Spam Meeting Wrap-up 197
wendigo2002 writes "Get used to that daily flood of e-mail come-ons, Viagra offers and lucrative enticements to invest in Nigerian pyramid schemes. Internet gurus, software designers and lawyers today ended a three-day Federal Trade Commission discussion on combating spam by concluding neither technology nor laws are yet capable of completely dealing with the plague."
Perhaps (Score:4, Funny)
Re:Perhaps (Score:5, Insightful)
The fact they discussed it means they recognise a problem. Technology or laws not yet capable of meeting it mean they now recognise a deficiency -- a deficiency needs a solution.
I hope they can divert resources to creating this solution. They need to throw rosources, legal and technological, and *WE* need to keep them aware (or indeed, make them more aware), so it doesn't slip down the government's priority list.
As for your hotmail address, I suggest you ditch hotmail. I did five years ago, and that was not soon enough.
Meeting results will be emailed out (Score:5, Funny)
:Boots! (Score:4, Funny)
Nothing? well.. (Score:3, Interesting)
Spam Insurance (Score:5, Funny)
Re:Spam Insurance (Score:3, Interesting)
Re:Spam Insurance (Score:2)
Re:Spam Insurance (Score:3, Insightful)
Seriously, why aren't the spammers getting more trouble over the crap they are doing to people's inboxes? They are messing with big dollars here. Peop
Maybe not completely... (Score:2, Informative)
Washington Post coverage (Score:5, Informative)
You know . . . (Score:5, Interesting)
I still couldn't fault them for being honest, though.
Way to go! (Score:5, Insightful)
Lets see more of those! I hope the reward applies irrespective of whether you bring in the spammers dead or alive :-)
Soon To Be Bottled Up In Committee! (Score:2, Insightful)
It seems that folks in DC can get things done...when they want to.
Re:Way to go! (Score:2)
Lets see more of those! I hope the reward applies irrespective of whether you bring in the spammers dead or alive
Oh please, please, please, let me pistol whip, kneecap, hang, draw, and quarter them. I promise to bring them in (somewhat) alive.
OK, I'll have to wait on quartering them. Then, let us burn them at the stake.
John (who had 30+ emails in my spam trap
scary (Score:5, Insightful)
``We are now importing more spam from the United States,'' he joked. ``We are actually learning what American culture is through spam.''
Hopefully you know that it's not an entirely accurate view of American culture...
Re:scary (Score:2)
Re:scary (Score:3, Funny)
Re:scary (Score:2, Interesting)
The rest we learn by reading "Stupid White Men" and watching "Bowling for Columbine"
Federal law (Score:4, Interesting)
1: The spammer themselves provided you can find them.
AND/OR
2: The entity in the US that the spam was sent on behalf of. If they're trying to sell you something, or scam you, even if they didn't send the mail, they're the root cause.
and
3: You should be able to opt-out of any entity you directly do business with. Opt-in for any of their parters. If I buy something from Amazon I can opt out of recieving their mail. Their partners can not send mail unless I specificly ask for it. If the company gets bought, the opt-in does not transfer, except for one email informing me of that.
4: Here's the gray area; there needs to be some sort of failsafe. So for example, if I hate slashdot and I spam a million people telling them to buy a slashdot subscription. If the people who get the mail can't find me because I sent the mail from an open AP and bounced it off a server in Korea, slashdot gets screwed.
Disclaimer:
I am not a spam expert (I do know a bit)
I am not a lawyer
I am not a lawmaker
Take with salt. Flame on.
Re:Federal law (Score:3, Interesting)
From the nature of the 'products' and 'services' that cause much of the annoyance, I'd hazard a guess that the peddlers involved take as much care to hide their true identity and location as do spammers - indeed, I'm sure that the spammers are perfectly well aware of their prevalent client comm
RFC-821 Re-Write Will Make It Manageable (Score:5, Interesting)
No, the deluge of unsolicited garbage will continue regardless of what is done legislatively and with technology. I'm glad to see that people are finally waking-up to the fact that more laws won't fix the spam problem. But technology can be used to make it harder for spammers to hide in their anonymous cloak.
