Microsoft, Yahoo Investigate Spam Solution 596
bllfrnch writes "The NY Times (account required, yada yada) has an article about the suggestion of email postage to stop the advent of spam. Apparently, both Microsoft and Yahoo! support such an initiative, as they are the largest email service providers. Best quote: ''Damn if I will pay postage for my nice list,' said David Farber, a professor at Carnegie Mellon University, who runs a mailing list on technology and policy with 30,000 recipients'."
Re:Cha ching? (Score:5, Insightful)
smokescreen (Score:5, Insightful)
All this does is prove that eventually, there will be a network of whitelisted SMTP relays that will do more to combat the spamedemic. You don't need to charge money - that's an extra, goofy idea to make profit for a few select corporate interests. It won't fly because millions of systems will refuse to pay the "postage" extortion fee in order to be whitelisted.
Just enforce the damn laws!!!! (Score:2, Insightful)
Oh, maybe if the postage goes to further line the pockets of M'soft and Y'hoo, as a likin worked, I can see their true motivation.
Postage hasn't stopped Junk mailers (Score:5, Insightful)
sounds silly to me (Score:5, Insightful)
If email gets a postage fee applied to it, people will stop using it. If I have to pay to send mail to someone at yahoo or hotmail, I would tell that person to get a different email address. No one is going to use email if it has a mandatory fee attached to it. Then again, maybe that's what needs to happen to give people a reason to stop using SMTP
Question... (Score:5, Insightful)
Just spitballin' here..
Joe
International Problems (Score:2, Insightful)
Re:I like the computational challenge solution bet (Score:5, Insightful)
Re:Cha ching? (Score:3, Insightful)
ah... but if spammer x sends a boatload of herbal viagra offers under bob's relay and bob gets a bill... then when they do catch spammer x he can be nabbed under wire fraud laws and be open to all sorts of tasty civil action.
Better than that... (Score:3, Insightful)
Someone also has to provide software and systems to meter and invoice email. Gee, who could that be...
More like... (Score:4, Insightful)
I fail to understand how a scheme that involves the schemes administrators making a profit for every mail sent is going to reduce the amount of mail sent.
Re:Cha ching? (Score:5, Insightful)
also, best answer to spam, don't click on the links in it, don't read it, just delete it, if it wasn't profitable they wouldn't send it out. Sadly dumb people buy shit from telemarketers and spammers.
In the Workplace (Score:3, Insightful)
Re:Cha ching? (Score:5, Insightful)
But until then, would you like to be bob?
Re:Hash Cash and standards (Score:4, Insightful)
It still costs them though (Score:3, Insightful)
Not really news.... (Score:3, Insightful)
Today they're trying to "embrace and extend" email.
A Microsoft backed solution will lead to proprietary enhancements, patent litigation, prosecution and the general demise of email other than through Microsoft Proprietary Commercial Products.
Oh and you can forget about sending email from any *NIX like OS, absolutely not from any GPL or otherwise OpenSource OS.
I am not predicting the future, these things have already occurred In other areas of computing, just not email (yet).
Re:Cha ching? (Score:5, Insightful)
and WHO is going to mandate this? SMTP is an ad hoc standard - ie people use it because people use it. If everybody's using it then that's a lot of people using it.
Re:Postage hasn't stopped Junk mailers (Score:4, Insightful)
Um, yeeeah....
Let's see here, I've got around 4 or 5 unsolicited mails here. All of them look to be from legitimate businesses. All of them have paid money to try to solicit me.
Hmm, around 150 unsolicited emails in a single day. I don't dare look at them because of the web bugs, scams, etc. that are present.
Do you think that if postal mail didn't cost anything that I'd be receiving only 4 or 5 unsolicited mailings a day?
Re:Cha ching? (Score:2, Insightful)
GIANT MONEY GRAB
The more I think of this, the more I'm enraged by it. Why?
Imagine that the net's email system is shaped like an hourglass. The top bulb is the sender of email, the bottom is the recipient. That pinched spot in the middle is where a handful of email firms (MS, Yahoo, et al) take a "micropayment" for every mail traversing their network.
They support it because they see it as a long term "User Pay" system. Microsoft has for years wanted to get into this type of system. It's plain fucking bad for the net! DO NOT SUPPORT THIS
the solution results in only spam (Score:5, Insightful)
This pretty much says it all. If there's a postage charged for email then email will become all spam, not spam free.
