.nytimes.com/2003/09/10/technology/10MU
Tamara Amey has tried to instill solid values in her daughter on everything from schoolwork to sex, but what Kyla Amey, 16, did on her computer was up to her. Or at least until Ms. Amey heard that the record industry was planning to sue Internet file swappers. Last month, Ms. Amey ordered Kyla to delete the software she used to download popular songs without paying for them. But in their debate about online sharing and stealing, Ms. Amey sometimes feels more confused than confident. "The Internet is so gray when you come to these kind of areas," Ms. Amey of Shelby Township, Mich., said after the lawsuits were filed. "When I was a kid, we used to tape music off the radio. You never heard of record companies suing people for that."
Yeah. That "next five years" thing is a good trick. They've got, what, two or three year's of useful data? And from that they make five year projections. Reminds me of the first round of pen-based computing. In 1989/90, we're five years away from the death of the keyboard.