The processing of sending email needs an overhaul that gives system administrators the ability to determine the source of incoming mail and impart a "trust" level of the message. Messages coming from systems that have a high trust are tagged in the headers while those coming from systems that seem dubious or lack any sort of real credentials are tagged accordingly.
No, it won't stop spam, but it'll allow people to simply deny access to systems and users that are a continued problem, forge credentials or email addresses.
Why do you need to do a rewrite? (Score:2)
I suppose a 'source trust rank' along with other analysis like baysian filters and other techniques might be slightly more effective, but spammers can simply use these tools to 'check' to see if their messages get through as well.
Re:Why do you need to do a rewrite? (Score:2)
A black hole? In a way, I guess you are correct, but it's a black hole that's configured by the receiving system. Any blame for missed messages lies solely upon the shoulders of the receiving system.
All I'd really want is a way to accurately determine the true originator of the mail I'm receiving. With that established, I can filter based upon who and am willing and unwilling to accept mail.
Re:Why do you need to do a rewrite? (Score:3, Informative)
Who the fuck do you think configures existing blackholes? The US government? Aliens? No, it's individual site administrators. They may choose to run with an unaltered public blacklist, but that's not inherent in the blacklist paradigm.
RFC-821 Re-Write is Not Needed (Score:4, Insightful)
Instead of continuing the three-years-long moan about all those clods who run open relays (I was once one of them myself) why not quit moaning and DO SOMETHING? Spammers send relay tests. DO SOMETHING that screws the spammer because of that. Report relay attempts to his ISP, accept and deliver the tests and send the spam to
Like, for instance, here's a relay test from today:
Received: from adsl-65-70-89-125.dsl.tulsok.swbell.net by X.X.X;
Sat, 3 May 03 12:04 CDT
Message-Id:
Date: Sat, 03 May 2003 12:01:44 -1700
From: 0eik00ha7i95o4@starband.net
Subject: hello
To: timsmith777@connectfree.co.UK
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
054053046055048046056 057046049050053058097 1001151080450540530450550480450560570450490500530
510804611611710811 511110704611511909810110810804611 0101116058049049048051058057058089101115
(I had to beeak up the strings becuase of the Slashdot "lameness" filters.)
It takes as close to no smarts at all to trap a test like this as is possible. DO IT.
(By the way, I altered the string in the message-ID: that's where spammers who use this form of test encode the IP tested.) Similarly, they encode where the test originated in the body. It's decimal ascii: "048" encodes "0," etc.
Don't want to do SMTP trapping? No problem - trap some spammer open proxy abuse. MAybe you'll learn his IP, even (the clown who sent the test above has been using the same IP since at least 11-Mar-2003.)
I've been telling connectfree.co.uk about these test messages going to the spammer dropboxes in their space. I suggest that they simply divert email to the dropbox address so it goes someplace else. This is SOMETHING they can do that really screws the spammers. Until the spammers figure out the email is being diverted they discover no open relays if the email through those open relays to the dropbox doesn't get delivered.
Isn't it about time people though about what to do to stop these spammers? Is it so terribly hard to divert email to a known spammer dropbox address someplace else? Does that not conform to the TOS? CHANGE the TOS - quit waiting for someone else to solve spam and act. Worried about the US DOJ saying this is a crime? Hey, we're talking about a
Read my post again. See anything that says action must wait for a change in the SMTP protocol? NO. See anything that says the little guy with a DSL or cable connection can't take part? NO. ISPs could do even better - think about what the ISP with hundreds of abused open proxies could do if it intercepted the proxy connections made by the spammers.
This does nothing to stop direct spam. There blocklists work like a charm. This does an awful lot to sop abuse-path spam (non-direct spam.) DO IT.
Or continue to moan. One path has better results - see if you can tell which.
