Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

TrustE Launches Trusted Spammer Program 489

Posted by michael from the trustno1 dept.
Silverhammer writes: "InfoWorld is reporting that such luminaries as TRUSTe, ePrivacy Group, MSN, and DoubleClick are getting together to develop a "trusted senders" program to certify "commercial email" and "elevate" it above ISPs' and end users' spam filters. Why, you ask? Because they believe it's actually our fear of fraud that's hurting their response rates. Apparently all that stuff about invasion of privacy and theft of resources is just a big misunderstanding..." The Infoworld story linked above has the best information about this seal program, but CNet has another story including a quote forecasting 1400 pieces of spam per person per day in five years. Update: 01/31 17:02 GMT by M : The FTC is announcing a crackdown on spam.
This discussion has been archived. No new comments can be posted.

TrustE Launches Trusted Spammer Program More

TrustE Launches Trusted Spammer Program

Comments Filter:

  • Absolutely! (Score:4, Funny)

    by Anonymous Coward on Thursday January 31, 2002 @12:37PM (#2931104)
    Because they believe it's actually our fear of fraud that's hurting their response rates.

    When I found out Sally and her dorm full of debutants weren't posing just for me, I felt hurt and angry!!

  • Makes it easy to filter now (Score:5, Insightful)

    by Phoex ( 412808 ) on Thursday January 31, 2002 @12:38PM (#2931106)
    All we have to do is filter any e-mail with this "Trusted Sender" Seal and cut them out.

    • Re:Makes it easy to filter now (Score:4, Insightful)

      by MoxCamel ( 20484 ) on Thursday January 31, 2002 @01:51PM (#2931630)
      ...until MS incorporates "Trusted Sender" seals into Exchange. Pretty soon, everyone running an Exchange server has a seal. Makes filtering on the seal pretty worthless then, unless you don't mind throwing out the baby with the bathwater.

      As for effectiveness? Look at how many sheisters out there get "trusted" SSL certificates. All these seals are going to prove is that a real live person went through the trouble of designing some company letterhead in Word, and faxed it to Truste.
  • Question how can any spam be trusted? OK so the ISPs will allow these ips to get through? If so all the spammers have to do is forge some headers and we are now getting supposedly "legit spam"? I see something majorly wrong with this. I dont think we should make any exceptions for anyone. Spam is Spam.

    • Re:Trusted Spam? (Score:4, Informative)

      by fliplap ( 113705 ) on Thursday January 31, 2002 @12:44PM (#2931163) Homepage Journal
      My guess is they will do this using signed certificates. Kind of how https works, so certificates must match the server they are being sent from. I've wondered for years why this sort of thing isn't required, to make spammers ID spam w/ an advertisement ID, so we could choose to block advertisements.

      Personally what I do is setup a seperate address for all my mailing list mail, and then dump everything with the word "remove" into the trash for my personal mail address. Of course i still glance at the trash, just to make sure.

    • Re:Trusted Spam? (Score:5, Interesting)

      by Frater 219 ( 1455 ) on Thursday January 31, 2002 @01:07PM (#2931344) Journal
      Question how can any spam be trusted?

      How can any thief be trusted? How can any vandal be trusted?

      Spam is theft. Never forget that. Sending email to someone requires the use of resources which that person legitimately owns or controls, and you do not. Therefore, if you are habitually sending email to people who do not want it, you are appropriating resources to which you have no right. That's stealing.

      It doesn't matter if the commercial offers made in a spam message are themselves legitimate or if they are fraudulent. A legitimate advertisement wrapped around a brick and thrown through my window is just as offensive to my rights as a fraudulent advertisement delivered in the same way.

      Opposing spam is not about opposing commerce, or "commercialization of the Net", or the free market. It is about defending private property from trespass and theft -- and defending a useful service (the email facility) from its ruination. For if spamming is "legitimized" by crooks such as these, the email facility as we know it is not long for this world.

  • TrustE (Score:4, Insightful)

    by Sarcazmo ( 555312 ) on Thursday January 31, 2002 @12:40PM (#2931132)
    I noticed that TrustE seems kind of spam friendly. I mean they don't require sites to have any sort of standards, they just require that they have the policies in place, and that they use them. What the policies actually are, is up to the company.

