Analysis of Spam, and a Proposed Solution 370
2bot_or_not_2bot writes "Spam: The Phenomenon is a detailed analysis of spam: products, scams, viruses, obfuscation methods, etc. Failed, and doomed-to-fail, methods of blocking spam are described. A general solution is proposed that does not: invade privacy, perform wide censorship or blacklisting, or involve payment and cooperation with corporations (beyond the transport and storage of data)." Hmmm.
I dont get it (Score:4, Insightful)
I've done it myself a couple of times, and have explained the relevant legal code from spamlaws [spamlaws.com]. I have yet to hear back from either the spammers or the authorities I have explained this to.
I would think if law enforcement would do what it is SUPPOSED to do, spamming would be vastly reduced.
good and good (Score:2, Insightful)
This dude has a decent idea, I guess. I've found a method that has been foolproof for the past three years. I only give out my email address to people I directly know. I've had a Hotmail address that's been spam free since 2001, not even a drop in the bulk bucket. Once or twice a year I'll get a Hotmail Services thing, but that doesn't matter to me. I keep a junk address at Yahoo when filling out online forms, posting, etc. It works for me and it works for my friends. My ISP email address has _never_ received any spam.
Spam of Mass Destruction (Score:3, Insightful)
You know, if government really focused on penalizing the bottom end product creator for spam, I'm sure it'd be minimized drastically. For example Viagra, made by Pfizer, if they penalized Pfizer for spam and not controlling the methods of their advertising, I'm sure many companies would think twice about their methods to deliver content.
Sure it would need some tweaking, but to go after Joe Blow unsuspecting user who's machine is probably loaded with trojans is moronic. Even a good enough trial lawyer for the most blatant spammer could probably convince a jury that the culprits machine was infected if they tried. It's obvious CAN-SPAM and other moronic laws aren't working so why not take it to the next level?
Pentagon Plane Crash of 2000 [politrix.org]
"Solution" is ridiculous (Score:3, Insightful)
Any proposed solution cannot cause this type of massive interruption of normal e-mail usage.
The article is total dreck (Score:5, Insightful)
Next!
RMS defending the first email spam, classic (Score:1, Insightful)
"Would a dating service for people on the net be "frowned upon" by DCA? I hope not. But even if it is, don't let that stop you from notifying me via net mail if you start one. "
Re:Spam of Mass Destruction (Score:3, Insightful)
Actually, it should be Pfizer going after them, since any Viagra advertised by spammers (if it even contains the drug at all) will be an unlicenced rip-off.
Which just goes to show - even spammers who leave themselves open to prosecution under what most of us agree are overly-restrictive IP laws, still don't get punised.
Re:IM2000 (Score:5, Insightful)
Options:
a) Notification contains no sender-modifiable content. No way to know if you want it or not. You say yes and wind up with spam from unknown server.
b) Notification winds up containing the entire spam as subject line, and the supposed server it's coming from doesn't exist.
c) Spammers break into millions of unsecured Windows boxes and run 'mail servers' on them.
Nice try, but no cigar.
Re:hmmm.. (Score:4, Insightful)
Even better, somehow, there's a database that matches names to email addresses. People other than me map to my email address, so I get "legitimate" spam.
Furthermore, not loading the images and not clicking on the links doesn't fix the problem entirely. I've checked, depending on which address they've spidered. Contact addresses for my web-design business that I shut down 3 years ago are still getting spam.
That I have to change an email address that I've had for nearly a decade... well.. it makes my blood boil.
Re:Revenge on Spammers (Score:2, Insightful)
The problem with that, of course, is that spammers will then try to make it look like the spam comes from someone else--like an anti-spam activist, say.
Re:IM2000 (Score:2, Insightful)
This solution looks just like HTML pages, served via HTTP when you give the notification address. It moves the problem of message duplication off of centralized mail servers; however, there's still all those notifications of messages being send to users to read a copy of the spam message.
Re:IM2000 (Score:3, Insightful)
Good lateral thinking, but I don't think it would ultimately stop spam. I'd love to see more details.
