Forgot your password?
typodupeerror
Spam Microsoft

Microsoft, Yahoo Investigate Spam Solution 596

Posted by simoniker
from the eternal-spam-issues dept.
bllfrnch writes "The NY Times (account required, yada yada) has an article about the suggestion of email postage to stop the advent of spam. Apparently, both Microsoft and Yahoo! support such an initiative, as they are the largest email service providers. Best quote: ''Damn if I will pay postage for my nice list,' said David Farber, a professor at Carnegie Mellon University, who runs a mailing list on technology and policy with 30,000 recipients'."
This discussion has been archived. No new comments can be posted.

Microsoft, Yahoo Investigate Spam Solution

Comments Filter:
  • Cha ching? (Score:5, Interesting)

    by monstroyer (748389) * <devnull@slashdot.org> on Monday February 02, 2004 @06:12PM (#8163463) Homepage Journal
    Paying for postage already exists, it's called a fax.

    This is the worst solution ever and the only reason that MS/Yahoo support it is because of Hotmail/YahooMail. They stand to make huge profits because they host the inboxes of millions of users. Every email received at those accounts would invoice the sender. It's a no brainer for BARRELS OF CASH !!! (tm)

    In fact, there already was a good solution [slashdot.org] proposed a few weeks ago, by microsoft no less. Combine it with Spam Assassin the way Spam Interceptor [si20.com] does (replacing the C/R component) and the solution is plausible.
    • Re:Cha ching? (Score:5, Insightful)

      by diablobynight (646304) on Monday February 02, 2004 @06:15PM (#8163495) Journal
      I am sure it doesn't have that much to do with the money they'll make. This idea has been suggested many times, and all of the times suggested, there has always been a white list, that if you choose to accept the senders mail, you can choose whether to have them billed or not. But here I see the problem, spammers are using open relays and hiding under anonymous accounts already. How will they bill them?
      • Re:Cha ching? (Score:3, Insightful)

        by Frymaster (171343)
        spammers are using open relays and hiding under anonymous accounts already. How will they bill them?

        ah... but if spammer x sends a boatload of herbal viagra offers under bob's relay and bob gets a bill... then when they do catch spammer x he can be nabbed under wire fraud laws and be open to all sorts of tasty civil action.

        • Re:Cha ching? (Score:5, Insightful)

          by digital bath (650895) on Monday February 02, 2004 @06:29PM (#8163678) Homepage
          but if spammer x sends a boatload of herbal viagra offers under bob's relay and bob gets a bill... then when they do catch spammer x he can be nabbed under wire fraud laws


          But until then, would you like to be bob?
        • Nope, nope, nope (Score:5, Informative)

          by ackthpt (218170) * on Monday February 02, 2004 @06:32PM (#8163738) Homepage Journal
          ah... but if spammer x sends a boatload of herbal viagra offers under bob's relay and bob gets a bill... then when they do catch spammer x he can be nabbed under wire fraud laws and be open to all sorts of tasty civil action.

          That's naive. You know Ralsky and the like use open relays around the world. He's even contracted some in China. You might tighten a net at best, but eventually you come back to the problem of trying to bill non-USA service providers. Lotsa luck. At best you encourage them to clean up their open relays and implement some decent security, lest their IP traffic be blocked at the border. But this should already be happening. Start locking these things out and they'll get around to fixing things pronto.

        • Re:Cha ching? (Score:5, Insightful)

          by destiney (149922) on Monday February 02, 2004 @07:09PM (#8164125) Homepage

          he can be nabbed under wire fraud laws and be open to all sorts of tasty civil action.

          In how many countries?

      • Re:Cha ching? (Score:5, Interesting)

        by Awptimus Prime (695459) on Monday February 02, 2004 @06:21PM (#8163586)
        Agreed. I've said it before and I will say it again:

        Replace SMTP with a more secure protocol. Give a 12 month window for everyone to upgrade their clients. Then make port 25 filtering mandatory for all ISPs.

        Failure to comply results in no email gateway for your customers. Simple as that.
        • Re:Cha ching? (Score:5, Insightful)

          by diablobynight (646304) on Monday February 02, 2004 @06:25PM (#8163641) Journal
          ummm...don't even need to mod the protocol, if people just set up their mail servers to force authentication before outgoing mail can be sent, there wouldn't be any problems. Sorry there will be some problems, but I bet it would eliminate a lot of spam. Or if we just convinced the RIAA that spam was affecting their music sales, they would find a way to take every one of them to court.LOL

          also, best answer to spam, don't click on the links in it, don't read it, just delete it, if it wasn't profitable they wouldn't send it out. Sadly dumb people buy shit from telemarketers and spammers.

          • by dyte (733558) on Monday February 02, 2004 @06:47PM (#8163920)
            Or if we just convinced the RIAA that spam was affecting their music sales

            hummm, I think your on to something here.
            how 'bout a peer to peer system that uses open relays. Pit the RIAA against the spammers and let them fight it out!

            Thats a fight that I would like to watch! ;-)
          • Re:Cha ching? (Score:3, Interesting)

            by Zwoop (35471)

            if people just set up their mail servers to force authentication before outgoing mail can be sent, there wouldn't be any problems. Sorry there will be some problems, but I bet it would eliminate a lot of spam.