    TrustE is just a shill, a fraud like the BBB, a company that makes money by getting businesses to join, and defrauding the public into thinking they have any real oversight power at all.

    • Absolutly right on (Score:4, Interesting)

      by Nf1nk ( 443791 ) <nf1nk.yahoo@com> on Thursday January 31, 2002 @12:54PM (#2931253) Homepage
      I do web development and we had a customer state intrest in becoming a TrustE member

      It has fewer requirements than being BBB member.

      1. First a Privacy statement (use your own or cut and paste one of ours)
      2. send a check (for more than you would think)
      3. Place "Trusted Site" Seal on your page (with a link back to them)

      It just makes me wish I had thought of it first, but at no point did they ever say thatwere not suppossed to send out reams of e-mail to the unwary.

    • I mean they don't require sites to have any sort of standards, they just require that they have the policies in place,

      Most likely "in place" equates to publishing some. Rather than actually following some policies...

    • Re:TrustE (Score:3, Informative)

      by MrResistor ( 120588 )
      The BBB seems like a fraud, but it's actually a fairly effective agency (at least it is in CA). I don't know what the penalties are, but every time my wife has filed a complaint she has had someone in upper management kissing her ass within 2 business days, practically falling over themselves to make her happy.

  • Truste is Irrelevant (Score:5, Insightful)

    by Ars-Fartsica ( 166957 ) on Thursday January 31, 2002 @12:42PM (#2931141)
    This group could have taken a commanding role in privacy and users rights issues long ago, but instead it simply turned out to be a corporate mouthpiece.

    Take a look at what it means for a site to be "Truste compliant" and you'll quickly see how worthless Truste is. To summarise - they don't care what your policy is as long as you state it publically. Well golly, I feel better already.

    • Re:Truste is Irrelevant (Score:5, Informative)

      by CaptainSuperBoy ( 17170 ) on Thursday January 31, 2002 @01:29PM (#2931486) Homepage Journal
      This is completely correct. TrustE will certify that you have a privacy policy, that's about it. When RealNetworks spammed their users repeatedly, anti-spam groups reported to TrustE that Real was violating their own privacy policy. TrustE should have revoked Real's membership, but they did nothing.

      Also, what does spam have to do with privacy? TrustE mostly concerns themselves with how companies use your information - but spammers don't have any information about you, only an e-mail address they harvested or bought!

  • Fight the power? (Score:2, Offtopic)

    by Em Emalb ( 452530 )
    How hard would it be to forward this entire posting to these people to give them an idea of what we think of spam in any form?

    Granted it probably won't do much, but rather than just grip about it, maybe if they saw a large chunk of the internet loving community opposed to this, they would...ah hell, nevermind, they are spammers. They don't care. For a moment I thought they might see reason, then I woke up.

  • A rose by any other name is still a rose ... (Score:3, Insightful)

    by Buran ( 150348 ) on Thursday January 31, 2002 @12:43PM (#2931150)
    I've just had to, within the past month, give up my 'freemail' account that I'd used for mailing lists and signing up for web sites because it's now little more than a spam bucket, and I was always careful to never check those "receive offer" boxes. It's now just full of spam from Taiwan and China and the like along with the typical get-rich-quick, debt relief, Viagra, and sex site ads. A friend who runs a server network was kind enough to give me a real POP3 box instead of the simple forwarding most of his other users get.

    I keep the address strictly confidential, just like my 'real' address that only gets a very small amount of spam per week. It's for a few mailing lists that I trust and are privately owned and run; I know who to yell at if I get spam on that address.

    Whether or not a piece of spam is "trusted" by some other organization is not going to change my opinion of whether or not I want to buy anything. I don't. There are specific entities and individuals that I wish to receive mail from, and then there is the simple fact that I don't want to have ads thrown at me in email, too. Web ads (I block those and am not ashamed of it), TV ads (I watch a lot of PBS; great 'geek' programming and few ads) are enough, thank you.

    They don't get the point. Or if they do get the point, they just don't care. I do not want spam. Period. All the sleazy spammers have ruined it completely for the good companies that try to do it responsibly (opt-in, genuine list removals, ADV: subject tagging, etc.) but you know what?

