Charging for email messages is a great idea. If the payment went from the person sending the message to the person receiving it, you could send about as much email as you receive and not be out of pocket at all.

I like that twist -- it's a good one!

Nielsen Hayden said they and (some other prominent blog) were also hit by DOS attacks this week.

OK, so we need a practical micropayment system, whcih doesn't skim off much. Even a fraction of a percent could add up for people who, as suggested, send as many emails as they receive.

You'd think the banks would jump at the chance.

But it would blow a big hole in the economics of, for instance, the recording industry. If you could buy individual tracks, or even individual playins of a track, direct from the band, where do all the record companies, and their highly-paid executives, end up.

Put a payment code in each CD, and the radio stations could automatically pay the artists too (you'd need some neutral source for audience numbers).

Charging fees to limit the spammers is fine, but the side effects of a working system could give the spammers some strange allies.

The problem with deleting the Flash plug-in is that you then don't get to see groovy Flash games and novelties, like this one

http://www.people.fas.harvard.edu/~pyang/flash/miniputt.swf

Nah - I don't want to discuss spam, I want to talk about Flash. It is, as you say, a proprietary format, but you neglect to mention that the format is open (http://www.macromedia.com/software/flash/o...censing/fileformat/). You also say that there is no free viewing solution - I'm pretty sure there are shitloads of them, but you can certainly find at least one at http://www.geocities.com/TimesSquare/Labyrinth/5084/flash.html. Additionaly there's a mini-industry in software which can read/write/mangle files in flash format - see http://flashkit.com for a zillion examples.

It's actually pretty neat - a nice, well distributed way to generate and view good antialiased vector graphics, and much less gruesome than throwing yourself into the clutches of Adobe and .pdf.

Of course you're right to loathe badly done web pages full of pointless animation and godawful user interface 'metaphors', and you're even more correct to loathe anyone who commits the sin of popup advertising - but I don't blame the tools, which are rather good. That would be like blaming Photoshop and Pagemaker for the foetid webpages and newsletters produced by tasteless amateurs on a techno powertrip.

Instead, blame people. People are bad.

Of course you do know that someone can write a flash app on their webpage and stream your microphone or webcam to them! (Don't you love technology!)

-Roy

Another little thought about the potential effects of micropayment schemes involving email. Look down the page a bit and you'll see the basic idea -- pay a very small fee for every email you send, and get that money for every email you receive.

Now figure out what that could do to a Make Money Fast scheme. "Take the top name off the list, and send them an email telling them that you have removed their name. Put your name at the end of the list, and send a copy to six of your friends."

Micropayments could change a lot of things.

I saw over 250 spam messages to tyger(at)hoopoes.com over about four weeks recently. I didn't think to calculate the size but the volume is nigh on nine a day during the quite summer period. I reckon the spam level rises as Christmas approaches.

(That address has been live and published (e.g. slashdot) since mid-98.)

I'm actually a little relieved to hear how much crap has headed your way - though only because I was starting to wonder if something was intentionally being directed at me! Have a look at http://www.hoopoes.com/temp/days.png . The vast majority of the 'spam' now being caught is actually Sobig.

Until Sobig.F struck, my ratio of real mail to spam by volume was about 1:1. It's now roughly 1:7 and rapidly getting worse ...

A guy at a party Saturday evening was pitching a 'refund' version of the payment system. The sender includes a micropayment to the recipient's account. The recipient has
the choice of both reading/deleting the message, and keeping/refunding the payment. The idea is that people would refund payments from their friends, acquaintances, relatives and business associate. But they could keep payments for spam. The goal was that imposing say, a 0.25 USD charge would be trivial for most people (they'd have a few dollars in escrow
at any given time), but would be prohibitive for spammers.

It might be worth checking the headers on some of your SoBig spam to see if you are getting a large fraction of it from just a few IP addresses. I was getting a lot of SoBig spam (though nothing like yours) and finally realized it was all coming from ONE IP address... tracert revealed it to be a library computer in Broward County, Florida.

So I called the Broward County Library Computer Help Desk and asked the guy there to fix it. Within 8 hours I had stopped getting any SoBig spam.

Regarding the idea of swamping spam servers by responding to the messages:

It seems to me that all these solutions fail by applying Internet solutions to real-world problems. The problem with spam is that we have a finite amount of real-world resources to deal with it: limited time and limited interest. In contrast, spammers have an effectively unlimited ability to throw spam at us.

What we need is to impose real-world costs on the spammers. Almost every commercial spam has some means of contacting the spammer. Don't spider the site; ring up the owner - or better yet, visit him or her. How many phone calls a day can a spammer cope with? How many customers can a business cope with? They're relying on the fact that .001% of messages get a response. If they got a 10% response rate they would be utterly swamped. I don't suggest that people should actually purchase anything from them; just consume the spammers' real-world resources with techniques that don't cost very much.

The problem is when the spammers are only contactable via methods that cost money, like phone calls that charge excessively. In those cases it might be necessary to go one level up the food chain, much like complaining to an ISP about a spammer.

All Sobig viruses have had an expiration date. Sobig.F should stop spreading today. Which of course means that Sobig.G should appear soon. So the relieve will only be temporary.

Sobig-f stopped about thirty hours ago, as of now.

Which is a small relief. I reckon towards the end I was receiving upwards of 3Mb/hour, and a total of 250Mb (that's >2500 worms) came my way.

I *really* hope Sobig-G doesn't follow the virulence curve from A-F, because if it does, this here server has a monthly bandwidth allowance of only 20Gb of traffic; even if I redirect all the incoming shite to /dev/null, it'll start costing me real money. Must look into ways of pre-filtering incoming email connections using Exim (i.e. actually read the first bits of the message looking for worm spoor and simply cut the socket and blacklist the originating IP address for a couple of hours if it's Sobig-G).

Hmm.... Are you running Spamassassin in daemon mode? Some people have said to me that it seems to work pretty well for increasing throughput, but they're talking about a massive multiproc sun box, so it might not apply. I'm not sure that I'm crazy about all the work that running a Baysean entails, but supposedly bogofilter is pretty damn fast and about as accurate as SA when properly trained.