            Hmmm, what kind of spam would this prevent? Open SMTP relays? Forged From: addresses? Sure, we might get rid of some spam that way, but it will not fix the real problem IMO. It's just too easy to setup your own SMTP spamming server to "bypass" this, unless of course we start requiring SMTP auth in

          • Re:Cha ching? (Score:5, Insightful)

            by rw2 (17419) on Monday February 02, 2004 @08:02PM (#8164662) Homepage
            also, best answer to spam, don't click on the links in it, don't read it, just delete it, if it wasn't profitable they wouldn't send it out. Sadly dumb people buy shit from telemarketers and spammers.

            Sadly it only takes one purchase in a few hundred thousand to make money. This solution requires perfection that will never be acheived in a society which think janet jacksons boob is news (or worse, that it's offensive) and watches the simple life.
        • Re:Cha ching? (Score:5, Insightful)

          by babyrat (314371) on Monday February 02, 2004 @06:33PM (#8163746)
          Replace SMTP with a more secure protocol. Give a 12 month window for everyone to upgrade their clients. Then make port 25 filtering mandatory for all ISPs.

          and WHO is going to mandate this? SMTP is an ad hoc standard - ie people use it because people use it. If everybody's using it then that's a lot of people using it.

          • Re:Cha ching? (Score:3, Insightful)

            by firewood (41230)
            and WHO is going to mandate this? SMTP is an ad hoc standard - ie people use it because people use it. If everybody's using it then that's a lot of people using it.

            But a standard is only important if people *contintue* to use it. Given a choice of new-MTP which is less than 50% spam and unsecure SMTP which is going to be more than 99% spam, most people will switch after a few months, and SMTP will decline to the status of a mostly historical standard such as gopher. Only hackers and law enforcement ag

        • by Blkdeath (530393)
          Replace SMTP with a more secure protocol. Give a 12 month window for everyone to upgrade their clients. Then make port 25 filtering mandatory for all ISPs.
          Governing Body: Replace your SMTP server!
          ISP: No.
          Governing Body: Uhm, ok, replace your SMTP server NOW!
          ISP: No.
          Governing Body: Filter port 25 then?
          ISP: Who are you?
          • Re:Cha ching? (Score:5, Interesting)

            by Awptimus Prime (695459) on Monday February 02, 2004 @07:10PM (#8164132)
            Actually, they would be insane not to. It would save literally thousands of man hours chasing spammers. Not to mention the gigs of bandwidth saved per year if spam could be eliminated.

            The major industry players would be the 'governing body', as you put it. They have historically played together decently since the dawn of DDOS attacks. Before smurf.c, ISP #1 would typically ignore anything ISP #2 said. That is not how things are these days.
        • No, not simple (Score:5, Informative)

          by Vainglorious Coward (267452) on Monday February 02, 2004 @07:07PM (#8164105) Journal

          Experience has shown that those who say "simply replace SMTP" do not understand the nature of the problem. It's no coincidence that one of the symptoms of being an anti-spam kook [rhyolite.com] is that your solution involves replacing SMTP

        • Replace SMTP with a more secure protocol.

          Did you come up with that all by yourself, or did you have help?

          Obviously, it would be ideal if a protocol were designed to replace SMTP that would stop SPAM, unfortunately, it's not as easy as just spending a few minutes writing one up.

          Tell the world, here on slashdot, how you would design this SPAM-proof protocol, and watch as everyone tears apart all of your ideas, listing how they just simply wouldn't work in the real world.

          • Re:Cha ching? (Score:3, Insightful)

            Thank you, captain obvious, for informing the world that it would take more than a few minutes to write a replacement.

            I did not want to get into a low-level discussion on how to do it, I figure there are many developers out there, who are far more gifted than I will ever be, can deal with that side of it.

            Since we are on the issue, sure. Re-tool SMTP into an authentication based protocol, requiring your account's password to allow email to be accepted by your ISPs mail server, just as with POP3.

            It's not l
        • Re:Cha ching? (Score:5, Insightful)

          by David McBride (183571) <david+slashdot AT dwm DOT me DOT uk> on Monday February 02, 2004 @07:43PM (#8164476) Homepage
          How do you propose to secure SMTP? Precisely what architectual and/or cryptographic scheme do you propose that would work?

          If I want to setup my own mailserver (not outside the realm of possibility, I'm a sysadmin) what hoops am I going to have to jump through to satisfy the Ultra Secure Email Lobbyists for Efficent Sending of Spam (USELESS)? Who do I go to if I believe someone is illicitly sending spam through their (presumably paid-for) email license?

          How do you propose forcing every single ISP that they need to filter port 25? Those within the US? Those outside?

          (And why bother if nobody uses SMTP anymore anyway?)

          And that's just the start. If someone's machine get hits by a virus which spams people (or allows others to spam through that machine) how do I know that it was some evil guy and not Joe User who got compromised? How many people are even going to go through the expense of legal proceedings for the million-odd users out there with MyDoom on their machine?

          Don't get me wrong, I don't think spam is fun. And I don't have a magic solution; I haven't even really thought about the problem.

          But it's also clear that you haven't thought about it, either.

