Sorry to mention, but...
phantasma6: "Could this stop free mailing lists? If the sender has to pay..."
>> It does not have to pay. However, if it mails to someone with ABM, it gets an automated response which can be ignored. After all, anyone subscribing to a mailing list can add that address to the whitelist, and therefore receive the letters.
For those, who say a properly configured SA (or any other tool) can solve their problem, let me mention that it took only 6 months for my favourite free web-based e-mail service became unusable due to the amount of spam: I received about 500 messages a day, and even with a simple rule that every message not coming from.hu domain goes straight to waste bin (which solved MY problem of the spam) didn't solve THEIR problem of getting more million spam messages daily, and their servers were overloaded. And if you don't pay anything you can't demand HW upgrades, can you?
So sorting mail with 100% accuarcy, and 0% false positives can only solve YOUR problem of the spam.
cheesybagel:"Yeah, this is full of holes. And the worst thing is that it can mess with my wallet."
>> You mean your $5 initial deposit? Or you send more unsolicited mails then receive?
lachlan76:"I should be able to send email WITHOUT giving someone my BANKING DETAILS, and without losing money because someone doesn't like me."
>> So long live the spam? And anyway ABM does not require you to send banking details...
panurge:
First, look at the opportunities for fraud. Say I set up a porn site with an email address. You email me and the system asks you to post a huge bond to get the message through, say $1000. Somewhere out there will be id10ts who haven't configured their systems properly.
>> And they paid $1000 to their escrow service. In advance. Just for sending emails. Yeah, very likely. But clearly there are fraud opportunities...
router:
Virus writer releases virus that causes your Windows 2k/XP/LongHorn desktop to send spam. (done)
Spam gets sent to address that auto claims bond.
Your escrow account gets raided. (0.50$)
You can't send email anymore.
Virus writer gets paid and retires. (100M x 0.50$)
>> This is a very valid and likely type of freud, for instance.
azaris:
1. Set bond to $ 0.01 to ensure automatic bond posting.
2. Subscribe to 10,000 different mailing lists.
3. Profit!
Aye, this would be... erm... let me calculate... 0 times $0.01 equals... khm... 0. No mailing list over would configure there servers to reply to bond claims.
IMHO the main problems of this system are:
- if whitelists are not located in the servers, you will have to download "bondless" messages too.
- high possibility of frauds
- after sending a mail, (if you don't send bond automatically ) you have to wait (sometimes minutes) and you will not be sure that even after that your mail has arrived. Think of a modem user connecting, downloading his mail, replying offline, connecting again to send answers and new mails, and WAITING for bouncing bond claims. Not comfortable.
Think of a broadband user wanting to send an urgent mail just before he leaves home.
Unless he is on the recipients whitelist, if they use ABM, the sender of the mail HAS to wait.
This could be eliminated only if the automatic bonds processing is done on the servers, which i feel insecure. (think of someone SMTPing into my mailserver and sending a mail (with my address in the From field) to himself. Since SMTP does not have any kind of security check in it, all he has to know is my email address.
So without changing SMTP or implementing some sort of sender identification (which they say to be important because of the whitelist) it wouldn't be hard to fake-send messages in my name (trying to use my automatic bond sending and reclaiming the bond on arrival [and quite possibly immediately "forwarding" the bond to another account])
Don't you know mailinator.com? Instant e-mail address without registration. You just give me@mailinator.com as required e-mail, and after that you can check you inbox...
Slashdot Mirror
Sorry to mention, but... .hu domain goes straight to waste bin (which solved MY problem of the spam) didn't solve THEIR problem of getting more million spam messages daily, and their servers were overloaded. And if you don't pay anything you can't demand HW upgrades, can you?
phantasma6: "Could this stop free mailing lists? If the sender has to pay..."
>> It does not have to pay. However, if it mails to someone with ABM, it gets an automated response which can be ignored. After all, anyone subscribing to a mailing list can add that address to the whitelist, and therefore receive the letters.
For those, who say a properly configured SA (or any other tool) can solve their problem, let me mention that it took only 6 months for my favourite free web-based e-mail service became unusable due to the amount of spam: I received about 500 messages a day, and even with a simple rule that every message not coming from
So sorting mail with 100% accuarcy, and 0% false positives can only solve YOUR problem of the spam.
cheesybagel:"Yeah, this is full of holes. And the worst thing is that it can mess with my wallet."
>> You mean your $5 initial deposit? Or you send more unsolicited mails then receive?
lachlan76:"I should be able to send email WITHOUT giving someone my BANKING DETAILS, and without losing money because someone doesn't like me."
>> So long live the spam? And anyway ABM does not require you to send banking details...
panurge:
First, look at the opportunities for fraud. Say I set up a porn site with an email address. You email me and the system asks you to post a huge bond to get the message through, say $1000. Somewhere out there will be id10ts who haven't configured their systems properly.
>> And they paid $1000 to their escrow service. In advance. Just for sending emails. Yeah, very likely. But clearly there are fraud opportunities...
router:
Virus writer releases virus that causes your Windows 2k/XP/LongHorn desktop to send spam. (done)
Spam gets sent to address that auto claims bond.
Your escrow account gets raided. (0.50$)
You can't send email anymore.
Virus writer gets paid and retires. (100M x 0.50$)
>> This is a very valid and likely type of freud, for instance.
azaris:
1. Set bond to $ 0.01 to ensure automatic bond posting.
2. Subscribe to 10,000 different mailing lists.
3. Profit!
Aye, this would be... erm... let me calculate... 0 times $0.01 equals... khm... 0. No mailing list over would configure there servers to reply to bond claims.
IMHO the main problems of this system are:
- if whitelists are not located in the servers, you will have to download "bondless" messages too.
- high possibility of frauds
- after sending a mail, (if you don't send bond automatically ) you have to wait (sometimes minutes) and you will not be sure that even after that your mail has arrived. Think of a modem user connecting, downloading his mail, replying offline, connecting again to send answers and new mails, and WAITING for bouncing bond claims. Not comfortable.
Think of a broadband user wanting to send an urgent mail just before he leaves home.
Unless he is on the recipients whitelist, if they use ABM, the sender of the mail HAS to wait.
This could be eliminated only if the automatic bonds processing is done on the servers, which i feel insecure. (think of someone SMTPing into my mailserver and sending a mail (with my address in the From field) to himself. Since SMTP does not have any kind of security check in it, all he has to know is my email address.
So without changing SMTP or implementing some sort of sender identification (which they say to be important because of the whitelist) it wouldn't be hard to fake-send messages in my name (trying to use my automatic bond sending and reclaiming the bond on arrival [and quite possibly immediately "forwarding" the bond to another account])
Interesting part in the document is
chmod 777 . /*
instead of
chmod 777 ./*
as root, ofcourse...
Don't you know mailinator.com? Instant e-mail address without registration. You just give me@mailinator.com as required e-mail, and after that you can check you inbox...