    Tough.

  • Oh Goody Goody. (Score:2, Interesting)

    by Animol ( 120579 )
    See, I just didn't have enough things to do with the computer when I got online. I found myself feeling isolated, unrecognized, and downright bored. I'm just relieved to know that somebody knows more about me than they should, and that they can target not just the occasional pop-up web ad to me, but hundreds - nay, thousands of e-mails inviting me to partake of their oh-so-wonderful business opportunities.
    Seriously, people, this could be a good idea potentially, if a few things were true:
    1. It decreased the amount of "non-certified" spam, just because almost anything that decreases spam is a good thing.
    2. You had an option to block the "certified" spam in addition. I wouldn't mind a few extra seconds of effort if I could take care of the whole group of approved spammers all at once.
    3. If they agree to only "approve" non-porn spammers. I have the distinct disadvantage of being an AOL member, and my god, I tire quickly of the same "incest-with-beasts-vegetables-and-more" crap. It's not even funny anymore.
    But, since I don't see any of those things happening, once more we find ourselves at the mercy of the big businesses who obviously know what's best for us.
  • TrustE should just make membership in this program opt-out instead of opt-in.
  • They must figure that we trust MSN and DoubleClick so much that it makes sense to leverage that trust onto other dubious entities.

    Well, normally I would be skeptical of this mortgage consolidation plan, but because DoubleClick says it's OK...

  • Does this make sense? I think that once everyone's mailboxes get saturated with x emails, they'll stop reading them. Lets say I'm a normal computer user and I get 3 pieces of spam a day. I might not understand the concept of spam, read those emails, and buy something. However, if I'm a normal computer user and I get 1400 emails a day, I'll probably ask my friends to start calling me on the phone again.

    My point is, I don't think it is a monotonic increasing graph of spam versus time, because at some point the spam will be so overwhelming to their target that the person will just ignore all of them instead of looking at the few that they currently get.

    Perhaps we should start password protecting our inboxes in that to send me an email you have to supply a password.
    • 1400 pieces of spam per day in 5 years makes sense to me. So far we're mainly getting spam from "illegitimate" sources. I get about 10-15 spams from the Herbal Viagras and Penis Enlargement and Mortgage Refinance guys, and 1-2 per week from so-called legitimate sources (mostly using pm0.net and similar. Awful company, that.)

      Soon enough more legitimate companies will stop worrying about the negative impact of mass opt-out mailings - that's when we'll _really_ see the impact of spam.
    • it doesn't say "per person", michael just added that himself, either way you look at it the quote is stupid. If they are saying 1400 per day for the entire internet then surely they are saying that spam is going to be almost stamped out by 2006. If they are saying 1400 per day per person then email simply will not be a viable communication mechanism by 2006. If Stefanie Olsen (the C-Net staff writer responsible for this) was to learn how to use a url [jmm.com] we could have some idea where the hell she got this mythical number from. Alternatively someone over at C-Net could proof read her articles and tell her she is smoking crack.

  • Oh come on! (Score:2, Offtopic)

    by SirSlud ( 67381 )
    > Because they believe it's actually our fear of fraud that's hurting their response rates.

    I know this is flame bait, but in most first-degree murders and sexual abuse (or at least sexual abuse ) cases, the victim knew and trusted the perpetrator ...
    • And in most sexual assault, sexual harrasment and rape cases, the defense will somehow try to convince the jury/judge that, despite all evidence to the contrary, the victim actually asked for it. Think about that when you hear a variation on the theme "Customers actually want unsolicited commercial email."

    • but in most first-degree murders and sexual abuse (or at least sexual abuse ) cases, the victim knew and trusted the perpetrator

      This is more like a marauding band of vikings that you had thought long dead razing your town

  • Timely, I think it should be adopted. (Score:3, Interesting)

    by Nijika ( 525558 ) on Thursday January 31, 2002 @12:45PM (#2931167) Homepage Journal
    Good idea. I've thought for a long time that the solution to spam isn't to block offenders (who, like the wind, change constantly) but to authenticate legit users. Like in ICQ, you can set it to request your auth before someone messages you. How much spam DON'T you get if you turn that feature on? In a perfect world a real user would request your e-mail auth by e-mailing you first. Your e-mail client would take care of the back end, and you would have the option of ALLOWING messages rather than disallowing.