          So unless you have an actual idea, or can point to someone who does, you're not going to garner that much interest.
    • Re:Cha ching? (Score:4, Interesting)

      by MadCow42 (243108) on Monday February 02, 2004 @06:17PM (#8163522) Homepage
      Email postage might make sense under one of two conditions:

      1) the recipient gets the postage fee
      2) the ISP that gets the postage fee provides email / internet access to the user for free

      If the ISP gets the cash without providing any FURTHER service, it's nothing more than a cash grab. I would still be likely to maintain a "free" mail account so my friends wouldn't have to pay to email me... I'd just be more likely to filter that heavily for spam.

      MadCow.
    • by Trejkaz (615352)

      Like hell.
      (a) I'm not paying for emails I send to their inboxes unless I get a notice that it will cost money before I send it.
      (b) If they insist on this, I'll just keep up my policy of not keeping in contact with morons with hotmail addresses.

    • by ackthpt (218170) *
      They stand to make huge profits because they host the inboxes of millions of users. Every email received at those accounts would invoice the sender. It's a no brainer for BARRELS OF CASH !!! (tm)

      Someone also has to provide software and systems to meter and invoice email. Gee, who could that be...

  • Do we need this? (Score:5, Informative)

    by RT Alec (608475) * <{moc.elkcuhc.todhsals} {ta} {cela}> on Monday February 02, 2004 @06:12PM (#8163464) Homepage Journal

    Story also posted on C-Net [com.com] (no account required, yada yada).

    What hapened to Yahoo's (as yet unveiled) scheme-to-end-all-schemes [eweek.com] for authenticating mail? IMHO, I think that SPF:Sender will make great strides towards combatting spam, combined with new laws that make spoofing illegal. And AOL is backing it [wired.com], so I think there is a good chance for success, as they are both one of the largest sources of e-mail as well as one of the most commonly spoofed domains.

  • by digitalvengeance (722523) * on Monday February 02, 2004 @06:12PM (#8163466)
    Here is a Washington Times summary that doesn't require registration.

    http://washingtontimes.com/upi-breaking/20040202-1 23126-8662r.htm [washingtontimes.com]

    And here is a IHT article which appears to feature the same quote as the NYT article. Same article? I won't register...

    http://www.iht.com/articles/127677.html [iht.com]

    Josh.
  • by MysteriousMystery (708469) on Monday February 02, 2004 @06:15PM (#8163496)
    It's a ridiculous concept really, the reasons email has become successful to begin with is that it's fast and free. If you charge for email, people will just move over to instant messengers or other systems. And how do you enforce charging people who you may or may not be able to track, the proposal to charge for spam based on the reciever's choice is absolutely ridiculous.
    • Escrow (Score:3, Interesting)

      by djtack (545324)
      And how do you enforce charging people who you may or may not be able to track, the proposal to charge for spam based on the reciever's choice is absolutely ridiculous.

      This is not so hard at all; you simply require the payment be placed in an escrow account before the mail server will accept the message. The sender would include some unique token in the message headers that corresponds to the escrow funds.

      Read about it here: Selling Interrupt Rgihts [ibm.com]. The article is from 2002, btw, this is hardly a n
    • I dunno, I like the idea. It needs some tweaking for certain, but as it stands now, email is almost useless.

      Email isn't free. It costs a minimum of a few hundred bucks to get a computer, plus the cost of even a minimal dial-up account. Anti-spam software costs money. And aside from hobbyists or unemployed folks, spending 40 hours trying to duct-tape some filtering solution on every computer just isn't reasonable.

      Spammers have significantly reduced the value of my computer, by taking what was once a useful
  • snail mail (Score:5, Funny)

    by QEDog (610238) on Monday February 02, 2004 @06:15PM (#8163499)
    Would this really help?
    How come stamps can't stop all the spam I get through snail mail? Please, make those AOL disks stop!
    • Ha! (Score:3, Funny)

      How come stamps can't stop all the spam I get through snail mail? Please, make those AOL disks stop!

      I realize you're being facetious, but I still don't get 100 AOL discs a day, like I do spam. Hell, if I did, I wouldn't have had to use my nice Snoop CD for my wall mural.

    • by nizo (81281)
      Actually, all you have to do is send your date of birth, SS#, bank account numbers, and credit card numbers to nojunk@scammer.ru and once they use that information to verify you really are who you say you are they will take you off of every maillist in the whole world, guaranteed!
      • by QEDog (610238)
        Actually, all you have to do is send your date of birth, SS#, bank account numbers, and credit card numbers to nojunk@scammer.ru and once they use that information to verify you really are who you say you are they will take you off of every maillist in the whole world, guaranteed!

        I tried that, and it only changed the spam mail from Credit Card Offers to Billing Companies Mail. I'm not sure if your suggestion really works...
        Oh well, maybe I will be able to get this issue resolved after I complete the deal w

    • Re:snail mail (Score:3, Informative)

      by JWhitlock (201845)
      As the son of a U.S. Postal Service employee, I'm forced to tell you that it's Direct Mail, not snail spam or junk mail. The big difference is with direct mail, the marketer is paying for every item sent, but with spam, most of the cost is placed on the ISP and the end user. Direct mail is more targeted, often more effective, and helps keep the cost of first-class mail (that's your mail) down. Spam just makes the spammers richer, and annoys the rest of us to tears.