Re:RFC-821 Re-Write is Not Needed (Score:2)
Re:RFC-821 Re-Write is Not Needed (Score:2)
Where's your data? I have no doubt some spam comes that way - I've read Michael Tokarev's November, 2002, report in mailing.postfix.users. Absent actual evidence I can't see any reason to assert that hacked boxes are now the principle conduit for spam.
I know spammers still seek open proxies and open relays - these are still valid areas of concern and action.
(http://groups.google.com/gro
Re:RFC-821 Re-Write is Not Needed (Score:2)
This is a recent change since November and the amount of spam I'm getting that fits into the new grouping is about double what the open smtp people were doing.
Of course I only check a few sorces of spam but the logs show the funny proxys are much faster at sending spam than the smtp relays. I'm wonding how long
Re:RFC-821 Re-Write is Not Needed (Score:3, Interesting)
I think it's pretty damned smart already. I can't recall where but I read a description of Jeem on on of the anti-virus web sites - that is pretty sophisticated already. The downside I hope exists for the spammers is that this brings all the security people into the fight against spam - when the spammers crack into systems (by whatever pathway) they've really crossed a line.
I advocate open relay and open proxy
Re:RFC-821 Re-Write Will Make It Manageable (Score:2)
Re:RFC-821 Re-Write Will Make It Manageable (Score:2)
Why not make a 'Do not email list'? (Score:2, Interesting)
I would think this is even more feasible and enforceable than the 'do not call' list that people are trying to establish to combat telemarketers.
Pass a law that unsolicited email sent to an address on the list is subject to a fine.
If the spammers are sending out multi-thousands of emails, even a fine of $50 per complaint would soon put spammers out of business. The fine could be split between the 'spamee' and some agency to enforce the spam law. I woul
Re:Why not make a 'Do not email list'? (Score:2)
In order for such a list to be effective, it would have to be available. If it's available, it would also end up in the hands of foreign spammers whould would use it as a source of higher percentage real working addresses. Of course the simple solution to that is that the list has to be distributed in the form of list of cryptographically strong (unreversable) checksums. To see if the next email address to be spammed is on the list, calculate the checksum of the canonical form of the address (e.g. lower
Re:Why not make a 'Do not email list'? (Score:2)
Instead, the spammers could upload their lists to a server and the server could return addresses not on the "Do not email" list.
I've proposed this to the state of Missouri but no go so far.
Re:Why not make a 'Do not email list'? (Score:2)
Why wouldn't a nationwide 'do not email' list work?
Because I own my mailbox/machine/network and my premptive decision is that marketers don't get to use it without explicit permission (opt-in). The default is "you don't use my network without my permission", not "you can use it unless I tell you not to."
The last step of this medium is owned by me; not the television networks, not radio networks, but me. The consumer pays the majority of the cost for transmission on the internet, they get to say how
Yeehaw (Score:5, Funny)
Motohiro Tsuchiya, a communications professor with the International University of Japan, said Friday that about 80 percent of spam in Japan comes from outside the country and most of it is in English.
``We are now importing more spam from the United States,'' he joked.
Yeah! Finally Japanese importation of at least one U.S. product exceeds their exportation!
FOR IMMEDIATE RELEASE (Score:5, Funny)
"We are excited at the news to increase the amounts of this highly desirable content that we email every day," said Xing Dung Ho Chung, president of some organization in China that sends over 5 billion SPAM emails daily. "Our customers will be very pleased when download times increase proportionally with the desirable noise to undesirable signal ratio as we flood the Internet with our information, preventing undesirable signal from getting through."
Hong Dong Chong Shlong commented, "Our goal is to reduce the Internet into a medium for advertising with no possibility of gaining any other use from it. Our long term plans include government lobbying to illegalize the information that people want while simultaneously forcing people to spend a minimum quota of time reading every word of SPAM and clicking on every full screen advertisement that comes up. Strategic partnerships with computer companies and additional legislation will force the consumer to purchase a new computer each day because the hard drive of yesterday's computer will break down with the wear and tear of yesterday's immeasurable amount of SPAM."