The first to go will be lists like the above, no free newsletter is going to be able to justify paying postage on mailings of 30,000 or more.
Along with that will be the automated emails. Think /. will still email you when someone responds to your post if it costs them? Think again. You will not get email order confirmation, notice about your rebates, shipping tracking information, or other automated business related email that you want either.
Some people might pay a micro payment on some email, but others will not. Rather than being the killer app for the Internet, email will fall into disuse.
While all of this is going on, the spammers are not going to be slowed one damn bit. If they could be held accountable they would be stopped already. They will either continue to sign up for throw away accounts and then abandon them and not pay for the email, or they will continue to make their deals with shady ISP who damn well know they are spammers and let it slide. If a spammer has a deal with an IPS to send spam you can bet he isn't really going to pay the ISP postage fees. Worse yet, the claim will be made that the spammer is paying postage fees, and that those supposed fees omehow make it legitimate for then to cram your mailbox with spam for the p3nis patch and the paris hilton video xjrf.
And one other effect it will have is that I will certainly not pay to forward all the hundreds of daily spam I get to utc@ftc.org, and other spam fighters will see their complaints of spam dry up too.
In short order, much of the valid uses of email will come to an end because of this "postage", and spammers will continue completely unaffected. And it seems hard to believe that Yahoo and Microsoft don't already understand this.
My Favorite Quote (Score:3, Insightful)
What the hell? It >does make sense from a consumer's perspective, and it might not be good public policy to a corporation because how else will people really know that they want thier product? Unless they actually knew that they needed it, and looked for companies that would produce it?
Re:Cha ching? (Score:3, Insightful)
Re:Heresy? (Score:3, Insightful)
The difference is that you're already paying for your internet access, which covers email, web browsing, and everything else. That's because it's all the same to the computer. It's all just little packets of data blasting through your ethernet cable. Now if you sign up for some special email service, they could charge you for using it, but you shouldn't have to pay extra to your ISP because of the type of data you're sending. A packet is a packet no matter what it contains.
And how do they define email? Something sent through SMTP from your machine? What about webmail? Does the length of the email matter?
About phone calls... those are different from emails. While the purpose may be the same, they work completely differently and cannot really be compared that well. If all you used your internet for was to send and receive emails, then you'd be using it similarly to a phone, which only does one job and isn't always using up bandwidth. But you're not doing that; you're going on
Emails are nothing compared to videos and other data formats. Charging for them for any reason wouldn't make sense from a technical point of view, and as for spammers, they'll get around it somehow. I had a friend who got hit with a trojan horse virus that sent out spam. She was on AOL so her account got frozen. At least she wasn't hit with a huge bill for somebody else's wrongdoing. I'm sure they could have sorted it out if she was, but it would only have been annoying and time-consuming.
E-mail was never "free" to begin with... (Score:3, Insightful)
It's the fact that e-mail has no per-message unit of charge that makes it appear free, and why e-mail lists you want to be on are so cheap to operate, and spam you don't want to get is so cheap to throw at you. It's hard to raise the cost of one without raising the cost of the other.
However, e-mail lists can simply convert to a pull-based mechanism such as a web page or RSS... so I think e-mail list operators who shout down anti-spam measures that interfere with their current operations are just being lazy, they can convert their subscribers to other delivery methods if they want to.
Re:Nope, nope, nope (Score:5, Insightful)
Here's something for you to consider. Who the heck died and made you the tax collector for the world? That's exactly what they'll be saying to Microsoft and Yahoo. This approach would be excedingly painful to negotiate, worse, most of the open relays aren't great big machines, but zombies and small servers with lax security.
A couple years back some sh!t hit the fan regarding Bill Jones run for office in California. Seems some Campaign email was routed through a elementary school computer in Korea [wired.com]. What are you going to do? Send them a bill and have Microsoft or Yahoo goons shut down the school when they don't pay it?
What's needed is cooperation, not this loopy strategy.
Blacklist/Whitelist or roll out a new standard and have major ISP's switch over and at some point block old SMTP Problem solved.
Re:I WILL SAY IT AGAIN... (Score:5, Insightful)
Free to who, exactly? First you have to pay the CA for the 'privlidge' of using their certificates, then the ISP recieving massive ammounts of e-mail has to get very serious systems to crunch the numbers needed to verify the certificates.
Why.. don't.. people... listen... (Score:2, Insightful)
Re:Cha ching? (Score:5, Insightful)
he can be nabbed under wire fraud laws and be open to all sorts of tasty civil action.