      Of course, if it still annoys you, the

  • So, how are they going to charge their customers that get free email for the postage??? Won't other free emailers pop up and take their place???

    And if they only recieve postaged email, who would want to use them????

    What's more annoying...spam you have to delete(or is somewhat filtered) or the mess of postage. I would say the mess of postage.
  • smokescreen (Score:5, Insightful)

    by mabu (178417) on Monday February 02, 2004 @06:17PM (#8163511)
    There's no way to enforce this. The irony is that the only way a pay-for-email scheme would work, is in the context of a network of trusted mail relays, which is in effect, A WHITELIST.

    All this does is prove that eventually, there will be a network of whitelisted SMTP relays that will do more to combat the spamedemic. You don't need to charge money - that's an extra, goofy idea to make profit for a few select corporate interests. It won't fly because millions of systems will refuse to pay the "postage" extortion fee in order to be whitelisted.
  • by kcornia (152859) on Monday February 02, 2004 @06:17PM (#8163514) Journal
    Asking the sender to process a quick math question seems a better solution to me.

    Spam boxes would be prohibitively expensive due to the heavy requirements for sending millions of spams, and it would have the added benefit of notifying people when their box has been owned due to 100% processor utilization on said owned relay box.

    The money option just sounds like pushing for a new revenue stream. To heck with that.
  • Common sense... (Score:2, Interesting)

    by FrancisR (640455)
    "AOL is taking a different approach and is testing a system under development by the Internet Research Task Force. The system, called the Sender Permitted From, or S.P.F., creates a way for the owner of an Internet domain, like aol.com, to specify which computers are authorized to send e-mail with aol.com return addresses." Shouldn't AOL have thought of this a long time ago? I remember a few years ago when I used to use AOL and got deluged with FormMail spam with faked @aol.com return addresses. Good to se
  • I can't think of something else that would push an enormous amount of people from email to instant messaging. Someone will change the format to allow messaging of those off-line and bingo. New email!
  • Geez. Why the heck can't these fat-walleted companies fork over a few bucks or a few of their own employees to help the local and federal government bust some heads? All I see is talk-talk-talk. Let's get some action and stop it with these stupid schemes. Seriously, the purveyors of spam are fraudsters, can't they be reigned in on that alone?

    Oh, maybe if the postage goes to further line the pockets of M'soft and Y'hoo, as a likin worked, I can see their true motivation.

  • I hate spam but... (Score:5, Interesting)

    by dolo666 (195584) * on Monday February 02, 2004 @06:17PM (#8163524) Journal
    How will this affect websites sending their users emails from requested sources?

    Like I'm the programmer of Gemsites [jcomserv.net], a Slashdot clone. When we register a user, we shoot them an email. So are we going to have to pay money to do that?

    Because that would be totally stupid, and it would possibly put an end to discussion websites that require logons to validate users, unless there was a method to bypass the charge for sending email.

    The way Microsoft will turn it, would be that we all *should* be paying per email, because of this reason or that reason. Bottom line is Billy Goat Gates on his mountain of cash, trying to pile up more of it.
  • by EvilTwinSkippy (112490) <yoda AT etoyoc DOT com> on Monday February 02, 2004 @06:18PM (#8163533) Homepage Journal
    Everyone, please go home and open your mailbox. Now tell me if having to pay for postage has cut down on the level of unsoliceted mail arriving in you snailmail mailbox.
  • by mikeophile (647318) on Monday February 02, 2004 @06:18PM (#8163534)
    Instead of billing the sender of bulk email, why can't the receiver bill the service provider who permitted the bulk email to be sent in the first place?

    What you say? Microsoft would get huge bills because of the abusers of it's Hotmail service? That would be a pity, wouldn't it?

    • What you say? Microsoft would get huge bills because of the abusers of it's Hotmail service? That would be a pity, wouldn't it?

      Most spam from @hotmail.com addresses doesn't come from Hotmail. A list of what's currently in my inbox:

      From: mail.com
      Really from: hispeed.ch

      From: mail.com
      Really from: hispeed.ch

      From: osn.de
      Really from: adsl.tpnet.pl

      From: tiscali.co.uk
      Really from: t-dialin.net

      From: artnet.com.br
      Really from: ny325.east.verizon.net

      From: siba.fi
      Really from: dsl.pltn13.pacbell.net

      From: cellula
  • Already working? (Score:3, Interesting)

    by pen (7191) on Monday February 02, 2004 @06:18PM (#8163536)
    It seems that both Yahoo, and lately Microsoft, have discovered a pretty good solution for spam. My YM mailbox has been largely spam-free for a few months, and in the last week or two, Hotmail has been doing a pretty good job as well. Every now and then a spam gets through, but that's about it.
    • I have a Yahoo.com e-mail account and I agree. However, the problem is only solved for you, not them. They still have to add extra hardware (with associated increased power and maintennance costs) because of the volume of spam coming in.
  • sounds silly to me (Score:5, Insightful)

    by Matt Ownby (158633) on Monday February 02, 2004 @06:18PM (#8163537) Homepage Journal
    What is wrong with migrating to a replacement for SMTP? What is wrong with developing better challenge/response systems?

