Spam and the Law Conference Report 145
Cowards Anonymous writes "The Guardian has a story about a spam and law conference, recently held by the Institute for Spam and Internet Public Policy, in San Francisco.
The conferences are usually attended by anti-spammers, from the major ISPs, and spammers; and are an attempt to bring the two sides together. The article's author notes 'It's oddly intimate, watching the spammers and the anti-spammers mill around each other like this. It feels like a temporary ceasefire in a vicious war that to most of us seems to be a stalemate.'
Also in attendance was infamous spammer Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance. Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands."
The (c) BILL NEILL Solution to SPAM (Score:1, Interesting)
Yahoo.
I get too much SPAM!!!
It came upon me that there is a SIMPLE SOLUTION to the 180 or so e-mails I receive every day and have to spend several hours
determining which are important and which ones are junk. This is a PERFECT SOLUTION with NO WORKAROUND BY SPAMMERS
This is an invasion of privacy and I have the solution that provides pretty good privacy: it is to include a KEY ACCESS ALPHA-NUMERIC (includes HEXADECIMAL CODE) NUMBER within the E-mail as shown below:
My proposal, THE NEILL SOLUTION, would solve ALL SPAM problems.
As "Bill Neill" billneill#123BFD456@google.com another example
is "Bill Neill" billneill#Family124@google.com where the #123BFD456 or #Family124 is an alpha-numeric (or hexadecimal) number or word THAT IS assigned BY ME and can be changed at will BY ME, and is known as the ALPHA-NUMERIC NUMBER CODE (ANC) KEY.
ANC KEY is the BEST SOLUTION by far. If you send an e-mail to me with the wrong ANC KEY (#123BFD456) OR (#Family124) your e-mail will not be received in my INBOX/Sub Box, but will go to a PENDING BOX that would allow me to read it, if I think it is possibly important and then respond with the current E-mail ANC KEY for further communications. This effectively expands
my existing e-mail box into several sub boxes or none at all, if I
should so choose not to use it.
ANC KEY SOLUTION is preferred over much more complicated attempts to solve the problem because it is simple, easy to program, it is in control of the user, it costs nothing to implement, and is EXCLUSIONARY not INCLUSIONARY.
Attempts to exclude e-mail from a source exposes the test to all the computers in the world, but including the ANC KEY code expressly grants delivery access for this message.
In high security applications for the government and such, the ANC can be extended (made longer, so harder to pick, limited only by the 256 network limitation) and generated on the fly (using a random number generator) or made to follow a particular and predictable algorithm with more keys, and ultimately, we see that this approaches security similar to encryption and digital signature software that provides pretty good privacy.
Since I can change the ANC KEY whenever I want to, without changing my actual e-mail account (billneill@google.com), unlike attempts to invoke a blocked list or some other "list" of the "do not send to me" type, both of which are circumvented by relocating off shore, out of reach of the law or simply send a batch and vanish, by changing the source of the sender, will NEVER WORK in todays world. This is a world-wide problem that contaminates the web and slows transmission to a crawl.
With ANC KEYs, I am able to keep the SPAMMERS out of my IN BOX as below:
INBOXES
SENDER FILTER:
Bulk Box Mail here is filtered as to SENDERS being known as a spammer to the server.
RECEIVER FILTERS:
Private Box: Mail here is filtered as to my selected private ANC KEY, #34C56, or #private69
Business Box: Mail here is filtered as to my selected business ANC KEY, #4444D, #office34
Family Box: Mail here is filtered as to my selected family HEX NUMBER KEY, #1A937, #family22
Public Box: Mail here is filtered as to my selected public ANC KEY, #9FF999. It comes from my answering a public question requiring the entry of an E-mail account for verification or access.
Pending Box: Mail here is not filtered using any ANC KEY or using a KEY of #? or * where the question mark signals to allow ANY OLD, OBSOLETE KEYS AND SO ON, to gain access and is the same as a person sending with NO NUMBER KEY( # ) AT ALL.