Is there a way of configuring mail servers to automatically drop any attachment with a MS-DOS "MZ" executable header (i.e., anything that's a Windows binary)? I'm surprised if this isn't a common add-on for Sendmail by now. There aren't many legitimate things that would be inconvenienced in this way (and those that are could be packaged up in .zip files).

The notion of spidering spammers' web sites to overwhelm their servers or anyway raise their web hosting expenses sounds like a good idea. To ensure that only real spammer sites get spidered, what about setting up a spam trap email address - the FCC, for instance, puts a trap email address in an obscure web page where no human will think it is a real contact address, only a spam spiderbot. The trap address's inbox is scanned for web addresses, which are stashed in a database.

Then make these spammers' website addresses available from several servers which serve them to instances of a distributed tool (like the SETI@Home or the Mersenne Prime finder tools).

Each instance slowly spiders spammer sites whose addresses it is assigned - probably only when the user's net connection is otherwise idle.

That doesn't absolutely avoid the problem of mean-spirited persons sending spam with their competitors/ enemies' web site address in them. But they would have to use the same kinds of spiderbots to gather email addresses that many spammers use.

I can think, off-hand, of one immediate spammer response strategy: switch from websites to phone or postal sites for reader responses. Or maybe something like gopher or ftp -- an old protocol which the reader's web clients can cope with, but which may not be supported by the spam spiderbots.

I too hate SPAM and as a small time ISP reseller have been swamped over the last few days.

There is a simple SPAM solution - it will however involve getting propellor heads to agree and talk to each other.

If anyone wants to be in the multiple message business - ie sending out more than a bulk notice for a birthday party all we have to do is set up an association that brings together ISPs and the put a meter on the senders smtp.

call it .00001¢ an email (or some other small charge. I am not suggesting it be 48¢ like a stamp - although I am not totally against that - it should be something. I personally believe that SPAM if paid for would be

1. lowwer volume - as most folks SPAMMING are low barrier to entry companies and will go away if they have to pay per transmission

2. we might even get better SPAM... there are some (just like flyers I get in the mailbox) that I have bought from. But at least the flyer folks had to pay the freight - not me.

The do re me collected should go to a fund that improvs the service of the Net - like to schools, libraries etc etc


my2¢

from a rambling old geezer

mose, your scheme is trivially broken. Simply, what about popular but legitimate mailing lists that aren't run by the rich?

The linux-kernel list would have been strangled at birth under your proposal, and there's no *way* Rutgers would have kept providing gratis hosting for it for years, as they did.

You are penalising the innocent to fight off the guilty. This is a bad idea.

New mail protocol -- that's a can of worms, isn't it. When was IPv6 due to take over?

But it might not be so difficult. Most ISPs can be pretty sure of which account is connecting to their mail systems to send customer-mail -- it's just that so many of them are unable to stop the spammers setting up new accounts. So a New-MTP need not replace user-level use of POP3/SMTP.

Of course, we're told that spammers use fraudulent ISP accounts, yet we're also told about the spamhavens that nobody seems able to shut down or black-hole.

Can we rely on what we know about spammers? Are some of the stories another bunch of lies?

There's one way to get away from it (mostly) in the UK - the BBC. That way you only get a few ads for their own services. Not great but better than the alternatives.

As for books - do you remember the habit of life insurance companies putting adverts in tear out cards in the middle of 60s/70s SF novels? This and the habit of having blurbs for other books that 'you might like' seems to have gone away so far.

“Ban the advertising industry. Ban it now, before it's too late.”
 
Also getting rid of words like commercial, advertising, money, business, product, marketing. which fuels the ‘lock-in’ loop? Maybe.

I think the very definition of commerce or trade is sharing of information. Is trade necessary anymore with the age of abundance. We can still trade things but on a smaller scale non threatening to our ecosystem, non scarce. This might revert us back to the simple stone ages but only if technology is at its peak. It’s like having so much tech that we don’t really need it anymore, but it still needs to be there in the background.
This is called intelligent design :() like ergonomics. efficiency for the sake of simplicity or something but that could get dangerous. Of course intelligence breeds resiliency. We have to really smart so we can be really stupid. Smart first stupid later.

So if I have a Vonage ad on my website I put it there under my own volition and if it’s relevant to my website so as not to disturb/hurt the user. To serve properly. It’s still annoying to me even Google ads as well suck I think.
AD SHMAD. We really don’t need them. If we want to find something it’s better for the website provider or store owner to provide static links or subtle references. Dynamic irritation stinks. it does become very robotic because it is based on random chance algorithms make like very superfluous and superficial. We are not robots. Even non-Google static ones are too random. Bah! I want to find a good word for harmful superficiality. OK, a good term is a Russian Roulette Website. I’m not hurt, I’m not hurt, OK I’m hurt now sadism. Also I think if people are not stuck in one place in general too much then there is more opportunity for people to spread the word about things less advertising opportunities. problem with the DVD, closed game and government owned park is that you don’t really own it and therefore are locked into their form of censorship.

Also do we need Las Vegas anymore in terms of gambling? I have been there a few times and noticed strongly that there were no more gambling tables. I was very disappointed and angry at the slots and cameras on you as well.
BRING BACK THE TABLES! With tables there is more room on the floor to wear cool clothing like a cowboy hat. Really you look foolish wearing a cowboy hat at a slot. At a slot you look like a crazy person anyway. It’s very masturbatory. Now the Illinois governor wants to bring in a game called Kino in a family restaurant to build public schools that brainwash ourselves with mixed message classrooms. We will keep this out though. Sure, destroy families by beholding them to money.

No money though. Would that be fun though to gamble without money? Maybe. We do it now with digital gaming, right; but then as soon as they start doing gaming ads then it moves to the contests; then the company pampered fanboys arise; then cheating arises; and then people leave the game too little too late after some sort of chat room abuse lawsuit. Out of focus on the game being played. Also reminds me on relevancy theories. Keeps coming up lately I think because we are reaching that critical mass.
Open source gaming is waaaaaay better.
www.happypenguin.org

I get ~1000 spams a day at this account. All but a couple a month are filtered out by SpamAssassin, and I haven't had a false positive for nearly a year.