    It's proactive.

    • there is filtering software that does that already (can't remember the name off top of my head and I'm not at my PC)

      it sends an email to the From and if it get's no response mail goes into the suspicious folder.

      I do a similar thing myself, all mail from trusted people / lists hits the filters so that anything that actually makes it into my Inbox folder is considered low priority. I also run my own implementation of x-faces so that it only shows the ident's of mail NOT in my Inbox folder.

      It's written in php actually and it scans my local IMAP server for mail I want to see, I just have a browser window with no menus etc. meta-refreshing once every 3 minutes, it's pretty sweet and means I can assign jpg images to associate with my friends. Looking at the pictograms is much quicker than having to read the From header.

      If something interesting shows up I raise my email client (sylpheed btw) and take a look.

      So apart from the bandwidth Spam doesn't bother me, and I'm on DSL so it's not like I notice a few k of shitty HTML email go past!
    • I've thought for a long time that the solution to spam isn't to block offenders (who, like the wind, change constantly) but to authenticate legit users.

      I've thought for a long time that the solution to spam is not to make it illegal (since much of the spam is cross-border) but rather to make "he spammed me" a legitimate defense against a murder charge.

  • What amazes me (Score:2, Insightful)

    by Anonymous Coward
    Is that spam must be working on some level. If it didnt' payoff in someway they'd give up sending it. So, somewhere, somehow, somebody sees, "Get a FREE collage diploma NOW!" in thier INBOX and says to themselves, Gee - thats just what I needed.
    mindboggling

    • maybe not (Score:3, Insightful)

      by clarkie.mg ( 216696 )
      It doesn't need to work to attract spammers. It just needs to make new people hope it will work. When the disappointed spammer just leaves, there only needs to be another one hoping to make cash.

      That's how most scams work, just getting more people in than out.
    • Is that spam must be working on some level. If it didnt' payoff in someway they'd give up sending it.

      Nope. There is no doubt in my mind that spam doesn't work AT ALL. I have not read one single account where spamming worked - AT ALL (the reports I've read of companies that did it all said that positive response was 0, and complaints were huge.)

      Here's what's probably happening:

      Newbie/corp X receives hundreds of spams per month - they think "hey, this must work - look how many spams I get"

      So they contact SpamHauseX to get thier own address list, and spam with it.

      Newbie/corp Y receives one of Newbie/corp X's spams (along with the hundreds of other spams they receive in a month) and assume "hey, this must work, ..."

      Lather, rinse, repeat.
      • There are also a lot of legitmate bussness who 'spam' as well, and there's the targeted, high-production value HTML stuff thats' even more annoying.

        Anyway, here are a bunch of testamoinals [ncimarketing.com] on NCI's site. Their clients are making money, or so they say. You may never heard of someone making money spamming, but maybe you havn't looked very far. These guys may claim to have a privacy policy, but I never signed up for crap from them, and they never removed me either...
  • [The Truste seal] will signal that the e-mail is from a company that has agreed to guidelines based on fair information practice principles, Schiavone said.

    This is great! Now all I have to do is put a line in my Mail::Audit [simon-cozens.org] filter to look for that seal and automatically ditch any mail that contains it. Or better yet, send a reject notice to the "trusted" sender saying that I didn't ask for it, I don't want it, and if they don't want to be sued for wasting my bandwidth, they'd better not send it to me any more.
  • Our approach is to rise above the traditional reactive e-mail filters and identify the good (e-mails) so they can be elevated," Schiavone said. "It benefits everybody along the e-mail chain. Senders agree to abide by the privacy principles independently verified by Truste. They have agreed to make themselves accountable to consumers."

    It benefits everyone except for whoever didn't solicit the email. The only good thing is that the end user will be able to filter it a bit easier than normal spam, but it is still spam nonetheless, a digital signature doesn't change that.