SPAM companies also indicated plans to lobby for laws requiring the consumer to purchase every product and service advertised to them. The long term plan is to give huge multinational corporations an easy method to eternal, perpetually increasing profits with no benefit to the consumer. Humanity, except the shareholders of several enormous conglomerates, will be enslaved forever.
the solutions are there (Score:2, Interesting)
Re:the solutions are there (Score:2)
Microsoft does not ship any email client that filters spam AFAIK.
Outlook Express for Mac OS 9 has a Junk Mail filter.
JP
Spam is dead (Score:5, Informative)
Spam tools are currently at the point tht detection of spam is a near-certainty and the probabilities for false-positives (e.g. good mail getting called spam) are measured in the 0.00n-0.0n% range (that is n in 100,000 to n in 10,000) which can almost always be improved on locally by the user through various means that are anti-spam-tool independant.
SpamAssassin [spamassassin.org] is currently my tool of choice. It's very flexible, can be used with any UNIXish mailer and is just getting frighteningly better over time.
SA's recent addition of Razor2, a Bayesian filter and improved handling DNS blacklists (which SA weights so you can apply them withour worrying about slicing large and useful parts of the Internet out of your field of view) have reduced many concerns that folks had before about active abuse of SA's rule-base in the past. The speed with which this system applies hundreds of tests to a message is also quite stunning, and a major boost to Perl's tacit reputation as a "slow" language.
The biggest problem with SA right now is probably the inability to scale up to the mid-range ISPs and medium-sized business without SERIOUS harware allocation due to the heavyweight neature of its testing. That's my personal mission for SA over the next year or so. My goal is to make SA a reasonable option for anyone that has to process orders of magnitude more mail than your average ISP (e.g. AOL).
When the upcoming 2.54 comes out, I HIGHLY recommend checking it out. You can install SA on most UNIX-like systems, as long as they have Perl installed by typing (as root) following the configuration process if you have not done so for Perl before, and then typing After that it's just a matter of how you want to configure your MTA to talk to SA. I recommend using SA in "spamd" mode with sendmail and procmail. If you already use sendmail with procmail delivery, you just have to change your
Good luck!
Re:Spam is dead (Score:2)
Re:Spam is dead (Score:2)
Re:Spam is dead (Score:2)
Obfuscation in most cases is self-defeating, and only people who thinkg that avoiding this or than specific rule is going to help them bother.
Re:Spam is dead (Score:2)
I think not. lists.indymedia.org was using it, and it induced an almost complete system meltdown with emails taking over 5 days to deliver in some cases. They had to uninstall it and get some new hardware.
Then again, perhaps it was misconfigured or mis-installed so that it was invoked in an inefficient way - that's a possibility I suppose.
Re:Spam is dead (Score:2)
Once you have spamd in use, you cut your CPU usage amazingly (made it usable for my company), and your memory access patterns are much more reasonable for the OS to deal with. Memory is still used liberally, but that will probably change when later versions of Perl start doing CoW m
Re:Spam is dead (Score:2)
Re:Spam is dead (Score:2)
Re:Spam is dead (Score:2)
However... WHAT poor history of backwards compatibility?! You mean the fact that 10% of the programs in the world broke when perl when from major version 4 or major version 5 over 10 years ago? Or did I miss some compatibility breakage in the last 10 years?
Compatibility is a major point of pride for Perl, and unless you're relying on unintentional subtelties i
Re:Spam is dead (Score:2)
For simple, Bayes-only systems Paul Ghram [paulgraham.com] has seen false positive rates around 0.03%, and SpamAssassin sees only slightly more than that on it's large database of mail, much of which is often in the database because it's pathologically spam-like.
Systems like Razor2, Bayes and blacklists make the system even more accurate, though often not in ways that are easy for a benchmark to detect (you need to leave SA running long enoug
Answer the question that lawmakers want (Score:5, Insightful)
What's in it for me?
