approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(*) It will stop spam for two weeks and then we'll be stuck with it
The aim isn't to defeat spam so much as it is to defeat phishing, which it does quite well.
(*) Microsoft will not put up with it
Not sure how much this matters. Microsoft will adapt when the technology becomes popular and more refined. DKIM is still a relatively new technology (it is, however, not so new that it should be breaking news on Slashdot). The more industry support DKIM garners, the more pressure will be placed on Microsoft to put it in its mail products (Hotmail, sendmail-equivalent, Outlook).
(*) Requires immediate total cooperation from everybody at once
Not true. I think this is still speaking toward the goal of defeating spam, a purpose for which DKIM is not primarily intended. Also, what spam-fighting technology wouldn't have this requirement? "For all spam to stop... all people must stop spam"? Maybe a bit disingenuous here.
Specifically, your plan fails to account for
(*) Eternal arms race involved in all filtering approaches
This might be fair. Microsoft has Sender-ID/Sender Policy Framework. Everyone else uses DKIM. (Except, ironically, the original creator of DK, Yahoo! They haven't switched from DK to DKIM, at least not since I last checked a couple months ago.)
(*) Extreme profitability of spam
I think that's exactly what they're targeting. Phishing probably has the largest financial insentive for the scammers. However, this point seems irrelevant, or at least intuitively obvious. The reason spam exists is because it is profitable. If it weren't profitable, it wouldn't be a problem. To address spam but also maintain a culture of complete ignorance of the subject would be silly.
(*) Joe jobs and/or identity theft
Do you even know what DKIM is? This is exactly what it prevents. Aside from compromised hosts, a scammer would not be able to illegitmately send mail from a domain. In order to commit bank fraud, the scammer would have had to break into the bank's mail server or DNS server, which is incredibly unlikely. If this was even possible, why bother with the phishing at all? If he's already got his hand in the cookie jar...
(*) Technically illiterate users
Irrelevant. This solution operates mostly on the MTA level, not the MUA level. Meaning, Google and Yahoo! implement it, not W3bbo@yahoo.com. DKIM's implementation is completely transparent to the user. The only user interaction is a nice message in the MUA that says, "This message is signed by domain.com!" This will be a feature for a mail clients. There is no action required from an end-user other than installing whatever update is pushed out, which are mostly automated these days anyway.
(*) Extreme stupidity on the part of people who do business with spammers
I don't know what you're referencing here. Can you back this up in some way? Who are the stupid people doing business with spammers? End-users who receive spam? Credit card processors/payment gateways? I don't think either are relevant to phishing or how DKIM intends to fight it. Even with DKIM, it's feasible someone falls for mail sent from "mybank.scammer.com". However, I think this type of trickery can be significantly reduced depending on how the MUA displays the results of the DKIM signature test. If it shows "This mail is signed by mybank.scammer.com", the user may be tricked. If it only shows the second-level domain name (scammer.com), this confusion may have a significantly smaller impact.
My apartment complex, Estancia, has the exact same deal you have. I'm forced to use AT&T (formerly SBC) for DSL/phone and AT&T Home Entertainment for resold DirecTV (more expensive, no HD, etc.). Can't get cable, can't get FiOS, can't get Verizon DSL (even though from what I've been told they own the actual lines). I'm not even allowed to get "just DSL". I have to have an analog phone line, too.
Why doesn't this ruling affect the exclusivity contract my apartment complex has with AT&T/AT&T Home Entertainment? After reading the article, I thought this is exactly what the FCC was trying to stop. What am I missing here?
Does anyone else find the scoring a little odd? I was looking at Ron Paul's (R-TX) scores, and here are some interesting "wins":
Voted AGAINST a five-year ban on internet access taxes Voted FOR prohibiting online gambling (twice, apparently) Voted FOR prohibiting some computer generated porn Voted FOR net-surveillance without court orders Voted AGAINST free trade and Trade Promotion Authority Voted FOR curbs on class action lawsuits Voted FOR investigating "Grand Theft Auto: San Andreas"
Those all seem like big negatives to me. If you count those as negatives, he scored more closely to 50% (11/20, by my judgment; not restricting sites like MySpace seems to be positive -- free speech and all).
Just because it's impractical doesn't make it useless. I'm sure the engineers behind it learned many valuable lessons. Why all the hate? There's nothing wrong with science for science's sake.
That is a seriously amazing book. You should also read the sequel, The First Immortal.. James L. Halperin does a great job considering the various ethical issues brought to light by a true lie detector and the prospect of immortality through cryonics. I believe he attended Harvard and is very thorough in his scientific research.
Slashdot Mirror
TFA advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(*) It will stop spam for two weeks and then we'll be stuck with it
The aim isn't to defeat spam so much as it is to defeat phishing, which it does quite well.
