Charlie Stross  08-08-2002
07:45 AM ET (US)
|
Two other possibilities spring to mind.
<P>
Here in the UK, advertising is regulated: there's a body called the Advertising Standards Authority which requires all ads to be "Legal, Decent, Honest" and which can levy fines against advertisers who breach the standards laid down in their code of conduct. I'd love to see someone set the ASA loose on the bigger spammers, because they'd be able to nail them to the wall: spam is mostly used to sell cheap fly-by-night nonsense and illegal scams and pyramid schemes, or porn sites, so it almost automatically violates at least one of the rules. Unfortunately the ASA doesn't seem to have taken an interest yet ...
<P>
And the other possibility, which I am seriously considering adopting, is server-hosted whitelist blocking. Basically, unless I know you, your email to me will be held on a server until I check the list of sender names and decide whether to add you to my whitelist. Short of spammers switching to using Klez and similar worms to send their junk from friends' mail clients (which would already fall foul of hacking and virus laws), that stops spam dead. Unfortunately it also stops legitimate email, but you can't make an omelette without (etc).
<P>
On another note -- am I the only person who, under the impact of a deluge of spam, has now become highly allergic to all forms of advertising? These days I can't sit through TV ads any more -- I have to channel hop or kill the sound. Because I see it and somthing in my hindbrain goes "spam - evil". Does this happen to you, too?
|
Chris Smith 08-06-2002
01:22 PM ET (US)
|
For now, SpamAssasin is working for me. However - the
end-to-end network is still maintained. Although SA runs
at my ISP, it runs because *I* asked for it on my account,
and I can tweak the whitelist.
I can see a combination of things working here. If SA can
usually detect spam, then we can go with a buy-up factor,
where *my isp* receives payments for me to add local
headers to reduce the SA score. (SA's threshold is 5.00)
score PAID_YOU_1_CENT -1.00
score PAID_YOU_2_CENTS -2.50
score PAID_YOU_50_CENTS -100.00 # guaranteed through
At that last rate, 5 or 6 spams per day will pay for my
high-speed connection...
Of course, free riders will accept the money, but just
put
score PAID_YOU_1_CENT 100.00
score PAID_YOU_2_CENTS 100.00
score PAID_YOU_50_CENTS 100.00 # guaranteed killed
in their config, figuring that anybody who needs to
pay to have their email received isn't someone you
really need to talk to.
I suppose we could close the loop - you only get paid
the guaranteed funds if you click through to the website?
Any more ideas?
|
Bruce Ediger 08-05-2002
02:07 PM ET (US)
|
Technical solutions to at least the spam problem just won't have much effect, because market forces only have a weak effect on spam as a form of advertising. Ordinary advertising [broadcast, print, billboards] costs the advertiser before victims I mean consumers make a decision about buying or not buying the product. Ads must therefore be alluring and not repulse too many consumers for whatever reason. Regular advertising gets strongly influenced by the Invisible Hand of the Marketplace, because the ads must be paid for out of sales of the advertised product.
Spam as advertising, doesn't cost the advertiser very much. Everyone receiving spam ends up paying for the ad to some extent. Contrast this with ordinary ads: only those who buy the advertised product pay for the ads.
Ordinary market forces have very little influence on spam or spammers. Spam ads can become as offensive as possible, and it doesn't matter. Offensive can include multiple repetitions as well as foul language in this context.
At this juncture, the only solution I can see is rather draconian: make an example of the inkjet refills spammer. Get the FBI to track down the inkjet spammer and punish him/her/them in as lurid and public a fashion as possible.
|
Erik V. Olson 08-05-2002
12:30 PM ET (US)
|
Technical solutions won't work in the long run. It's the classic "Attacker vs Defender" problem. You have to win every time. He only needs to win once to get his spam through. There are many more of them then there are of you (though Vipul's tries to change those odds, they've only shaved a factor of ten.) Worse yet, if he does win, he can ram spam through until you finally figure out the hole and plug it. I don't have time for that (and Vipul's, which only identifies *after* sending, helps you none.)