    If email gets a postage fee applied to it, people will stop using it. If I have to pay to send mail to someone at yahoo or hotmail, I would tell that person to get a different email address. No one is going to use email if it has a mandatory fee attached to it. Then again, maybe that's what needs to happen to give people a reason to stop using SMTP ...
  • Question... (Score:5, Insightful)

    by JoeLinux (20366) <joelinux@gm a i l . c om> on Monday February 02, 2004 @06:19PM (#8163544) Homepage
    Wasn't one of the hallmarks of a doomed .com company the fact that they tried to get people to pay for something they usually got for free?

    Just spitballin' here..

    Joe
    • by doorbot.com (184378) on Monday February 02, 2004 @06:28PM (#8163671) Journal
      Wasn't one of the hallmarks of a doomed .com company the fact that they tried to get people to pay for something they usually got for free?

      Like SCO's "Linux license"?
    • Re:Question... (Score:3, Insightful)

      by _Sharp'r_ (649297)
      Yeah. Let's get real. Here's how it would really go:

      1. Yahoo, AOL, MSN, whoever decides that they are going to setup a system where it costs users to send emails.
      2. People notice email costs money now.
      3. Several million new "free" email services appear on the Internet run by anyone smart enough to setup SMTP services on whatever port is settled on if they start blocking 25, in combination with all the ISPs in the world that didn't go along with (1) above.
      4. Yahoo, AOL, MSN, whoever that was doing (1) above
  • by clusterix (606570) on Monday February 02, 2004 @06:19PM (#8163550)
    Why can't MX records become required to list all in AND out going official SMTP for a domain. From then on, SMTP servers could reject non matching MXed sender IPs and if spam does get through - you know you to blame.


  • Who profits? Who will regulate the size and the postage on that? Would they still agree that this is a great Idea is the US postal service was the one that made a profit?

    I am still surprised to this day that there is not a better solution to e-mail. Maybe that is the next killer app....the race is on boys they are just trying to figure out how to make the most money on it.

  • by glpierce (731733)
    Exactly how will this work outside the US? Considering that $0.01 is a lot of money in third-world countries, and not much in the UK, you can't just make it a flat rate. But if you make it a sliding scale, what's to prevent a spammer from using an address in Somalia to make it cheaper?
  • by Sheetrock (152993) on Monday February 02, 2004 @06:20PM (#8163565) Homepage Journal
    It's clear that sender-pays is the only technological scheme that is effective and can be guaranteed effective in the long term.

    Other proposed solutions involve lengthy computations on a sender's machine, which can be trivially verified on the receiver's machine. These will be overcome with faster machines, and spammers can afford better hardware than the rest of us anyway. Legislation is no solution, as the only sort that respects the First Admendment rights of emailers provides the same rights to unsolicited email.

    As the saying goes at our local Mensa chapter: wise thoughts may go into your mind, but pultem calidus invado pantorum. At the end of the day postage is the cheapest option, given the cost of enforcement or technology updates.

    • Hmmm, "Sender Pays" is a technical fiasco. There's a reason that micro payment doesn't exist. The only reason send pays works just fine for the US Post Office. Because there is only one party to buy postage from, and you buy it, and tack something physical on a real piece of mail.

      What charge are you going to have for sending a piece of mail? Is it a penny? What happens one you get charged a penny for a piece of mail you didn't send? What happens when you get charged a penny a quarter of a million ti

  • If that worked, then regular mail would have no junk mail, because no one would pay the postage. Yet every time I open the mailbox, I am greeted with a fistful of unsolicited advertisements. The only way to "block" email spam is to not have an email address. For every measure put in place, there will be someone willing to work around it.
  • by PaulK (85154) on Monday February 02, 2004 @06:22PM (#8163593)
    my tweezer skills. It's not enough that I've spent decades removing paperclips, business cards, broken diskettes, credit cards, diskette labels, coins, and other assorted crap from drives and systems....

    Now I need to worry about stamps too, just as my eyesight is diminishing.

    Score one for the hardware folks! Best idea ever!
  • by Mad Bad Rabbit (539142) on Monday February 02, 2004 @06:22PM (#8163602)
    Oh, great. One of the proponents is a bulk-emailer called "Goodmail", who wants this system because if they pay to send out spam (with the postage going to ISPs), the ISPs will have a financial incentive not to block them.
  • More like... (Score:4, Insightful)

    by tubabeat (605286) on Monday February 02, 2004 @06:22PM (#8163604)
    ...A scheme to encourage spammers to send out even more trojan laden viruses to send their spam from compromised machines at the expense of the victim.

    I fail to understand how a scheme that involves the schemes administrators making a profit for every mail sent is going to reduce the amount of mail sent.
  • Heh, here's a choice quote, from an exec at Goodmail, one of the postage schemes that would allow postage paid spam right into your inbox:

    "The very notion that I have to get permission to send you a marketing message doesn't make sense and is not good public policy,"

    I think it's GREAT public policy. If I don't want your ads, tough shit.
  • Yahoo supports this? (Score:3, Interesting)

    by mblase (200735) on Monday February 02, 2004 @06:22PM (#8163606)
    Yahoo! Mail already has a spam filter engine, and it's ridiculously effective for a freemail provider. I rarely use my Yahoo account, but still tend to check it daily for email that should go to my new email addy and doesn't.