(Other people seem to get much worse hitrates.)


I read a worrying pair of things in the Economist a year or so back; one letter, one article. The article was on guerrilla marketing (i.e, a way to fool us into giving advertisers attention when we don't want to), which started out from the presumption that `we receive 300 commercial messages per hour. Obviously, this should be increased...'

The letter was from someone in an advertising agency expressing horror at the idea that anyone might *not* want to spend all their time watching advertising, since 'without commercial messages the TV and the Internet would never have been invented'. The letter-writer claimed to watch adverts for fun, as a spare-time activity.

Advertisers aren't human anymore. Myself, I hold to my humanity with SpamAssassin and ad-filtering web proxies: I gave up on the TV more than a decade ago in a move to hold down the tide of advertising. (Many people don't seem to react to it as violently as I do: I'd be happy to have blackout-tracking glasses that repainted adverts black or extrapolated plausible background into them... if I want `commercial messages' I'll go *looking* for them, thank you very much. But the nature of the positive-feedback-driven advertising industry is such that almost none of those paying for all that crap have realised that their money is increasingly being wasted.)

Apologies for not digging out the proper citation, but I recall that in the (early?) 19th Century the British Parliament came rather close to banning all public advertizing, at the time when posters were being painted and glued on landmarks natural and architectural, and the streets were filling with bumf.

Leads to an interesting alternate history, perhaps the same one where the Dickens-Babbage British Writers Union was successful. Even reactionary Judge Alito in fruitless Senate Confirmation masque admitted a hierarchy of American First Amendment "free speech" -- with Political the most essential, commercial speech somewhat less so, and internet p0rn at the bottom. I consider that spam is NOT a form of speech at all, but a pure pathological parasite in the channels intended for speech.

Edited by author 01-14-2006 09:53 PM
Occasionally, I use a web browser that doesn’t have flashblock and adblock configured with my batch of regular expression filters, and I’m startled by the amount of advertising taking up space on various web pages.

From another perspective, it’s simply that advertising technology isn’t good enough yet. Advertisers wouldn’t actually want to waste money by decreasing anyone’s liking for their products; they just can’t target people well enough yet. Sufficiently advanced technology would only show you things that you might want to buy, and at a frequency just short of the point you would get annoyed and avoid the product. But I don’t want advertising houses knowing that much about me...

Novels are advertising-proof? Sadly, this may not be true for much longer.

http://www.publishersweekly.com/article/CA...001&display=archive

Edited by author 01-15-2006 09:53 AM
Matthew: there are clauses in my book contracts -- boilerplate language, I didn't put them there (although I approve of them) -- forbidding my publishers from inserting advertising in the text. They've got a very limited right to advertise other books in the same imprint on any blank pages left at the end of the book block, and that's about it.

There was a big battle over this in the 70's, IIRC, and the authors' organizations won big.

Besides, the economics of book publishing don't lend themselves to advertising. When a midlist novel has a circulation of 2-10,000 in hardcover and 10,000-50,000 in paperback, you can't sell advertising in it for much money. Most magazine ads generate reader responses at a rate in the range 0.1% to 1% -- even 1% of 10,000 books is sod-all, and 0.2% (20 responses) would be more typical. It literally isn't worth an advertiser's time and energy to advertise in any book that isn't a guaranteed best-seller, even if the cost of doing so was effectively zero.

Update: Fay Weldon is unusual insofar as she's got a very well recognized name, and she found a corporate sponsor willing to throw money at her for an internal promotional goodie (a limited edition in a print run of 750 copies isn't advertising -- especially if the author you're talking to is almost certainly charging more than £20,000 for their time). That her main publishers then decided to grab the book and re-issue it merely suggests that she can sell anything she writes -- because the brand relationship here is that Bulgari are capitalizing on Fay Weldon's name, not vice versa.

Put it another way: would you buy a novel sponsored by, say, Ford or Microsoft, from some author you'd never heard of?

Also ‘positive author quotes’ seem to be advertising but more relevant though to what the author wants, hopefully.

Jonathan Vos Post,
Also in addition to regular 'signs' on the roads there is 'bulk' advertising where massive objects are used such as company sponsored McMansions or large satellite dishes and antennas. Next thing they will try to shove on us is a virtual car window to block out bad scenery. There is a British company that has the ability to blanket high speed satellite over Europe and the entire world starting foirst with America as they seemed to plan for next year. But I am hoping against odds for this luxary because big companies want to put down a host of Wi-Fi land-based terminals which gives them more power to advertise on the streets locally. They stopped Google from giving free Wi-Fi to San Francisco. They were ready to do it I’m pretty sure.
Also I really believe allot of government objects are kept very visible to display a certain power. I think I'll take a picture of one down my street and post it. It's right next to the bank’s 15 year old vintage ATM machine larger then the house that owns it. Cameras always watching of course. It would be kind of a cool picture especially if I get away with suspicious picture taking at an ATM machine. :() Wow, what a juxtaposition. It’s so crazy but you can make so much entertainment with this.

Yah, invent great ad blockers with Firefox and just more codecs to bring it down or slow it down slower then Microsoft’s IE which owns allot of the advertising as well. So to me when the free guys use techniques to deal with privacy issues it can turn into a form of selling out as well.
I use Gmail and not one spam piece ever. Maybe you don't have spam assassin’s setting right?
Charlie, I’m surprised you can’t get it with a higher powered ‘free?’ blocker. Maybe Gmail is in payola to stop their spam as well now or you do get a tun of mail.
Usually with free software you can see if there is a scam or not to allow certain spam to pass through but I guess it can only do so much.

Mark: I run my own mail server. I maintain the SpamAssassin configuration on it. I take reasonable anti-spam precautions. You'd be amazed how much spam there is out there (and how much I block).

Nevertheless, every time the spammers develop a new technique I have to take action to block it. Which means they're still wasting my time, even if I never see any of their rubbish.

Edited by author 01-15-2006 03:11 PM

Try to escape by playing a computer game and some asshole in marketing is going to realize that there's prize real estate in their MMORPG and start selling advertising billboards in Middle Earth.