In how many countries?
Attention Microsoft and Yahoo (Score:5, Insightful)
Your company advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Extreme stupidity on the part of people who do business with Microsoft
(x) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:It's a ridiculous concept (Score:3, Insightful)
Email isn't free. It costs a minimum of a few hundred bucks to get a computer, plus the cost of even a minimal dial-up account. Anti-spam software costs money. And aside from hobbyists or unemployed folks, spending 40 hours trying to duct-tape some filtering solution on every computer just isn't reasonable.
Spammers have significantly reduced the value of my computer, by taking what was once a useful resource and turning it into a major annoyance. Is it a complete solution? Probably not. Seems like an interesting place to start, though.
Re:Old news, still a solution to seriously conside (Score:3, Insightful)
The REASON we have spam is because some stupid people are BUYING the CRAP the spammers are selling.
Re:Cha ching? (Score:3, Insightful)
I did not want to get into a low-level discussion on how to do it, I figure there are many developers out there, who are far more gifted than I will ever be, can deal with that side of it.
Since we are on the issue, sure. Re-tool SMTP into an authentication based protocol, requiring your account's password to allow email to be accepted by your ISPs mail server, just as with POP3.
It's not like this is impossible.
Solving the spam problem is not the problem (Score:2, Insightful)
During the transition period, users will either have to accept e-mail from the old SMTP system, or refuse it. If they accept it, why would anyone move to the new system when they are still going to get spam via SMTP? If they refuse it, why will anyone move to the new system when it means they anyone still using SMTP (which at the start, will be virtually everyone) will be unable to e-mail them?
If we could say, "OK, from Jan 1st 2005, SMTP is gonna be switched off and everyone will use the new system", there wouldn't be a problem, but obviously we can't do that.
Or we could somehow stop spam from SMTP getting to accounts on the new system. But then, if we could do that, we could presumably use exactly the same technique to fix SMTP.
Re:Cha ching? (Score:5, Insightful)
If I want to setup my own mailserver (not outside the realm of possibility, I'm a sysadmin) what hoops am I going to have to jump through to satisfy the Ultra Secure Email Lobbyists for Efficent Sending of Spam (USELESS)? Who do I go to if I believe someone is illicitly sending spam through their (presumably paid-for) email license?
How do you propose forcing every single ISP that they need to filter port 25? Those within the US? Those outside?
(And why bother if nobody uses SMTP anymore anyway?)
And that's just the start. If someone's machine get hits by a virus which spams people (or allows others to spam through that machine) how do I know that it was some evil guy and not Joe User who got compromised? How many people are even going to go through the expense of legal proceedings for the million-odd users out there with MyDoom on their machine?
Don't get me wrong, I don't think spam is fun. And I don't have a magic solution; I haven't even really thought about the problem.
But it's also clear that you haven't thought about it, either.
So unless you have an actual idea, or can point to someone who does, you're not going to garner that much interest.
Security risk (Score:3, Insightful)
What an admirable target for viruses, trojans or spyware that would be. The relatively small problem of using e-mail filters to prevent your inbox from clogging up will be replaced with the bigger problem of keeping your money in the wallet.
A better way would probably be to only accept digitally signed mails, that way the sender could always be identified, and if spam was illegal in most countries we would be able to prevent spam with legal processes.
The problem is that there could be legitimate use of anonnymous mail. E.g. who would send an e-mail to the press telling that their company is doing an Enron to the press or even the police if they knew they could be identified.
But I think its easier to learn to live with this disadvantage, than to loose the money in your wallet. After all wistle blowers could still slip a paper note into an unmarked envelope and slip it under the doorstep of the reciever.
A Better Solution (Score:3, Insightful)
Of course it requires a major conversion of the ol' SMTP, but with a huge amount of power concentrated in AOL, MSN, and Yahoo, I think they could come up with a secure email alternative and force everyone to upgrade. It would be painful for a bit, but in the long run I bet it would be better.
I'm all for anonymity in general, but not in my inbox. Post to a discussion or something through an anonymizer if you want that.
Cheers.
Re:Cha ching? (Score:5, Insightful)
Sadly it only takes one purchase in a few hundred thousand to make money. This solution requires perfection that will never be acheived in a society which think janet jacksons boob is news (or worse, that it's offensive) and watches the simple life.