Bounce the Message:
NONE OF THE ABOVE: BOUNCE THE MESSAGE, have a nice day SPAMMERS. Notice that no E-mail address is in fact changed from what it is today, just add an account maintenance page to allow selection of the ANC (alpha-numeric) KEYS, and allow me to change them when needed to make the SPAM m
Scott Richter: A "Good" Spammer? (Score:5, Interesting)
Let's face it, he's willing to explain his motivations and disclose his tactics. Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living. Even if we don't like what he does, at least he's willing to help us attempt to understand the problem. If anybody proposes an anti-spam system, he'll at least do us the favor of pointing out how it's not going to work before we waste our time on it.
The first step to getting rid of spam (Score:5, Interesting)
Re:I dont think you can eliminate spam (Score:1, Interesting)
Fuck spammers, id say they're worse than terrorists. At least if a terrorist does something to you you're dead, but with a spammer you survive and have to relive the event each day when you check your email
Re:The first step to getting rid of spam (Score:5, Interesting)
The key is that unlike other states, Florida has no value limit on what you can claim has your "homestead" [lawoffice.com] when you are claiming bankruptcy. That is to say, you could own a multi-million dollar home and have billions in unpaid debt. You won't be able to own much else in your own name, but you can keep your homestead. With only a few exceptions, creditors simply can't force you to sell your homestead in that state.
That's why spammers live in Florida. Pass all the civil liabity laws you want... you can't touch anything they have. You have to make spamming a crime in order for them to be worried.
Next time (Score:5, Interesting)
Then put up forms that can be printed out ala "wanted poster" style and have volunteers post the wanted posters all over the spammers' towns.
Expose them and run them out of where they live. Make their lives as hard as they make ours.
Making it expensive for spammers (Score:5, Interesting)
And the kicker is that HTML doesn't allow you to obfuscate an URL. The best you can do is character codes but that's one to one so not effective.
What I do is harvest URLs from spams and then add them to the rule file for my mail server. It's a mostly automated process to avoid accidently filtering out non spam domains like w3c.org or yahoo or whatever that occasionally end up in spam e-mails along with real spam domains.
You can click the link on my sig and then there's a link from there to see the current rule file my server uses. Since I added in web-mail with spam reporting, this is going to be even easier since spams will have a unique subject line and a to address that has no legitimate uses.
Instead of trying to sort out which e-mails to my real addresses were spam or not, I just log in, report them and then it's a simple sort by to address to find all the spam to filter links out of. There's probably around a thousand filtered domains which equals several thousand dollars worth of domains.
If you're worried about people snooping around on your connection, OpenSSL is comming soon for web-access.
If you have a fully TLS enabled e-mail client you can do secure POP3 and SMTP already. Thunderbird has TLS capabilities for SMTP but not POP3 for some reason. Pegasus Mail is fully compatible. Apparently there's no clear standard as to whether the client should just use the standard 110,25 ports with encyption (what my server supports) or use alternate ports. Thunderbird is quite convinced you absolutely must use a fixed alternate port for POP3.
For most people, it'll probably end up that the web access is the most secure way to use Indie-Mail.
Ben
Re:How to avoid spam. (Score:3, Interesting)
Must remember to check and see if I've won that 53-inch HDTV yet. I wonder if I can take it with me on my 1st-prize Mediterranean cruise....
I am going to sue spammers (Score:2, Interesting)
Our plan is to sue those companies which are pitching products that will make them more amenable to suit in California, and that may have some assets to go after. I am thinking the companies that are pitching mortgage loans ("Mor|tgage rates tumble - Refinance today ozg w9l") and insurance are prime targets. I realize, of course, that these companies may not be sending out the spam themselves, but I really don't care. If these companies are marketing themselves so irresponsibly, they are just as culpable as if they were pressing the "send" button. Through the discovery process, I certainly do plan on finding out who is pressing the "send" button.
Not being an uber-geek, but only a humble lawyer, this is the role I can play. And I must express my appreciation to /.ers who have inspired me. I plan on keeping a Slashdot journal of the process.
Re:Scott Richter: A "Good" Spammer? (Score:2, Interesting)
http://www.vircom.com/Products/Modus3/Whitepape
Anne M.
Suggestions (Score:2, Interesting)
* don't have any email addresses [or as few as possible], so that it is easy to reject spam
* list their credit card info & banking info, if possible
* list their phone numbers if possible
* list their fax numbers if possible
* make the whole thing searchable, in case somebody wants to verify whether or not a particular person is a spammer
DOS the SPAM urls. (Score:1, Interesting)