    On a typical day, Yahoo! Mail will have around 100 new spam messages for me, and only two to six of them will make it to my inbox. After a quick setup a month or two ago, I can now check them all with one click and have them identified and deleted as spam with a second click.

    While I understand Yahoo! wanting to lessen the burden on their filtering software by supporting postage, I think the sheer cost of such postage would eliminate Yahoo! Mail as a free service and wipe out most of its users in the process. I honestly can't imagine why they would want to use it instead of their already very effective spam traps.
  • by Thagg (9904) <thadbeier@gmail.com> on Monday February 02, 2004 @06:27PM (#8163658) Journal
    The Goodmail "solution" is the worst of all possible worlds. What they want to do is convince people doing spam filtering that paid-for spam should still go through. They want to raise the quality of the spam, not get rid of it.

    Please. That's not the answer.

    thad
  • In the Workplace (Score:3, Insightful)

    by millahtime (710421) on Monday February 02, 2004 @06:28PM (#8163665) Homepage Journal
    This would put a huge damper on collaberation with companies. If it cost me for all the eails I send for the projects I work on then I wouldn't send them. It would make my job harder and make the products I work on more costly and and take longer to due just due to the fact of it slowing down my work or i have to wait longer for things.
  • by Storm (2856) on Monday February 02, 2004 @06:30PM (#8163697) Homepage
    ...Does this mean if I don't pay, I won't get another email from yahoo or msn?

    Remind me again, where's the downside of this?
  • by fishbert42 (588754) on Monday February 02, 2004 @06:30PM (#8163702)
    Reading the headline reminded me that I heard a story [npr.org] on NPR while laying in bed this morning about ways to go about eliminating spam on the internet.

    Not sure if it contains any "new" information, but it might be worth a listen.
  • by Crypto Gnome (651401) on Monday February 02, 2004 @06:33PM (#8163740) Homepage Journal
    Yet again Microsoft is doing their best to prostitute something which is currently "free" into something which they can use to screw their customer for unreasonable amounts of cash.

    Today they're trying to "embrace and extend" email.

    A Microsoft backed solution will lead to proprietary enhancements, patent litigation, prosecution and the general demise of email other than through Microsoft Proprietary Commercial Products.

    Oh and you can forget about sending email from any *NIX like OS, absolutely not from any GPL or otherwise OpenSource OS.

    I am not predicting the future, these things have already occurred In other areas of computing, just not email (yet).
  • by steveha (103154) on Monday February 02, 2004 @06:36PM (#8163772) Homepage
    The basic idea, to make spamming too expensive to be worth it, will work. But I don't want to have Microsoft, Yahoo, etc. collect the money; the email account owner should set the fee and collect it.

    I wrote it up here:

    http://slashdot.org/comments.pl?sid=94145&cid=8077 371 [slashdot.org]

    The key points:

    You set the fee, and collect it.

    You can refund the fee if you wanted the email.

    You can add people to a whitelist.

    The whitelist uses digital signatures, not easily-forged header fields.

    It doesn't really work unless we have a micropayment system that can charge small amounts (five cents) without expensive overhead.

    In the discussion attached to that article, one person pointed out that this system could be exploited like this: advertise a job, one that looks like it's really worth applying for. Charge about 20 cents per email to accept resumes. Pocket all the money. It's a perfect small-time fraud scheme: you steal so little, from so many people; who would be motivated enough to check up on whether there was ever really a job to apply for?

    I have to say, even without the charging of fees, a whitelist based on digital signatures would be great. You could have a special folder where known-good emails go, and another one for the rest. I'd have my email client play a chime sound when known-good emails arrive, but not the rest.

    steveha

  • by frovingslosh (582462) on Monday February 02, 2004 @06:37PM (#8163796)
    ''Damn if I will pay postage for my nice list,'

    This pretty much says it all. If there's a postage charged for email then email will become all spam, not spam free.

    The first to go will be lists like the above, no free newsletter is going to be able to justify paying postage on mailings of 30,000 or more.

    Along with that will be the automated emails. Think /. will still email you when someone responds to your post if it costs them? Think again. You will not get email order confirmation, notice about your rebates, shipping tracking information, or other automated business related email that you want either.

    Some people might pay a micro payment on some email, but others will not. Rather than being the killer app for the Internet, email will fall into disuse.

    While all of this is going on, the spammers are not going to be slowed one damn bit. If they could be held accountable they would be stopped already. They will either continue to sign up for throw away accounts and then abandon them and not pay for the email, or they will continue to make their deals with shady ISP who damn well know they are spammers and let it slide. If a spammer has a deal with an IPS to send spam you can bet he isn't really going to pay the ISP postage fees. Worse yet, the claim will be made that the spammer is paying postage fees, and that those supposed fees omehow make it legitimate for then to cram your mailbox with spam for the p3nis patch and the paris hilton video xjrf.

    And one other effect it will have is that I will certainly not pay to forward all the hundreds of daily spam I get to utc@ftc.org, and other spam fighters will see their complaints of spam dry up too.