It would prevent a spammer from dumping a 100Kb email message into your inbox, but it wouldn't prevent him from dumping 100K of 1b "notification" messages in there, and it would be all the same to him. It would make it much harder to sort between the two.
And under the current system, the spammer doesn't know anything about the recipient (or even that the email address is valid) unless he does something stupid like reply or click on a web link. Under this system, the spammer would know which addresses were valid by watching which messages were picked up.
Personally, I'm convinced we'll see no solution to the spam problem until society stops tolerating the selfish behavior spammers represent.
There must be more to this proposal than you've related here. This sounds more like an off-the-cuff suggestion that the usually sound thinking of our qmail friend.
Re:Have the users pay for it... (Score:5, Insightful)
What email harvesters do is convince poorly informed people and businesses that by buying their $499.00 mailing list of two million valid email addresses, they will rake in thousands upon thousands of dollars in profits.
It is those poor sods who send the millions of email, using the email autosender conveniently provided on the cd-rom, who are then blacklisted to hell and lose their $49/mo super gold premium windows 2003 10MB (Front-Page enabled no less) account and wonder with growing bitterness how the jerks at "MakeMegaBuxWithEmail.Com" could have flat out lied, LIED, to them...
Then they realize they can make $499/CD by just finding another sucker...
Of course, like all good pyramid scheme, the thing will implode under its own weight, but it has not yet run its course.
A solution? Of course. A study needs to be made showing the average Joe that paying for a list of email addresses is a snake-oil scheme to lift money from their wallet.
Then people can charge money for the "Don't Be Fooled By Email Scam Artists. Send $29 And I'Ll Show You How To Protect Yourself Today!!!" and spam will be a thing of the past.
(yeah, that's it...)
Re:IM2000 (Score:3, Insightful)
Joe Jobs, Forgery, Legitimate URLs (Score:4, Insightful)
Re:IM2000 (Score:3, Insightful)
Re:Revenge on Spammers (Score:4, Insightful)
Even better, have it read the spammers own spam back to them over the phone, until their answering machine fills up. ^^
Wgets validate email addresses (Score:3, Insightful)
Why this won't work... (Score:3, Insightful)
You have to authorize each sender? The sender computes a code to send you mail?
Right. Most people can't get the clock on their VCR to stop blinking. This ain't gonna happen.
-Charles
Re:IM2000 (Score:5, Insightful)
Another possibility is that the notification could be just that (no content whatsoever), with you downloading the headers separately (i.e. 3 steps: notification; headers; body and full headers). That would force the server to exist, but you don't have to download the rest of the message if you do not want to do so.
Also consider how this would work with RMX proposals (like SPF: http://spf.pobox.com ). If the email is not from a validated IP, then you can reject the initial notification.
It is also worth noting that a spam method that requires illegal acts (like virus infection) is dangerous for the spammer. It is not really practical when selling everyday items, only scam emails (already illegal) or really high margin items that allow the spammer to change locations often.
Criticizing anti-spam proposals for not completely solving the problem is missing the point. No one anti-spam method is going to eliminate spam. Each one is designed to make it harder to spam, ideally without impacting normal email. IM2000 does this, since it merely shifts from POPping from the recipient's server to the sender's server. This is harder for senders but easier for receivers in most cases. The exceptions are those where the sender does not maintain a persistent (i.e. always on) mail server (e.g. spammers). This is very rare with legitimate emails (if the sender does not have a persistent mail server, then they can't *receive* email; legitimate senders generally want to be able to receive emails in response).
pgp-signed email as caller ID (Score:2, Insightful)
Sure, it doesn't solve any of the bandwidth or storage problems, but it would make filtering so much easier. If the spammers sign their emails to get through, you could at least find out who they are. (If they use certificates from shady certificate-granting authorities colluding with the spammers, you could simply reject those as well.) Having a digital signature would be an easy way to distinguish bona-fide communications from junk mail. It's cheap in every sense, it's proven technology, capabilities are already included in many mail readers and senders, and online mail services and Linux user setup could easily include pgp key generation in new account setup. What are we waiting for?