No matter what you present to a politician, no matter how good the cause or important the problem, laws get introduced and passed for only one reason, and that reason is that someone was able to answer that question.
Sure, it's possible that the answer was "you'll advance your career if you save mankind with this bill", but that almost never happens. There's always a payoff somewhere, and what I can't figure out is a way to tell a Congressman what's the benefit to him for putting in the effort to fix the spam problem. And getting a bill passed is a hell of a lot of work.
I say: "There's these people who make money by sending a deluge of annoying fradulent emails
that
If every spam victim donated a dollar to support congressmen (IE, campaign funding) to do something about spam, then it'll get done. I for one am ready to help.
Just put your name at the bottom of the list, and send $5 to the person at the top of the list. Now send the list to five of your friends and soon, real soon, we'll have enough money to buy a whole session of Congress. This is completely legitimate, a lawyer looked it over, but you mustn't break the chain.
Re:Answer the question that lawmakers want (Score:2)
Yes, and Instant Message this around, to
Re:Answer the question that lawmakers want (Score:2)
Spam doesn't just affect geeks. Don't you think that being able to claim truthfully that you were the sponsor of a bill that substantially reduced spam and saw many spammers fined/jailed would win a few votes?
I don't get that much spam... (Score:3, Interesting)
I use Yahoo! mail, and they really do a great job of filtering spam. They have an option by every email to report it as spam, have it investigated, and then blacklisted if appropriate (delivered to spam folder, not deleted, just in case it's important in some way)
In addition to their spam filters, you can create your own and they work pretty decent, too. I get about 100 spam mails a day, about 95 are filtered to my trashcan or spam folder, and only about 5 get through...I can deal with that.
I don't see how spam makes any money any more...oh well.
Re:I don't get that much spam... (Score:2)
i even have my email on a page available through crawling..
how much spam i get? about 0.05 per week, i don't call useless mail i get because i subscribed to something spam though.
as for the what's the stuff they're selling through spam.. man, i was reading old spidermans just today and it's unbelieviable what they advertise there.."buy this book and be a super athlete in few weeks"
it's really simple.... (Score:2)
Now, I
Re:it's really simple.... (Score:2)
Spam would stop if nobody bought anything from spammers.
True. However, the spammers cost-shift their advertising costs onto the end user. Since they can steal from the consumer they have the ability to reduce their costs so much that a previously unrealized business model becomes possible.
Their entire business model is based on that one sucker out of 1 million who buys. There's no way you're going to get the word out to everyone in sufficient quantity to even come close to making a dent in the spam
Spam (Score:2, Informative)
One, my email address that i use for almost everything for the past 4 years only recieves 1 or 2 spam a day. The address i used for 3 months recieves 100-150 spams a day, it is impossible to use that address for anything..
Now i use two email addresses, one for things like MSN and registering to forums and websites that goto a drop box and then my main address that i only give out to people these days.. its useful, even behind the current spam filters we have on the
To stop spam? Two words. (Score:5, Insightful)
If the *only* way for email to arrive in my mailbox was if it came from (or at least purported to come from) somebody on my list, I'd never see spam again. No need to bounce it, just delete it from the mail server, sight (and site
Anybody know of a Linux email app that does this all, deleting spam at the server but downloading wanted email? I'm all ears.
whitelists mean the spammers have won. (Score:4, Insightful)
The trouble is that comparatively few people are savvy enough to switch to whitelist email systems. And it only takes a small percentage of internet users who don't block spam, and who order occasionally from spam, to keep the spam problem a growing nightmare for the rest of us. I think it's unrealistic to suggest that whitelists can solve the spam problem, since there's no way to argue they'll be adopted widely enough to keep huge amounts of spam from reaching people.
And another thing. I want random people to be able to contact me, for whatever reason. What I don't want is to be contacted by automated email systems for purposes of marketing. In my mind, whitelists prevent the latter, but they also prevent or seriously inconvenience the former. And to me, that's unacceptable. I presonally rely on Mozilla filters, which rid me of about 97% of my spam, while allowing the email of random people who need to contact me to (usually) get through.