It's already happening. Here's a report of people selling advertising space in Counter-Strike servers.

Wow! Great rant, Charlie!

I confess, I don't watch much TV, so when I do, I rather enjoy the commercials. It's only the mind-numbing repetition that destroys me. Well -- that and the fact that commercial-supported movie channels cut out significant parts of the movie to fit in more commercials. Oy.

A historian writes: Don't forget that public billboard advertising in the UK right now is about a tenth as dense as it was a hundred years ago. All those cute tin signs used to cover every available space...

I burned out my ad tolerance whilst working in an industrial bakery in Bradford where an arse-awful local radio station was streamed over the public address system. Not only did they heavy-rotate the same twenty dire TV spinoff versificator songs all day, but they fired off an astonishing amount of ads, dozens an hour. I remember thinking it would have been a plausible means of torture.

Which is why there are no ads on TYR.

Regarding spam, I carried out an experiment on my Gmail account recently. On Monday, I erased the lot. By close of play there were 14 items of spam, by the same time the next day 57, this morning 385. I sometimes amuse myself by harassing the hosts of the sites the phishers link to; far more useful than the botnets that crank 'em out. I don't like the charge-for-email idea. I'd far prefer more robust sender authentication, on the principle that on the Internet all must be end-point.

I wasn't as ad-furious as someone in Bradford that summer though - on the way to work I used to pass a billboard with a semi-clad woman, until one morning some fool climbed up and defaced it. What did the heroic defender of Islam choose to black out? Not her tits, immodest thighs, flowing hair, but of course her face. I think I'd choose ads over that, come to think of it.

But still. Cracking rant, Charlie.

Charlie wrote: I run my own mail server. I maintain the SpamAssassin configuration on it.

Are you blocking dynamic addresses? That's where the vast
majority of the spam/worm/virus traffic is coming from at the moment. (Largely due to botnets, unfortunately.)

Rejecting connections using the SBL/CBL is a useful move.

Chris.

Hi Charlie. Your recent entry reminded me of a description from John C Wright's "The Golden Age," where a man was walking on a hillside in the future and was bombarded with advertisements. I got to thinking, what the heck would you do if you couldn't afford one of those "sense-filters?" Here's the scary description:

"With another gesture, Phaethon lowered his sense-filter and opened his brain to all the sensations in the area, so he could look upon "reality" without any interpretation buffer.

The shock of the noise and music, the screams of the Advertisements, startled him. Panels and banners of lightweight film hung or floated grandly in the air. Each one flashed with colors brighter and more gaudy than its neighbor; every image was twice as dizzying, alluring, and hypnotic as the one before. Some of the Advertisements had projectors capable of directing stimulation into any brain equipped to receive it.

When they noticed Phaethon staring (perhaps they had registers to note his eye movements and pupil dilation—such information was, after all, in the public domain) they folded and swooped, clamoring, pressing around him, squawking, urging him to try, just once, free trial offer, their proffered stimulants and additions, false memories, compositions, and thought schemes. They swarmed like angry sea gulls or hungry children from some historical drama.

"The music was, if anything, worse [...]. They made no effort to muffle the sound for the sake of those who did not share their extensive ear/auditory lobe modifications, their peculiar subjective time-scale alterations, or their even more peculiar aesthetic theories. Why should they? Every civilized person was assumed to have access to some sort of sense-filter to allow them to block or to tolerate the noise."

Chris: if I blocked dynamic IP addresses, I'd have to block myself, too. Bit of a nuisance, that ... maybe I ought to tweak the dynamic-IP weighting test in SA a little more, but that's about as far as it goes.

Charlie wrote:
>
>Chris: if I blocked dynamic IP addresses, I'd have to block
>myself, too.

Not that I'm aware of: Demon is all static IPs, and has been
since the beginning TBOMK.

On the other paw, the whole point is that people on dynamic
addresses should *not* be running servers.

> Bit of a nuisance, that ... maybe I ought to tweak
>the dynamic-IP weighting test in SA a little more, but that's
>about as far as it goes.

What you really want is to block Port 25 access incoming for
stated dynamic address ranges. This needs a firewall rather
than a mailserver rule.

Chris.

--
Duct tape is like the force. It has a light side, and a dark
side, and it holds the universe together ... -- Carl Zwanzig

Chris, I don't use Demon. I use Telewest for the cable modem, and UK2 to host the CoLo server I run my own virtual ISP from. (Friends and family only, natch.) The colo box is static IP, of course, but if I'm running around the planet I like to talk to it via SMTP/SSL or IMAP4/SSL from a box with a random IP address (using DynDNS to point to it for reverse lookups).

Charlie scribbled:
>Chris, I don't use Demon. I use Telewest for the cable modem,
>and UK2 to host the CoLo server

Ah, I remember the old days, I think, when you were on Demon....

>I run my own virtual ISP from. (Friends and family only, natch.)
>The colo box is static IP, of course, but if I'm running around
>the planet I like to talk to it via SMTP/SSL or IMAP4/SSL from
>a box with a random IP address
>(using DynDNS to point to it for reverse lookups).

I don't /think/ that should be a problem. What you're trying to
do is something like:

1) only accept incoming mail on port 25 from static IP addresses
   that are not in any of your "known spammer" blacklists. This
   will stop the vast majority of spam/trojans/viruses from the
   compromised cablemodem users out there.

2) have a secured connection for yourself from anywhere, which
   SSL is going to get you, using a different port with its own
   security.

I'm not a mail admin, but I think this is a pretty standard task.
Cheers,
Chris.


--
Duct tape is like the force. It has a light side, and a dark
side, and it holds the universe together ... -- Carl Zwanzig

Chris Wrote:
/*
2) have a secured connection for yourself from anywhere, which
   SSL is going to get you, using a different port with its own
   security.

I'm not a mail admin, but I think this is a pretty standard task.
*/

Wow, something I can actually comment on - setting up SSL to *check* your mail is fairly non-trivial. Courier has this mostly built in, you just have to actually read the directions.

Setting up SSL so you can *send* email is a little tricky. Something like stunnel (on Linux) makes it easier and I *think* it supports the client authentication with a public-key/private-key sort of thing. As long as you have an approved key that matches the key on the server, you can connect - anyone else can not.