    Since they are being so "helpful" with the digital signature, why not also include a helpful link like "click here to sue this spammer for unsolicited email". Then they would offer you free legal counsel, and immediately settle out of court with you for some unmentioned amount. Sounds good to me.

    Another thought, since this is now being done at the ISP level, if you are in a state that supports anti-spam laws, are you able to use your ISP too?

  • This will make spam filtering *much* easier -- at least some of it.
  • Targetting is the problem.

    I get all sorts of email advertising bachelors degrees from "prestigious non-accredited universities" -- no use to me since I already have a *real* degree -- offers for credit cards and mortgages which are only available in the US -- I'm a Canadian -- and all sorts of other untargetted spam.

    Anyone with minimal competance could do some basic filtering -- a .ca email address isn't likely to belong to a US resident, for example -- and I'm sure that these "privacy infringing" companies know about my university degree.

    I don't really mind getting unsolicited commercial email. It's when I get email which is very obviously of no value to me that I get annoyed.
  • When the consumer clicks on the seal, they are connected to the Trusted Sender computer, which verifies the digital signature.
    I'm sure no more people would have difficulty confusing real and forged seals than, say, have difficulty confusing whitehouse.gov with whitehouse.com, or knowing when it's safe to open an attachment in Outlook.-|

    Hypothetically, I like the theory of a trusted opt-out list. What's the difference between theory and practice? In theory, nothing....

  • Spam is spam (Score:2, Interesting)

    by Polaris ( 9232 )
    The definition of spam is unsolicited bulk email. If I didn't request it, it's spam. I don't care about verifiable senders, guaranteed content, or genuine remove methods: I JUST DON'T WANT IT AT ALL.
  • We can all add the TrustE seal to procmailrc and a whole chunk of conveniently labelled spam would go away. Now if only I could get the postman to deliver all the junk mail into a different letter box too (a round one outside)
  • SHUT UP!!

    Bloody Vikings...

    /* Steve */

  • Oxymoron (Score:5, Insightful)

    by Restil ( 31903 ) on Thursday January 31, 2002 @12:54PM (#2931245) Homepage
    "Trusted Spammer" is an oxymoron.

    The only spammer I would trust is a spammer that would never send me spam because I never intentionally informed said spammer than I wanted to receive email from him, in which case, it wouldn't be spam.

    Damn... I think I just logically determined that spammers serve no useful purpose in this world.

    What do you think?

    -Restil

  • How to fix spam (Score:3, Insightful)

    by Alomex ( 148003 ) on Thursday January 31, 2002 @12:55PM (#2931255) Homepage
    The problem with spam is that is mostly useless. If spammers refined their targeting strategies users would not complain.

    A golfer would never consider a cool catalogue with the latest golf toys spam. A hacker would welcome the latest diff of O'Reilly titles.

    Instead we get this useless pieces of mail asking to join in some Ponzi scheme, send a penny to Craig, copy DVD movies, and Viagra for St. Valentine day (I'm not making this up).

    Ditto for pop-ups, pop-unders and banner ads. The ad-executives seem to think "if only people looked at my ad, we would have great sales".

    Sorry but no cigar. Pop-ups/unders advertise mostly useless products and even if we were submitted 24/7 --a la clockwork orange-- to the ads we would still not buy a stupid X whatever video camera.

    • Re:How to fix spam (Score:3, Insightful)

      by J'raxis ( 248192 )
      A golfer would never consider a cool catalogue with the latest golf toys spam.
      I certainly would consider that spam if it was sent to me without having signed up for it. And it was 50K. And HTML/MIME mail. And sent several times. And had a fake return address, different ones each time. And relayed through *.cn or *.kr. And had random garbage appended to the subject to (try to) make it slip through filters.

      • Re:How to fix spam (Score:3, Insightful)

        by Sycraft-fu ( 314770 )
        What he's talking about is NOT doing that. No fake returns, easy unsubscribe mechinism, interesting content. For example, I'm an IEEE member. I never asked ot be on their mailing list, or perhaps I simply forget to tell them not to put me on it. Whatever the case, I get e-mailings form all the societies I'm a member of about once a month. They are easy to unsubscribe, but I haven't bothered. Why? The content interests me enough that I read it.