Re:whitelists mean the spammers have won. (Score:2)
If it came already set-up that way, by default, in Micro$oft's new OS, and AOheLl's new version, you'd catch a fairly large percent immediately, and with that userbase, there would be one hella incentive for other email programs to incorporate these features in their new releases, too.
Now, if you want anybody to be able to
Whitelisting works for me (Score:3, Interesting)
Anyway, here is how it works: Set up filters for people who you want to get messages from. I personally have several different mailboxes - for family, work, newsletters I subscribed to, etc. Everything else goes by default to the trash. Operating several Web sites, I needed to make sure that strangers can contact me, too, which is shy I set up links to my e-mail to include a standard subject, and I set up a filter to look for those subjects. This way, I'm able to eliminate 99% of spam (the rest is a combination of viruses (virii?) and spams the spoof the sender's address to someone who's on my list. In turn, I lose less than 1% of messages that I'd actually want to receive. Considering that I was getting 50-70 spams per day and only 3-5 real e-mails, the numbers are on my side.
Hello, McFly! (Score:3, Insightful)
Um, of course they're not. If they were, the problem wouldn't exist.
That's why we develop new ones.
Spam, You guys just do not get it! (Score:2, Insightful)
Unfortunately there is money to be made sending spam.
ISPs make money from spam. Some internet users, like those using Aol, MSN, and other tricked out ISPs,
have not got the brains to read anthing in depth anyway so they need to have flash, groovy pics, colored text etc to have the computer work.
These types of users GO to the URLs that pop up in spam and could'nt use a real email program if they knew what it was in the first place. The only thing they do with the computer is use IE or AOL to tell them wher
spamd (Score:3, Interesting)
But that is great for us - because we don't want to hear from them anyways.
This is just part of the evolution of the net. A new species pops up and slowly takes over.
Eventually uncompetative experiments die out completely.
Spamassassin plugin (Score:3, Informative)
Forward Your Spam to the FTC (Score:2, Interesting)
http://www.ftc.gov/opa/2002/02/eileenspam1.htm
DMA's opt-out response… (Score:3, Interesting)
Pretending for the moment that all the spam problems don't exist and ignoring their redefinition, can you imagine trying to opt-out of billions of email messages? Even if there was rules and they did honor opt-outs, they are still killing the usefulness of email by flooding you with crap that prevents you from getting you real messages.
Then there is the fact that the DMA they probably will not follow the rules or will have lots of holes when they make the rules. One example I can think of will be that they make it so they can just change the names of the "company" or have several "companies" and switch the "company" sending the email so they can re-send you the same emails.
If companies really wanted to be ethical about this and have customers, they would not resort to ticking their potential customers off and they would use confirmed opt-in and not sell their customers personal info (email, phone, street address, etc). It may be harder to get customers, but it is a lot better in the long run if you are get and retain those customers that way then what you might get if you resort to spamming the hell out of them.
Technology not able to handle it? (Score:2)
Kill the spammers, and the spam stops. It's that simple.
intentionally bad spam (Score:3, Interesting)
Over the last few (2-3) months, I've watched the maximum spamassassin scores for filtered mesages -- rise steadily. it looks like people somewhere are actually trying to create spam that trips as many of the rules as possible. Its actually kind of funny -- scores like 45-55 are not uncommon.
anyone else noticed this?
Re:intentionally bad spam (Score:3, Interesting)
Fortunately, although annoying, this problem is easy to fix. For any forged feature that gives a negative score (ie, PGP signature, PINE as client, etc.), just go to your user prefs and assign a score of 0 to it.
I've already set the majority of the features that
There's No One Solution (Score:2)
Problem is that there can't be a single solution that will keep everybody happy.
Technical solutions won't work because most of the Internet won't just change on somebody's whim. Doesn't help that most of the technical "solutions" I've seen here and elsewhere range between ineffective and idiotic.