    In short order, much of the valid uses of email will come to an end because of this "postage", and spammers will continue completely unaffected. And it seems hard to believe that Yahoo and Microsoft don't already understand this.

  • My Favorite Quote (Score:3, Insightful)

    by L7_ (645377) on Monday February 02, 2004 @06:38PM (#8163808)
    "The very notion that I have to get permission to send you a marketing message doesn't make sense and is not good public policy," said Richard Gingras, Goodmail's chief executive.

    What the hell? It >does make sense from a consumer's perspective, and it might not be good public policy to a corporation because how else will people really know that they want thier product? Unless they actually knew that they needed it, and looked for companies that would produce it?

  • by jordandeamattson (261036) <jordandm@gma i l . c om> on Monday February 02, 2004 @06:39PM (#8163826) Homepage
    Actually, this problem can be solved without charging postage on each and every piece of email.

    The problem can be addressed by putting people at risk of being charged postage. This can be done by requiring that senders post a bond of say 1/10 of 1 cent per item sent.

    If you are sending 30,000 pieces of mail a week, your bond would only be $30.00. If people like your email, you will never have to pay the toll, but if they don't like it, then you will be subject it.

    The folks that will be caught in this web are spammers and direct marketers. They send millions of spams in the hope that just a few folks will bite. If we raise their cost of doing it above the return, they will be out of business ASAP.

    The only way to kill spam, which depends on a frictionless mailing process, is to introduce some friction (i.e. cost) into the system.

    Yours,

    Jordan
  • by stripmarkup (629598) on Monday February 02, 2004 @06:40PM (#8163836) Homepage
    I remember the original idea being something like this:

    1) The user determines how much to charge to read email from someone not on his/her whitelist. For example, I would look at untrusted emails for at least $0.10 a pop.

    2) The user can choose not to collect the payment if the unknown sender is someone legitimate, like an old acquaintance, a friend with a new email address, a job offer, etc.

    This would effectively kill spam without creating much of an inconvenience to legitimate email.
  • by rjamestaylor (117847) <rjamestaylor@gmail.com> on Monday February 02, 2004 @06:43PM (#8163875) Journal
    Philip Greenspun, I believe, commented at the height of Internet Hype email was still the killer app of the Internet, not the web. Indeed in 2000, iirc, Dave Winer sent out an email newsletter wherein he stated his amazement that more people rely on his newsletter for updates than visit his dymnamically updated website. No mystery to me: emailed newsletters require no action on my part except subscribing (and not always that is required, which is why we're discussing spam, eh?), has a familiar interface that my Mom, a grandmother many times over, has no trouble mastering, and is well-supported by various vendors. But email is overrun with spam, worms and viruses ... and forwarded conspiracies from grandmothers (*ahem*).

    But another method of delivering news is available to content serializers: RSS feeds. RSS feeds allow for true "push" content delivery like email. But, RSS feeds are not as easy to grasp, access or view as email.

    Proposal: create an add-in RSS feed aggregator into common email platforms such as Outlook, Outlook Express, Mozilla, Eudora, pine (kidding), etc. Build content creation mechansism into the same email clients with the ability to post the feeds to a public directory (Google? Anyone listening?) with various subscription options on both ends.

    This way email could be returned to a person-to-person(s) communication tool for low-volume communication needs; content aggregators could better server their readers/viewers and we can all experience whirrled peas.

    Whatever. Anyway, just an idea -- what thinkest thou?

  • by quork (745692) on Monday February 02, 2004 @06:56PM (#8164002)
    There already is a solution... It is called a digital signature and comes from a Certificate Authority. Couldn't ISP's, Yahoo, or even Hotmail be required to issue PKI certificates to a paying user? Email administrators would then have the option of dropping any email that wasn't digitaly signed (as coming from a legitimate CA). This digital signature would shed light on the responsible parties involved in sending SPAM. Then fines could be levied on the guilty parties. Screw the stamp people. I already pay for the privilage of sending email. Digital Signatures are free!
  • by LostCluster (625375) * on Monday February 02, 2004 @07:04PM (#8164078)
    Just because it's on the Internet doesn't make it free. Operating an e-mail server costs money, you have to plug it into a wall and we all know power isn't free. You also have to plug it into a computer network, and we all know those aren't free. You also have to plug that network into an Internet connection, and we all know those aren't free either.

    It's the fact that e-mail has no per-message unit of charge that makes it appear free, and why e-mail lists you want to be on are so cheap to operate, and spam you don't want to get is so cheap to throw at you. It's hard to raise the cost of one without raising the cost of the other.

    However, e-mail lists can simply convert to a pull-based mechanism such as a web page or RSS... so I think e-mail list operators who shout down anti-spam measures that interfere with their current operations are just being lazy, they can convert their subscribers to other delivery methods if they want to.
  • by MillionthMonkey (240664) on Monday February 02, 2004 @07:12PM (#8164148)
    (Apologies to those who have seen this before.)