Stunnel forwards your authenticated connection from the SSL port to port 25 and it would be coming from the localhost, so you could block dynamic ip addresses from connecting to port 25 without blocking yourself. In my experience, setting up stunnel is easier than trying to get an smtp server to actually work with SSL. It has been several years since I've set it up with Qmail so things might be a bit different now (better?) - I just use Gmail to send mail and use my mail server for incoming mail only.

Blocking dynamic IPs is functionally equivalent to blocking "anyone with Internet access who can't afford to run their own server", given that any and all consumer, organisational and unwired networks use them. ISP snobbery is one of the things on the Internet that pisses me off INTENSELY.

Alex missed the point entirely:
 
> Blocking dynamic IPs is functionally equivalent to blocking
> "anyone with Internet access who can't afford to run their own
> server", given that any and all consumer, organisational and
> unwired networks use them.

Nonsense. What is being suggested here is that *mailservers* should not be run from dynamic IP addresses. There are very good reasons for this.
> ISP snobbery is one of the things on
> the Internet that pisses me off INTENSELY.

It's got nothing to do with snobbery and *everything* to do with risk management. The biggest single source of spam is the compromised home system, used to ram spam or virus attacks into other peoples inboxes. Domestic (and dynamic) users should not be trying to run their own outgoing mail server - these days every single virus seems to have its own email sender built in - but should use their ISP's outgoing mail server (which may have filtering built in to prevent virus/spam propagation). Most 'consumer' ISPs don't allow users to run servers anyway (or at least, claim not to).

By setting your mailserver to reject connection attempts from known dynamic addresses, you will be blocking a very large amount of the problem.

Just as a matter of interest, I'm using a 'domestic' ISP, albeit one which provides me with a static address and will allow me to run any server(s) I choose from it (subject to legality, of course). I don't bother to run a mail (or any other) server, though that might change in the future, and is one reason I picked an ISP that permits it.
----------------------

Insecure systems on dynamic addresses are a major part of the problem. Blocking access to your email from them is a step towards a solution.
----------------------

Chris.

Looks like advertising is taking a new direction, rooftop adverts that appear on Google Maps:
http://adverlab.blogspot.com/2005/08/adver...th-google-maps.html

Charlie: You can do authenticated SMTP for yourself & block the rest of the dynamic IP world if you want.

Greylisting might help. Have you tied spamassissin into the mailserver or are you doing the checks after accepting the mail? The former might cut your bandwidth bills a bit...

Edited by author 01-17-2006 12:17 PM
Yah, Gavin Long: I read an article like this about someone that had paid 100,000 for a virtual space-station in a game. People pay for digital media though. Can’t they just copy another station with the mouse but still.
But then I thought: wait, they do sell digital media for that much and then it’s back to the free software again. ~Twirls~
Ok, we have finally reached the point of cyberspace where everything is digital and all of the sudden we want to influx monopoly money back into the picture???
We do have to keep our bio-bodies in shape still.

Richard Morgan’s Altered Carbon’s protagonist Takeshi Kovacs walks down a street and has a drug induced advert for the drug being sold inflicted on his mind by a passerby drugdealer. Kovacs is no stranger to recreational drugs but is infuriated and attacks the advertiser on the street anyway. This in his dealings with heavy intrusive adverts on the San Francisco streets. Drive-By-Porn etc. These add to the book greatly the psychedelicness of the San Fran history.
We deal with drive by porn today.

"Nevertheless, every time the spammers develop a new technique I have to take action to block it. Which means they're still wasting my time, even if I never see any of their rubbish."

I totally agree. It’s still an attack.
The more defenses, the more we validate these people.

Also about paper (real)mail spam which I actually think is worse. Should we have like a Drop Shipper invent a 'soft' mailbox or something non-government where we have more direct controls or wouldn't work? I hate private businesses too though as they invent their own way to spam but DShippers and Federal Express here are pretty nice. Also could help with safety of paper-mailboxes as Fed Ex didn’t seem to have troubles with the recent problems we had here in America with mailbox terrorism.
EDIT: Fed Ex is private but small mail is usally governmet or Federal.

On the question of spam e-mail, since I know you're a linux-head, may I recommend Chris Lightfoot's Bayesian filter, bfilter? It really does work -- in my experience anyway, which granted is an order of magnitude less than yours (spam folder gets about 50 new inmates per 24-hour period). http://ex-parrot.com/~chris/software.html

Regarding the recent self-qualified rant, I refer all to Vance Packard's _The Hidden Persuaders_, written in 1957 and commentig on advertising shift (deemed teluric by Packard) from selling the product to selling insecurity (I remember is Packard's indignation when he refers to an event where executives from a shoe-making outfit where told by their Advertising consultants "So not sell shoes... Sell beautiful feet!"). I think the book rightfully points out some basic tricks of the trade (as novel as they were in the late 1950s) and I enjoyed Packard's outraged tone.

Charlie:

I am sympathetic to your plight. I have a number of longtime email addresses that became spam traps. However, I found a simple solution that has a certain bugzapper-esque gratification.

I signed up for a gmail.com account because their spam filter not only works quite well, but shares the filtering data between customers. When you forward your email from accounts to the gmail account, the spam goes as well, is caught by the filter, stuffed into a spam folder, and cataloged by gmail for the rest of the gmail users. Thus, you help your fellow man by plucking nasty little spams out of the air, declaring them junk, and throwing them away.

Anything that gets through can be labelled spam with the click of a button -- zap! You actually feel like you've done a good deed. I find that I see maybe a dozen spam messages a week at most.

I know it's Google, the newest Darth Vader, but sharing spam filtering is a good way to unite against spam.