(*) Microsoft will not put up with it
Not sure how much this matters. Microsoft will adapt when the technology becomes popular and more refined. DKIM is still a relatively new technology (it is, however, not so new that it should be breaking news on Slashdot). The more industry support DKIM garners, the more pressure will be placed on Microsoft to put it in its mail products (Hotmail, sendmail-equivalent, Outlook).
(*) Requires immediate total cooperation from everybody at once
Not true. I think this is still speaking toward the goal of defeating spam, a purpose for which DKIM is not primarily intended. Also, what spam-fighting technology wouldn't have this requirement? "For all spam to stop... all people must stop spam"? Maybe a bit disingenuous here.
Specifically, your plan fails to account for
(*) Eternal arms race involved in all filtering approaches
This might be fair. Microsoft has Sender-ID/Sender Policy Framework. Everyone else uses DKIM. (Except, ironically, the original creator of DK, Yahoo! They haven't switched from DK to DKIM, at least not since I last checked a couple months ago.)
(*) Extreme profitability of spam
I think that's exactly what they're targeting. Phishing probably has the largest financial insentive for the scammers. However, this point seems irrelevant, or at least intuitively obvious. The reason spam exists is because it is profitable. If it weren't profitable, it wouldn't be a problem. To address spam but also maintain a culture of complete ignorance of the subject would be silly.
(*) Joe jobs and/or identity theft
Do you even know what DKIM is? This is exactly what it prevents. Aside from compromised hosts, a scammer would not be able to illegitmately send mail from a domain. In order to commit bank fraud, the scammer would have had to break into the bank's mail server or DNS server, which is incredibly unlikely. If this was even possible, why bother with the phishing at all? If he's already got his hand in the cookie jar...
(*) Technically illiterate users
Irrelevant. This solution operates mostly on the MTA level, not the MUA level. Meaning, Google and Yahoo! implement it, not W3bbo@yahoo.com. DKIM's implementation is completely transparent to the user. The only user interaction is a nice message in the MUA that says, "This message is signed by domain.com!" This will be a feature for a mail clients. There is no action required from an end-user other than installing whatever update is pushed out, which are mostly automated these days anyway.
(*) Extreme stupidity on the part of people who do business with spammers
I don't know what you're referencing here. Can you back this up in some way? Who are the stupid people doing business with spammers? End-users who receive spam? Credit card processors/payment gateways? I don't think either are relevant to phishing or how DKIM intends to fight it. Even with DKIM, it's feasible someone falls for mail sent from "mybank.scammer.com". However, I think this type of trickery can be significantly reduced depending on how the MUA displays the results of the DKIM signature test. If it shows "This mail is signed by mybank.scammer.com", the user may be tricked. If it only shows the second-level domain name (scammer.com), this confusion may have a significantly smaller impact.
(*) CPU costs that are involved
Why doesn't it apply to places like that?
My apartment complex, Estancia, has the exact same deal you have. I'm forced to use AT&T (formerly SBC) for DSL/phone and AT&T Home Entertainment for resold DirecTV (more expensive, no HD, etc.). Can't get cable, can't get FiOS, can't get Verizon DSL (even though from what I've been told they own the actual lines). I'm not even allowed to get "just DSL". I have to have an analog phone line, too.
Why doesn't this ruling affect the exclusivity contract my apartment complex has with AT&T/AT&T Home Entertainment? After reading the article, I thought this is exactly what the FCC was trying to stop. What am I missing here?
This was done back in 1994 in the movie Richie Rich. It was pretty cool then, too.
What on Earth do you mean, "any more"?
Ah, that makes far more sense. Thanks for clearing that up.
Does anyone else find the scoring a little odd? I was looking at Ron Paul's (R-TX) scores, and here are some interesting "wins":
Voted AGAINST a five-year ban on internet access taxes
Voted FOR prohibiting online gambling (twice, apparently)
Voted FOR prohibiting some computer generated porn
Voted FOR net-surveillance without court orders
Voted AGAINST free trade and Trade Promotion Authority
Voted FOR curbs on class action lawsuits
Voted FOR investigating "Grand Theft Auto: San Andreas"
Those all seem like big negatives to me. If you count those as negatives, he scored more closely to 50% (11/20, by my judgment; not restricting sites like MySpace seems to be positive -- free speech and all).
What is this Kotaku nonsense? Here's the direct YouTube link: http://www.youtube.com/watch?v=gsHQ4E_VhaU
http://www.engadget.com/2006/09/09/gefen-rolls-out -4x1-8x1-1080p-capable-dvi-switchers/
Just because it's impractical doesn't make it useless. I'm sure the engineers behind it learned many valuable lessons. Why all the hate? There's nothing wrong with science for science's sake.
The google.com/ig interface is pretty sweet, but why isn't there any SSL? I don't want my Gmail transferred in plaintext!
That is a seriously amazing book. You should also read the sequel, The First Immortal.. James L. Halperin does a great job considering the various ethical issues brought to light by a true lie detector and the prospect of immortality through cryonics. I believe he attended Harvard and is very thorough in his scientific research.