Our choices are economic -- like Charlie says, force the cost onto the send, or political -- Cages, Cuba. Personally, though, I think the cage should be 10 miles off cuba for repeat offenders.
|
zangdesign 08-05-2002
11:04 AM ET (US)
|
I dunno. I gotta go with Bruce on this one - throwing spammers and virus-writers into a crawling-with-hungry-alligators wasteland makes me feel much warmer and fuzzier than just installing software.
|
Wiley Wiggins 08-04-2002
10:34 PM ET (US)
|
Spamfire has done the trick for me pretty nicely.. and If bruce actually prefers legacy MacOSes to OSX... well, that's HIS bizarre perversion.
|
Stefan Jones 08-04-2002
08:07 PM ET (US)
|
I'll take either Danny or Charlie's idea, as long as we can still retroactively do the hot needle in the kneecaps thing.
|
Danny O'Brien 08-04-2002
06:54 PM ET (US)
|
One group that's working on a solution close to what Charlie suggests (and that the sf side of Charlie will *love*) is CAMRAM (CAMpaign for ReAl Mail). Their idea is to attach a high computational cost to sending mail. Basically, whenever you send a mail, you do a very long and boring calculation on your own e-mail contents, and
then include your working with the message. The "working" is very easy to check on the other side. Users of the CAMRAM system only accept mail that includes this calculation - so spammers would have to buy up NSA levels of hardware to send as much mail as they do, as quickly as they do.
I don't think it'll work for very dull and sociological reasons, but it's a great idea.
|
Charlie Stross 08-04-2002
04:56 PM ET (US)
|
I'm on Bruce, Martin, and Stefan's side here. although I also use technical fixes and consider spam to be symptomatic of an email system that's broken by design insofar as it fails to impose economic penalties on spammers. Basically, as long as the system is free for the sender and paid for by the recipient, we'll have spam. The solution, insofar as there is one, is to transfer the costs. Let's replace SMTP and POP3 and IMAP4 with a new protocol -- call it Costed Mail Transfer Protocol, CMTP. We need a micropayment and billing interface to go with CMTP, along with a name registry that allows anyone with, say, a paypall account to open a new account and password anonymously. Thereafter, you can send as much spam as you like via CMTP -- for a cost of, say, 1 cent per message. And you can receive mail via CMTP, for a cost of -1 cent per message. Most people send roughly as many private (non-list) messages as they read. Thus, they're not going to pay or receive any money; the debit/credit side balances out. But a spammer with a million name list is going to be out of pocket to the tune of $10K each time they send spam. Given the response rate to the sort of spam we're discussing is tiny, they're going to make a big, big loss. Yeah, there are problems with this idea. Internal messages between co-workers and networks of friends, and public mailing lists, all need separate treatment. And microbilling and registries and security are a big headache. But in mitigation I don't believe CMTP is susceptible to the same spam problem as our current protocols. I'd propose setting such a system up in parallel to handle public one-to-one communications; today's protocols can be retained for mailing lists and internal use in environments where it's safe. Edited 08-04-2002 04:58 PM
|
Martin Wisse 08-04-2002
04:40 PM ET (US)
|
Which ignores the bandwith and resources stealing problem.
I also find an attitude that says that I can do ANYTHING and
YOU should make sure I can't do you harm fairly repulsive.
It reminds me of Usenet trolls who respond to complains with
"killfile me".
|
Stefan Jones 08-04-2002
04:38 PM ET (US)
|
Good points all around, but I lean toward bruces's Iron Cages in Guantanamo solution because between "your machine" and "my machine" is "our network," a commons which is being ground down to rutted mud and crushed weeds by the sheer volume of spam.
And I'm UTTERLY F$%KING TIRED of my mailbox being filled with "MESSAGE COULD NOT BE DELIVERED" messages that result from MY email address being stuck in the header of spam. My account wasn't used to mail it; it's clear from the headers in the returned messages that a spam house just picked my address as their arbitrary "from" account address.
That's something akin to fraud and defamation of character. I'd like to see the shits responsible have a hot needle hammered into one of their kneecaps. For each occurance.
|
|
|
New Topic
My Topics
Views:
326
(Unique:
241
) / Subscribers:
1 | What's this?