Personally, I blame George Bush for spam, only then I realised that made me sound like Ralph Nagin blaming George Bush for Katrina and THAT is just plain stupid.
So I'll content myself with blaming people who think like George Bush, those who worship (cue Extreme) the almighty dollar.
I used to be plagued with it, but now it seems as though my providers have come up with ways to protect me (AOL and MSN respectively) Yeah, bloated and plutocratic they may be, but I don't have to search through 300 offers of fake Viagra and a degree from the same storefront college sold Iain Paisley his doctorate to find the real stuff.
Seeing as money is all that motivates the spammers, I'd suggest the best way of stopping them is taking away their money - automated spam reflectors that generate a gazillion replies for every spam received and destroy their sites (yes, I know some of the tricks they use - the idea is really a knee jerk, like wanting to kneecap the little bastard who threw stones at me on the way home from the station) or taking them to court and having them locked up.
Yes, I know. Futile hopes.
The thing about advertising is that its only the advertising that isn't directed at you that you really hate (which is most advertising, if we're honest) Just think, though, if there was absolutely NO advertising, how would any of us know when there was a new Charles Stross book for us to buy? Surely you wouldn't have us poring over the shelves of bookshops would you?
On the other hand . . .
Repeat after me, kill a spammer a day . . .

" if there was absolutely NO advertising, how would any of us know when there was a new Charles Stross book for us to buy?"

Definitional problem here: the meanings are quite distinct for advertising, marketing, publicity, public relations. I will not provide definitions; good ones exist online by respective professional organizations. I hate Emperor Bush II also, but I doubt that he takes donations from any American Society of Professional Spammers -- because that no more exists than does the Union of Anarchists, or the Consortium of Solipsists.

PC virus celebrates 20th birthday
Many unhappy returns
By John Leyden
Published Thursday 19th January 2006 20:52 GMT

Analysis Today, 19 January is the 20th anniversary for the appearance of the first PC virus. Brain, a boot sector virus, was let loose in January 1986. Brain spread via infected floppy disks and was a relatively innocuous nuisance in contrast with modern Trojan, rootkits and other malware. The appearance of the first Windows malware nonetheless set in train a chain of events that led up to today's computer virus landscape....

"I know it's Google, the newest Darth Vader, but sharing spam filtering is a good way to unite against spam."

I don't have too much of a problem with Google. it's Yahoo and AOL that are allot more evil I think. At least Google stands up for our rights and seems more impartial on the news sight unlike Yahoo which hand picks.

::Yahoo admits it let White House access its databases::
http://www.timesonline.co.uk/article/0,,11069-2002169,00.html
::Google defends our rights::
http://www.pcadvisor.co.uk/news/index.cfm?newsid=5576

Not sure how far Google will get but when it comes to money they could get taxed heavily. I personally would skirt the money since I am so idealistic :)

I don't go to sites where their prime focus is to frustrate and lambaste the user with colorful crap(Yahoo AOL). Maybe Yahoo is better now as I haven't looked; as I don't want to miff someone of their favorite site, but I still don't like AOL. Google serves me well in this regard although maybe no adisms at all one day.

I don't know why the US Government wants to know the 10 million most used words on Google (or whatever it is they want to know) What I do know is tht their motivation has nothing to do with any 'war against internet ponography', 'cos that's like their 'war on drugs' and 'war on terrorism' - all in the imagination of speech and leader writers, because Gee Whiz and people like him (and who pay for him) make much too much money for any of those 'wars' ever to be succesfully concluded.
Of course, if it was the Chinese government making those demands, there would be no question about compliance.

And people are giving more excuses about the economy ‘doing well’ (didn’t I here this in the 90s during the beginning of the oil-for-food and Enron scams?), yet we still have extreme poverty plus diminished rights. The economy goes up and down like always. We came to this country to get the hell away from the government and ads I thought. that's why I like it here at least. We usually have most power over our privacy but now it's joke like the rest.
So maybe we just have to blast off planet to a new horizon. I was comparing that to the Internet sort of lately, how it’s been an escape to the new frontier, it was interesting about survival and The New World concept. But surely we wouldn’t have to upload ourselves and maybe just get a ship to another planet first...probably still not an escape.

Things like diminished rights will really hurt the economy in the end like the scandals did at the end of the 90s. So if that's what they want then there it is.

It's endless, and always will be. I developed a deep distaste for advertising after a bizarre LSD experience back in the late nineties. For the last five years I have been television-free, which really helps. But there is without a doubt a massive barrage of advertising everywhere, on every available surface. Which is why I love to see graffiti and stickering; the kids are trying to reclaim their public space (though with little success, to be fair).

To tie this in to a SF context (though admittedly not a 'hard' SF one), an interesting view on the future of advertising and entertainment can be found in the 'Vurt Cycle' books by Jeff Noon (Vurt, Pollen, Nymphomation, Automated Alice). They're a bloody good read too, if rather eccentric and off-the-wall.

VelcroCityTouristBoard

I didn't need LSD to grow to hate advertising. The sheer distraction factor is hateful enough.

Another thing I notice are catch-phrases and then everyone hovers around like vultures. They seem to be timed by companies or government to a certain degree of peakness for maximum take.
Like an adgasm.
It is traditionalism.

Just noticed that Jeanson Ancheta has done a deal following conviction for setting up zombie networks for spam blasting. He's agreed to take 4 to 6 years inside, make $15000 restitution to the US military for hijacking their systems (anyone remember War Games?) plus forfeiting his gains.
I wonder, will he get his job with the CIA before he goes to jail, or after.
Is this was US judges consider an exemplerary sentence?
When it comes to spam, I am afraid I agree with Herman Goering when he heard about culture (something that does NOT make me feel good; its even worse than finding myself in agreement with Norman Tebbitt) He reached for his revolver. I don't have one of those, and don't want one. On the other hand, I do have a reel of strong stranded wire and there is bound to be a lamp post nearby should Mr Ancheta appear in my neighbourhood.

"Is this was US judges consider an exemplerary sentence?"

They might as well bring him onto the military base. They could profit even more.
Yeah and any sensual pleasure must be coupled with pain/withdrawel. Ad-blasting doesn't give allot on the pleasure end though.

Agree with Charlie. Unholy trinity of television advertising, spam emails and cold calling had driven me to the edge of sanity. Consequently: all TV goes onto a hard drive recorder, watched on delay, fast forward through ads at 30 speed; new .mac account has received no (can hardly believe it) spam in 12 months, after all others reaching a spam ratio of 30:1; and caller display, so any caller not in the phone's address book is screened by answerphone, and cold callers don't leave messages. Safe for now, presumably ads will soon be lasered directly onto my retina.