        What he's getting at is the fact that most online popup ads/spam are for bullshit. The reason they get no sales is because their product sucks, and noone cares. It's funny, but I don't seem to mind ads in teh newspaper nearly as much. They take up a lot of space, 50% or more of the paper, but they really don't bother me. Even more interesting is that I find myself reading them invoulantarly. One will catch my eye and I'll read it. The ads are effective because they are marketing things I actually might want (like pizza, books, sofrate and so on) and are doing it in a direct fashing (ie not slap the monkey and win).

    • Re:How to fix spam (Score:2, Insightful)

      by Chetmurray ( 216997 )
      I disagree.

      There is not one golf store. If you said, okay anyone who wants to send me info on golf, go ahead. You would get 100 golf stores, emailing you weekly. Would you like that? The Internet is not your local mall, before you agree to something or think it is a good idea, think of it on a big scale. Your simple answer does not scale, spam means unsolicited, so you don't control all these friendly golf companies sending you their tips, their hot items, their penis growth forumlas.

      That is the problem with all legislation so far. It does not look at the Internet and see its true scale and global reach.

      Chet

      -California residents, vote against spam, vote against the spammer bill jones.
    • I'd have to agree about the targeting. When I go to any number of websites and get X10 ads or any number of other annoying ads, it's annoying. When banner ads are targeted (hey, slashdot is doing *something* right) they're tolerable. I occasionally click on ads here, since they're all invariably geeky.

    • Re:How to fix spam (Score:2, Insightful)

      by Dr. Bent ( 533421 )

      In order to collect the information necessary to do that, you would have to invade people's privacy on a grand scale.

      Imagine getting tons of porn spam becuase all the marketing companies know you like pr0n...and that information is available to anyone who wants to buy it.

      The less that marketing companies know about me, the better. Even if it means I have to wade through lots of pointless popups.
      • In order to collect the information necessary to do that, you would have to invade people's privacy on a grand scale.

        You talk about it as if it was something that has yet to happen. In fact today I can open a "business", pick up the phone and buy your purchase patterns from a credit card company, Price Club, your magazine subscription list or air miles reward programs.

        Personally I think this is bad, but this does not make it any less true.
    • The problem with spam is that is mostly useless. If spammers refined their targeting strategies users would not complain.


      Yes, but...

      "Refined" targeting would need to include things like other offers I've received, both from the spammer, and from other spammers. I don't care if you can give me a 6.75% loan if someone else can give me 6.25%. That level of refinement seems unlikely in the extreme.

      Consider the spammers point of view on targeting. 100,000 Spams cost less than a dollar to email. If he's sending 10,000,000 emails, that's less than $100. Now imagine that there was a way to remove 99% of the list that just took a few hours of his time.
      Savings: $99
      Cost: a few hours.
      Hmm... Doesn't sound like a good idea to me, but maybe spammers value their time at under $30 an hour.

      Spam/users is a predator/prey relationship.
      The fox does not care how the rabbit feels about the hunt.
      Spammers do not care what their spam cost you.
  • ... CrazyBrett Industries announced today that it will be creating an "Untrusted Spammer" designation, which will aid ISPs and users in filtering out unwanted mail from clueless companies. Topping the list is TRUSTe Corporation.

    Imagine that.
  • Would you open on any SPAM that has a link in it? I would not. There are spams that contain bugs. They generate a unique link (based on target address) so that when you open the SPAM in html, it will made a request back to their server indicating that the email address is valid.


    The only trusted spam that I could think of is a SPAM service. The spammer sends the service the SPAM text, then the service will email them out, after being processed by a removal list. The spammer could not get the service's remove list, because the service is sending out the spam, not the SPAMMER.