    Your company advocates a

    (x) technical ( ) legislative (x) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    (x) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    (x) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    (x) Unpopularity of weird new taxes
    (x) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    (x) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    (x) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    (x) Extreme stupidity on the part of people who do business with spammers
    (x) Extreme stupidity on the part of people who do business with Microsoft
    (x) Extreme stupidity on the part of people who do business with Yahoo
    (x) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    (x) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    (x) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid company for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
    • Sending email should be free

      The whole reason for this "tragedy of the commons" is that sending email to most everybody is free. The way to solve the problem is to make it cost something to get email into most ISPs networks (unless the recipient is an anonymous police tip line, rape crisis center, spam researcher, etc. Those types might continue to monitor legacy SMTP ports.). The cost might be per email, or the price of identifying oneself to a certification authority (enough ID that the police (or lync

      • There has been a lot of talk about replacing SMTP with something better. Except I think "something better" will turn out to be as exploitable as SMTP if we ever try it, as long as messages can be sent for free.
        Any messaging protocol is susceptible to spam if transmission is free and sending a message to someone merely requires knowledge of a fixed, relatively stable piece of information such as an email address. People come up with ways to complicate SMTP and they often don't realize that the replacement p
  • Security risk (Score:3, Insightful)

    by unoengborg (209251) on Monday February 02, 2004 @07:44PM (#8164485) Homepage
    If we are going to pay postage, we must have some electronic way of doing that. It could be creditcard or something else. Whatever it is you will have to be able to do payments through your computer. That will probably include som account information et.

    What an admirable target for viruses, trojans or spyware that would be. The relatively small problem of using e-mail filters to prevent your inbox from clogging up will be replaced with the bigger problem of keeping your money in the wallet.

    A better way would probably be to only accept digitally signed mails, that way the sender could always be identified, and if spam was illegal in most countries we would be able to prevent spam with legal processes.

    The problem is that there could be legitimate use of anonnymous mail. E.g. who would send an e-mail to the press telling that their company is doing an Enron to the press or even the police if they knew they could be identified.

    But I think its easier to learn to live with this disadvantage, than to loose the money in your wallet. After all wistle blowers could still slip a paper note into an unmarked envelope and slip it under the doorstep of the reciever.

  • A Better Solution (Score:3, Insightful)

    by localman (111171) on Monday February 02, 2004 @07:48PM (#8164527) Homepage
    Doesn't it just come down to killing the easy anonymity of email? If the whole system was run in a secure fashion, then it would be child's play to sue the pants off a few high profile spammers and put the whole bunch of them out of business. And blacklists would actually be useful.

    Of course it requires a major conversion of the ol' SMTP, but with a huge amount of power concentrated in AOL, MSN, and Yahoo, I think they could come up with a secure email alternative and force everyone to upgrade. It would be painful for a bit, but in the long run I bet it would be better.

    I'm all for anonymity in general, but not in my inbox. Post to a discussion or something through an anonymizer if you want that.

    Cheers.
  • by uncadonna (85026) <mtobis AT gmail DOT com> on Monday February 02, 2004 @09:09PM (#8165236) Homepage Journal
    If the recipient replies or authorizes, they forego the fee.

    Advantages: real email stays free, spam costs, microtransaction standards emerge.

    Disadvantages: Microsoft and Yahoo don't make as much money. Sorry.

  • by imnoteddy (568836) on Monday February 02, 2004 @09:11PM (#8165256)
    It might be kind of nice if the big boys tried to charge for email because then people would have an incentive to find a solution. In other words kill email as we know it.

    If there was going to be a charge for email, consider how one group of email users, namely universities, would react. First, they'd find a workaround/new protocol so internal "messages" wouldn't be charged for. Next, universities would find a way to exchange "messages" between each other without charges. Then others would pick up on the idea and ...

    There are technical solutions, but they won't be adopted until a certain pain threshold is reached. Spam filters have improved a lot lately and have been holding the pain down. Charging for email would ratchet the pain level up immensely.

  • by isdnip (49656) on Monday February 02, 2004 @09:25PM (#8165349)
    I'm drowning in spam, and it's getting in the way of my job. The only solution that can possibly work is one that involves putting a price tag on spam. So here's my proposal (which I've put on here before, btw; this is not a new topic). The only way to put a price tag on spam is to put a price tag on email. But it doesn't have to apply to all email.

    The price, then, is for the right to touch MY mailbox IF you're a stranger -- if you're a mailing list that I've subscribed to, you would go onto my whitelist, and come in postage-free. If you are somebody I know, you go onto my whitelist, and come in postage-free. Yes, for this to work, there has to be some way for the POP server (NOT the client) to maintain per-user whitelists.

    If you're not on my whitelist, you need to use a one-time "stampette", whose price would have to be high enough to discourage spammers, but low enough to not bother anybody worthwhile. I'm thinking around a quarter-cent per message, but it wouldn't be fixed by anyone in particular. These stampettes would be issued on a free-market basis, and anyone could set up a micropostage service, provided that the *recipient* whitelisted it. So if somebody were giving away stamps at, oh, a million per dollar, then spammers would use them, and those stamps wouldn't be on my whitelist. Again, it's a free market solution, no government intervention.

    ISPs, in this scheme, should issue all subscribers a batch of stampettes (which mail clients would learn quickly to attach, if needed). A thousand for a quarter-dollar (or quarter-Euro) would be more than enough for a month, don't you think? How many strangers (or first-time correspondents) do you write to?

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...