Let me just wipe this tear from my eye.

Sure you don't want to buy generic \/iaggrra? This seems to be my usual spam pillage, and I'm pretty certain I don't need it...do I?

It's a pity we can't just have a concerted effort to track down spammers and crush them beneath our collective booted heels. Or pehaps Spam them back with small tactical nuclear weapons.

Ahh...happy thoughts.

Heh...I especially liked the one telling you it's time to change your password on your own server. Brilliant.

My solution to spammers includes steam flying machines, a pride of anime hentai cat-girls with big guns, an assortment of space pirates (with and without motor scooters and electric guitars), and, just to make sure, a duo of Trouble Consultants with instructions to be careful.

(If I'm going to have wild fantasies, they might as well be fun ones.)

Shit, Dave, I've just realized that your spammer solution would fit perfectly in my next-but-one SF novel (the Iron Sunrise sequel). Now I just need to find a spammer.

Here is a science-fiction story about a hitman who kills spammers:
http://neometropolis.com/hakker.html

Of course, I don't support the *COUGH*w*nd*rf*l*COUGH* idea that spammers whould be killed...
;)

And I thought that I had a warped imagination.

Just a thought. Spammers are motivated by money (if they just wanted to work for the CIA or whatever the KGB is called these days [Al Quaida?] they would design viruses) that they keep on keeping on leads to a logical conclusion.
Out there, people are buying generic viagra, homeopathic viagra, degrees from colleges in Athens, Georgia and signing up to be policemen (because Homeland Security is everybody's busness, especially those of us who don't live in the USA)
Myself, I'd have thought such people were too dumb to live, but I may be wrong. Maybe evolution doesn't work any more.

And maybe they simply don't believe in evolution.

Note to Great Inventor: do not attempt to give away the secrer of Cold Fusion or Antigravity by mass email.

(At this point it starts to be difficult to distinguish The Count of Monte Cristo from The Stars My Destination)

Your memo is priceless. Hate to say it, but it (and some of the poems at Making Light which recast Nigerian spam as verse) indirectly give a "redeeming social value" to spam (to use the famous American legal phrase from pr0n precedent).

Writers fight back, in part, by getting as much bandwidth as they can for their own work. Here's an interesting example from Oz: "Technically, CliveJames.com is a multimedia Web site, divided into four sections: text, audio, gallery, and video. According to Mr. James, it is the first such Web site to be created by any writer in the world."

I was using Mozdex recently with no ads it seems but they seem like all the rest as I think they are looking to place ads on the site which do abuse your privacy.
Looks like their trying to milk linux too:
http://www.libervis.com/modules/wordpress/?p=15
http://www.mozdex.com/

Sounds phony.

if they just wanted to work for the CIA or whatever the KGB is called these days [Al Quaida?] they would design viruses

I'm pretty sure that all of the CIA, KGB and Al Qu'aeda would draw the line at spamming. I mean, even the evillest of evil bastards have some limits.

The problem is compounded by the dumbass braindead behaviour of real bank security, when they _do_ phone you up to tell you someone has nicked your card details. A few months ago, the Co-Op phoned me, and asked me to give them my bank account number in order to confirm my identity. I told them to fuck off, put the phone down, then rang the Co-Op's main customer number - the one on my statements - and was able to find out that there was a kosher flag on my file. All was sorted out. But really.

Maybe the caller did not know you banked with Barclays, but was just hoping to score. A lot of people would just give the requested info, and then wonder why a bank was calling that wasn't even their bank.

Maybe the caller did not know you banked with Barclays, but was just hoping to score.

Very unlikely. Barclays have just three branches in the whole of Scotland, and don't really do current account banking up here -- I'm still with them because they're a lot more pervasive down in England, and I kept the account when I moved.

The more I think about this, the more uneasy I get. It looks like a highly targeted ID theft operation, just filling in the missing bits of info they can't get from a dumpster. Police report coming on.

Edited by author 03-06-2006 11:10 PM
I live in the US, and the exact same thing happend to me with the Discover card three months ago. The call started with "a new card is on its way, and we're raising your credit limit" and then it went on "but can we verify your mother's maiden name and your social security number?". At which point I knew enough and hung up. (What warned me immdiately is the raised credit limit. Mine is awfully high and I've never used more than 30% of it.)

These scammers had one extra thing going for them though: they faked their caller ID (simple with VOIP) and made it look like the company's real phone number.

I ended up calling Discover, explaining the story (and they confirmed they'd never place a call like that), and putting a fraud watch on this card. The scammers called back twice more.

I use this credit card mostly for on-line purchases, so I guess somebody must have gotten the a list of names and CC numbers from a hacked system somewhere, and staretd a call center...

That 0800 number is allocated by OFCOM to BT, which strikes me as odd. I would expect fraudsters to be using one of the many smaller telcos.

Michael, that assumes the caller gave out an 0800 number associated with their scam. More likely, at the first sign of suspicion on my part, they just rattled off a random number and crossed me off their list. (If you've got any sense and you're running one of these scams, you don't give a valid callback number to a target who is suspicious.)

I've bought quite a lot of stuff over the web in the past eight or nine years. It's probably time to reset my bank account and credit cards (and also lock down so that only one credit card is used online and the other one is only used for cardholder-present transactions).

Charlie, I have one credit card with a very low limit (about $450 US) that I use exclusively for on-line sites that I haven't dealt with before and may not be reputable (e.g. buying a bootleg from Russia). I call that my sacrificial goat card - if that gets abused and maxed out it won't really harm me.

Anyway, my point is you want *two* on-line credit cards - the sacrificial goat and one to deal with known entities (large bookstore orders and whatever).