Re:Nope, nope, nope (Score:3, Insightful)
In the recent past, it seemed that the spamming farms weren't giant machines, but they weren't mostly zombies either - wasn't that big US spammer in Texas or Florida just a guy with a T3 and a garage full of medium-sized servers? If that's the case, and you're being pounded with Viagra-grams from a guy with another garage in Indonesia, then this sort of "pay your tax or report to
Of course, if such a system were enacted, then I guess the shift to zombie relays would accelerate.
I too believe that cooperation is needed, but it's needed as much from the CMU guy who feels he has the right to send his 30,000 e-mails out for free as it is from spammers. Charge me a penny for my e-mails or only allow 600 free outgoing messages a month. But please do something, because I'm pretty sure that my (insert mobile data device here - I have a Sidekick) will stop being useful when it's flooded with spam.
Same concept as RIAA is pushing (Score:2, Insightful)
Re:Attention Microsoft and Yahoo (Score:4, Insightful)
( ) I think you might have something here.
Yep...
I figure this "form" post does make a point, and the conspicuous absence of hope is part of it.
Re:Cha ching? (Score:2, Insightful)
Then some brilliant group of people will respond with a TOTALLY DIFFERENT alternative to POP and SMTP that GETS RID of SPAM. POP and SMTP are too open and too easy to spoof (I know, they COULD be fixed, but nobody will do it for the sake of "backward compatability).
It's time to let the existing system DIE so we can get ubiquitous, free, and secure, spamless email.
Re:Cha ching? (Score:3, Insightful)
Filtering port 25, assuming the updated protocol would utilize the same port.
How about not being an asshat when someone has something to say? I mean, really, I did not post this to sound like Mr Smarty Man III. I posted to inspire people to talk about the issues.
You, on the other hand, are posting simply to point out that I did not go into enough depth and pick at what I say. Personally, I feel that posters like you can simply go to hell since you contribute absolutely nothing except for ill feelings towards anyone who wishes to share their thoughts in a forum.
I do not pretend any of it is really simple. The concept is simple, the implementation would be a lot of work, would require global participation, and so on.
Add to the thread of shut the fuck up, troll.
Re:Cha ching? (Score:3, Insightful)
But a standard is only important if people *contintue* to use it. Given a choice of new-MTP which is less than 50% spam and unsecure SMTP which is going to be more than 99% spam, most people will switch after a few months, and SMTP will decline to the status of a mostly historical standard such as gopher. Only hackers and law enforcement agencies will continue to freely receive anonymous and/or mostly forged SMTP email. Mailing list senders will have to switch if they want to reach the majority of recipients.
Re:Attention Microsoft and Yahoo (Score:3, Insightful)
The whole reason for this "tragedy of the commons" is that sending email to most everybody is free. The way to solve the problem is to make it cost something to get email into most ISPs networks (unless the recipient is an anonymous police tip line, rape crisis center, spam researcher, etc. Those types might continue to monitor legacy SMTP ports.). The cost might be per email, or the price of identifying oneself to a certification authority (enough ID that the police (or lynch mobs) can find you if you break enough spam laws.)
Re:Question... (Score:3, Insightful)
1. Yahoo, AOL, MSN, whoever decides that they are going to setup a system where it costs users to send emails.
2. People notice email costs money now.
3. Several million new "free" email services appear on the Internet run by anyone smart enough to setup SMTP services on whatever port is settled on if they start blocking 25, in combination with all the ISPs in the world that didn't go along with (1) above.
4. Yahoo, AOL, MSN, whoever that was doing (1) above start to either suffer a massive user drain because they just started charging their users a bunch of new fees, or they roll the cost of sending email into their "normal" fees to avoid that. This makes (1) above completely pointless, other than to encourage semi-secret gateways between the free and paid email systems.
5. ???? (just to keep tradition)
6. No profit, no affect on spam, paid email goes away.
Yahoo And Spam (Score:1, Insightful)
Paying to send e-mails?! (Score:2, Insightful)
Saying that making people pay for e-mail because someones uses e-mail to send SPAM, is like saying that people should pay for pings because someones uses pings for DoS attacks.
The best solutions (but hard to implement due to the stupidity of a major portion of computer users, like those who open attachments and spread MyDoom) is to have verifiable sender and reciever. I.e. have e-mails digitally signed, so that you'll be sure that it's send from that specific someone specifically for you. That would actually also stop e-mails from viruses who fake the "From:" field.
Perhaps if digital signing and verifying will be made seamless in the mail (STMP and POP3/IMAP/HTTP servers) servers, it will actually work!