Political solutions won't work because nobody has a universal definition of what we want to ban, and the obvious inability to get the spammers to follow the rules.
Legal solutions won't work because of jurisdi
An Ecology of Spam? (Score:2)
Before we try to figure out how to ban spam, we need to know how it works. Has anybody done a real study that would tell us things like:
They Were Wrong (Score:2)
OK, you think about it, you make up your mind - is it hopeless?
What is the one arrow the spammers have in their quiver? Send more spam. What do they do in response to protective measures such as filters and blocklists? Send more spam. Is this perhaps why you see more spam - the def
Re:They needed three days to figure this out? (Score:5, Insightful)
traceability, or send-risks-paying? (Score:5, Interesting)
That's one approach. Another is sender-risks-paying.
It seems to me that the problem with accountability/traceability is that it would probably require people to have a digital identity that pervades the whole internet. Well, how is this going to be implemented? The bearded-hacker community tried to implement a public key infrastructure, but it's been a huge failure, since it's never reached the critical mass where it would become useful to most people. (It's also way too hard to use.) The other well-known proposal is .NET. Do you really want a future where you have to have a .NET identity in order to send e-mail?
And what about those times when you really do need to send anonymous e-mail? What about corporate whistleblowers? Political dissidents?
I prefer the sender-risks-paying idea. There have been a lot of these proposals floating around, and yes, they've been discussed a lot on Slashdot before. No, they will not require your ISP to bill you for e-mail. No, they will not require non-spammers to pay any money at all. No, they need not involve any actual money to change hands (the currency could be based on CPU cycles, for example). There's nothing technically wrong with these proposals. The bearded-hacker community just needs to go ahead and implement one and start using it. Otherwise MS will implement it in a proprietary way (their Pennyblack project), and it will be another brick in the prison that keeps people locked into Windows/Office/Outlook.
Not really (Score:2)
The payment method is idiotic because you're introducing a whole new system into the mix: money. Before, you're dealing with the relationship between two people and their computers. Sender-pays involves getting the ISP, and the banks involved. It's just so complex, and to top it off, you'd still need the same identification system as in simple
Re:traceability, or send-risks-paying? (Score:3, Informative)
SPEWS is used but you will find it very hard to find any ISP that admits to it. The problem is that SPEWS is amazingly careless and sloppy.
There are now 400 blacklists and as a result ISPs rarely do very much if they get listed now. They might contact MAPS and get unlisted, but MAPS is not that effective at blocking spammers any more. The ISPs have decided that the sooner everyone is on SPEWS the better, trying to get off the b
Re:traceability, or send-risks-paying? (Score:2)
There was absolutely nobody at the FTC willing to defend them. The other blacklists were kinda pissed with SPEWS because it is completely out of control.
They were more pissed with the lawyer for the spammers of course and he seemed to be behaving very oddly indeed.
"Theft of service" (Score:2)
Blockquoth the poster:
"Theft of service." Hmm...
How is it that sending spam such a heinous crime while "sharing" MP3s is a service to Mankind?
Re:"Theft of service" (Score:2)
How is it that sending spam such a heinous crime while "sharing" MP3s is a service to Mankind?
Nary a clue. Not that I ever mentioned filesharing. Good afternoon, Ms. Rosen. . . . mind if we keep the topic on spam ???
Re:"Theft of service" (Score:2)
Blockquoth the poster:
You're right, you didn't, and I wasn't accusing you of it, either. What you mentioned was theft of service...
C'mon, it's not that hard...
Re:"Theft of service" (Score:2)
The difference is here:
Sharing MP3s is a voluntary action on behalf of both parties involved - the source and the downloader (whoever they may be).
Spam is involuntarily forced upon the recipient, and it becomes a nuissance.