Charlie

You and I would both like to break 'Jacob's legs, but even if you do find him you'll find his name isn't Jacob and that he hasn't done anything illegal in his country of (probably temporary) residence. That's the really worrying thing. These thieves - like all really succesful thieves - have contacts way higher up the social and judicial chain than we can ever hope to be heard and they will be protected because they buy the protection with remarkably small amounts of their profits. Then there are the regimes as happy to sponsor phishers (ghastly name) as they are hackers (but we can't say anything horrible about the Iranians, the Chinese and the Chechens can we)

As far as phones go, it is a long time since anyone has called me about anything I might want to buy over the phone, and anyone giving me an obviously fake name doesn't even get the 'courtesy' of a 'goodbye'. Like most of us, when I want something, I'll go looking for it and in the meantime I'll shred every offer of a credit card I get.

Were there always so many conmen about, or does the incredible cheapness of contemporary technology enable them to spread their web further and faster, making them seem ubiquitous?

Some banks and credit card companies offer single-use or virtual credit card numbers. Citibank is one, I believe. I don't know if they're available in the UK or not though.

For example:
http://www.citibank.com/us/cards/cardserv/advice/van.htm

If someone gets that number from a website database, it won't do them much good. Other alternatives are pre-paid credit cards, if you want something physical.

I can't give details, due to confidentiality, but...

An attorney for whom I sometimes do paralegal work was in court last week when a judge ordered the client to write his driver's license number on a certain court document, which already had his name, phone number, and snailmail address. The attorney protested, saying that this exposed the client to identity theft. The judge insisted that this was his order. The opposing attorney said that this was standard operating procedure in this courtroom for this type of case.

My friend, in the hallway, argued with the opposing counsel, who admitted that she herself had once been the victim of identity theft. After some conversation, she realized that the client was now in the same danger.

The attorney returned to his office, where I proofread and made other suggestions for the letter, which the attorney promptly sent to the judge, and to the Judicial Council, pointing out that this court order was, on the face of it, illegal under California State Law. The letter further insisted that the file on the client be redacted, immediately, so that any member of the public asking to see saiud file (public records!) would not see the driver's license number.

The client was a truck driver. Identity theft involving the driver's license would likely, on detection, create a time period in which the license number would be revoked, the guy would have no license, and would lose his job.

In that case, I pointed out, the client could sue the judge PERSONALLY for acting so far beyond his discretion.

So, even if someone with real power over you asks for data that you know you need not divulge, be sure that you're in contact with an attorney who can act promptly to protect you.

Mr. Stross, if you'd like to I can put the Kap Verdian Curse on "Jacob"... though I'm not sure if it works if the offended party(you) has no ancestors from Kap Verde. Are you 100% Scottish?
;)

-A.R.Yngve
http://yngve.bravehost.com

I notice that the domain name www.antipope.com has been offered for sale, with starting price at $1,710. Hmmmm.

Antipope.com, last time I looked, was held by an Australian monastery.

I'd buy it, but not for $1710 -- more like, an order of magnitude less.

May your prayers to Me be answered.
-- the Eschaton
(p.s. I am NOT a deity)

I just got a phishing call from someone rude and stupid even in his profession. "Good morning," he said, "May I please speak with Mr. Post?"

"This is Professor Post speaking," I said.

"Professor of what?" he asked, "Bullshitology?"

I've got a *69 sequence of calls going back to him, that phones him and interrupts his cold calls each time he pauses between potential victims.

Of course, the conversation cut off so soon that I can't be sure that he wasn't just a cold-calling salesman violating our placement on the "do not call" list.

Have you ever gotten people who deny to you that they've gotten you by wrong number, and keep calling back? I've had to call those folks back several times in 2 a.m., 3 a.m., 4 a.m. and other breaks between chapter writing to educate them. And once had the police involved.

And the ones who apologize: "Sorry, I must have gotten the wrong number."

To them I say: "You're welcome, but actually this is only one of billions of wrong numbers."

Give me a break. My B.S. was in Bullshitology.

I recently had one of those phone calls that actually turned out to be from my bank! Their helpdesk wasn't, but the caller had claimed to be from the nearby branch so I went in and ranted at the person who had phoned me up a bit about information security...

Sorry to post on something that isnt much of my business, but I also bank with Barclays and got one of these calls. The 0800 389 1652 number is a genuine Barclays number use by the Fraud Detection dept, though my search on your webpage made me uneasy enough to ring the bank's customer service number and confirm this. There were indeed flags on my account, so it wasn't a sting.

i had the same, the call came through from 08000158180 (0800 158 180) and they told me to call 08003891652 (0800 389 1652). i didnt trust them

i then found out that barclays fraud number is 01604 254 050

after all, it turns out that it WAS a real call from barclays. but they did praise me for being diligent.

Even so, never trust people who call you! always call them back on a number that you find out, not neccesarily a number they give you.

To you managing the blog: PLEASE remove the number 0800 389 1652 from your page. It comes up first when googled and your page implies it's a scam whereas IT IS REALLY BARCLAYS FRAUD LINE!!!

While not at home, someone left a message to call this number urgently .. wanting to be clever, I googled it and found your page. Avoiding the scam of course I felt very intelligent, and didn't call back.

However today I went to my branch to find out that my account was being debited to buy tickets on Kenya airways, so that I was actually being robbed.. now the card is blocked and I hope I'll get my money back.

Bottom line, this page is very missleading and almost permitted my account to be emptied by someone. Nice world out there.

Charlie: When are you going to remove that Barclays number from your Blog?!!!! There are a lot of people who are going to ignore genuine calls from Barclays Fraud Detection, because your page comes up first when you Google the number. It's great that you're trying to make people aware of these types of scams, but you are doing more harm than good leading people to believe it's a fake number. Please edit the page!

Hi, I find this article very useful. It has some nice thoughts.
Continue working in the same way.

Hi, I like this article. You can write some more info but anyway. It is always good to read such interesting article. Thanks.
Continue writing in the same way.

Following on from other posters below me, the Barclays 0800 number mentioned in this article is indeed genuine. I telephoned the team on a different number (01604 254 050) and they passed that number on as an additional freephone contact. I didn't have a pen to hand at the time so I typed it into a search box in order to remember it, then Googled it for the hell of it once I had written it down. This article was the first search that comes up. Therefore, for anyone who reads this, the 0800 389 1652 number IS GENUINE...it was passed to me following my contacting Barclays, they did not initiate the correspondence in the first instance.