Collateral Damage in the Spam War 375
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry.
" I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
Network Solutions, One domain per user? (Score:5, Insightful)
I dumped that address (100 spams a day).
What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:
dada_slashdot@fatgeeks.com
or
dada_msn@fatgeeks.com
When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.
This helps track websites that "lie" about reselling your e-mail address.
No spam. No collateral damage.
Isn't it ironic (Score:4, Insightful)
Does anybody else find it funny that this article is from yahoo.com?
Re:Network Solutions, One domain per user? (Score:3, Insightful)
Is there a page out there that details which websites sell your email addresses? It would be rather useful.
Personally I nominate hotmail.com - unless you're telling me that ibtagmrq@hotmail.com is a popular name.
Cloudmark is a P2P Spam Eliminator (Score:2, Insightful)
If only domains told the truth... (Score:5, Insightful)
And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?
What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.
This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!
New approach (Score:2, Insightful)
Re:Network Solutions, One domain per user? (Score:1, Insightful)
false positives don't affect me...much... (Score:2, Insightful)
If I got so much spam that this system became unwieldy, I would probably set up several spam folders corresponding to the spam level assigned by spamassassin. Anything between 2-5 would go in a folder that I check whenever I get a real email, because a false positive is almost guaranteed to be below 5. Anything over 5 is pretty much guaranteed to be legitimate spam, and I would check that every few days. I don't do this, however, because I simply don't get the 100+ spam emails a day that the
spamcop.net thoughts. (Score:2, Insightful)
Do you punish the innocent to get at the guilty (Score:4, Insightful)
People who would have fought with vigour against punishing the innocent in other fields seem willing to give it up, in of all places, the free speech question of who can email whom.
Yikes. We are willing to let murderers go to make sure we don't punish the innocent. Yet for some reason spam makes people think it's OK to trample on the free speech rights of the innocent to get not a murderer, but a spammer. I hate spammers as much as anybody -- I get 120 per day -- but let's keep them in perspective.
The most common justification is the canard that it's not about speech it's about property. Problem is all use of the internet involves using somebody else's property. On the internet there is no speech without the use of other people's property, and thus no unsolicited communication without the unsolicited use of somebody else's property. This makes it very tough to solve by thinking of it as a property issue.
There are other, better methods that don't generate false positives or generate extremely few. I've written extensively on them.