I'm not saying that sharing MP3s is good, but it is voluntary to both users, where as spam is a pain in the butt that the recieving user is forced to deal with against his or her
Re:"Theft of service" (Score:2)
Re:They needed three days to figure this out? (Score:2, Informative)
POPFile Bayesian filtering (works on multiple OSes) [sourceforge.net]
Postfix w/experimental reject_unverified_sender [postfix.org]
reject_unverified_sender works like this:
Re:They needed three days to figure this out? (Score:2)
Ugh, I hope it doesn't work like that. It would cause hor
Re:They needed three days to figure this out? (Score:2)
I'm not familiar with SMTP, but if RCPT TO comes before RCPT FROM, there is no such loop. Think about it logically.
Re:They needed three days to figure this out? (Score:2)
I am familiar with SMTP, and I did think about it logically. The sequence is HELO, MAIL FROM (there is no RCPT FROM; you don't send from a recipient; think about it logically), and then RCPT TO.
Please see RFC 821 [ietf.org], which describes this sequence. There are examples.
For future reference, when you say things like "think about it logically", make damn sure you are and the person who you are s
Re:They needed three days to figure this out? (Score:3, Insightful)
I agree -- a completely backward compatible re-write of the SMTP specification, and getting people to deploy it is exactly what's needed.
You see the problem with that statement, of course, don't you? Making it backward compatible and getting it deployed tend to be "the hard part". We already have transport-level authentication and privacy (through TLS), as well as applica
Re:They needed three days to figure this out? (Score:3, Interesting)
If the RIAA can subpeona customer details for P2P filesharing, surely the government agencies can smoke out these spamming shitballs. For
Re:They needed three days to figure this out? (Score:2)
If it's an open relay, then the "admin" there had better be keeping good logs, as this would be the only way to prove THEY hadn't injected the spam. Sorry, but you have to be ruthless to cure this apathy.
There's *always
Theft of attention, not service (Score:2)
Re:They needed three days to figure this out? (Score:2, Insightful)
-Sara
Re:They needed three days to figure this out? (Score:2)
No, spammers love live addresses of people who will buy things. Spammers do not want to mail people who will cause problems for them.
Unless you forge your headers so they can't tell where it's coming from.
Forged headers being an issue is a myth. It is trivial to determine which headers are forged.
Re:They needed three days to figure this out? (Score:2)
Send out a bunch of spam and see how long you can keep your net connection. Or send a bunch of spam through proxies advertising your website and see how long it stays up. Now, do the same thing, only this time mailing a remove list (a list of addresses that have asked to be removed or have complained in the past). You will see get into a lot more trouble.
The spammers aren't usually the businessmen with a product to sell-
Re:They needed three days to figure this out? (Score:3, Interesting)
What's wrong is that many major ISPs do zero about spammers, and the ones who do will usually end up zapping the guy with the open proxy or the poorly secured CGI mailback form, not the guys who actually cause the problems.
Re:They needed three days to figure this out? (Score:2)
Umm, no. While Bayesian filtering will do an excellent job of keeping your email box clear, it won't stop the spam. You were never a possible customer of theirs. All their spam to you was a waste in the first place, filtering won't change that. The small fraction of a percent of the spammed who actually bought stuff from spam are [total vocabulary failure] unlikely to use Bayesian filtering or to train it properly. So the spammers will keep spamming to reach those people -- and cran
Re:Spammers should pay us (Score:2)
Sure. It benefits the Spammer. I can't think of ONE SINGLE benefit to my e-mail inbox having to fight off 50-75 spams a day (fortunately Popfile makes 99+% of them bounce to the deleted items folder).
This is electronic harassment at the very least, Denial of Service at the worst. You see, I've NEVER ONCE bought anything from a spam solicitation, and I NEVER WILL.
Oh, and who benefits from the sale of fradulent products? I can't think of ANYTHING even halfway legit among the spam I get
Re:Spammers should pay us (Score:2)
Incorrect argument.
The point the poster made should have been that the cost of SENDING JUNK SNAILMAIL is borne by the SENDER. Not the recepient.
Do you think ANYONE could send out a billion junk snail mailings a day with a
Re:Whats next? (Score:2)