  • While I have personally decided as a general rule not to purchase anything from an unsolicited email, so far I have not had anything appear in my box worth buying. It seems that the shady image of spam means that only the most desperate of businesses will use it. So far the only things being marketed to me are:
    • Porn
    • Herbal sex-enhancers
    • Herbal marijuana replacements
    • Viagra
    • Get out of debt now!
    • Cell phone service in Italy and Korea
    • Copy DVDs to CDs! (Sounds like someone trying to sell DeCSS+DivX)
    • Laser Printer Toner
    • Stock in suspicious-looking companies
    With the exception of the cell phones and the toner, all the rest of these products look like stuff out of the back of the Weekly World News. Will I be seeing ads for Tide and Captain Crunch in my mailbox someday?
  • Really! Just wait until they get all this fancy stuff in place and allow users to legitamately "opt-out" using their systems and behold, everyone will! Their mailing lists will dwindle down to nothing forcing them all into bankruptcy, once and for all proving that Spam mail is not profitable if you have to be held accountable for your actions.
  • First off, spammers can bite my ass. I've implemented everything I can to protect my users and I still get complaints. It's getting ridiculous. Frankly, any program that tries to codify, organize, or control spam, short of snailmail bombs or law, is doomed to fail. How are we supposed to trust people that lie to us in the first place by setting fake headers in the email? Fsck spam.

  • Telemarketer tarpit. (Score:5, Funny)

    by Restil ( 31903 ) on Thursday January 31, 2002 @01:09PM (#2931356) Homepage
    This is an idea I'm working on to help reduce telemarking calls.

    I'm envisioning a simple device that sits on your phone line. When a telemarketer calls you, as soon as you realize its a telemarketer, you activate the unit and hang up. The device takes
    over after that.

    While the telemarketer is talking, the device will play back every few seconds any of about 20 different small murmers "hmmm" "uh huh" "yeah" "interesting" etc. Then when the telemarketer stops talking, the device will detect the drop in audio and will play back one of several segue phrases "That sounds very interesting, could you tell me more" "Are you offering any other services?" "How much does all of this cost?" "Could you go over all that again so I can take notes?" "I've been interested in this very thing, but I need to make sure its safe. Could you tell me all the safety standards you stand to?" "Could you hold on for a couple minutes, I have something on the stove. DON'T LEAVE!" And so on.

    Telemarketers are mostly script readers. The idea will to be to ask vague questions that will cause them to find the most appropriate script. And just keep them going for a LONG time. When the phone line finally goes dead, the device will hang up automatically. Maybe keep track of the longest call. Maybe record them too. The possibilities are endless!

    This device probably wouldn't cost more than $20 to manufacture and is the perfect way to keep telemarketers busy when they call you at dinner. Not only will you be able to eat with a smug grin on your face, any other incoming calls will be blocked by the lively conversation. You'll be assured of a meal in peace.

    -Restil
    • Unfortunately this doesn't hurt the people responsible, just the people being paid very little to make the phone calls (now there's a fun job NOT). Rather like those idiots who think its fun to put lots of staples in their tax returns etc. That has absolutely no effect on anyone who can make any difference and just causes problems for the minimum wage workers who have to open the damm things. If you're going to take action make sure the action is impacting those who you want to impact.
      • If people work as telemarketers, they're contributing to the problem. They don't HAVE to be telemarketers. And if they're getting paid minimum wage anyways, what do they care if they get stuck on a phone call for years. If they work on commission, then by getting a severe cut in pay they might start thinking that telemarketing isn't a worthwhile profession. If nobody is there to man the phones, that solves the problem.

        And remember, going after the top will affect the "lowly" telemarkters at the bottom too. I'm not really all that concerned about making life difficult for those who intentionally join a profession that by its very nature annoys people. And telemarketers KNOW that they annoy people. If they don't know that going into the job, they'll figure it out in the first hour. They might be able to make some good money at it. Great. But in that profession it comes with a price. That price is sometimes they're going to piss people off and those people might choose to take out their anger in creative, yet harmless ways.

        And you're right about saying that putting stables in tax returns is stupid. Not because it annoys the workers at the other end, but because the IRS is an organization you don't really want to piss off. I don't have the same concern for telemarketing organizations.

        -Restil

      • so? (Score:4, Insightful)

        by hawk ( 1151 ) <hawk@eyry.org> on Thursday January 31, 2002 @01:33PM (#2931523) Journal
        That it's the only job they can get doesn't justify telemarketing any more than it justifies prostitution, contract hits, or crack dealing.


        If it ties them up longer, it makes the returns from telemarketing lower, making it a less desirable activity for the marketer.


        It should be a criminal offense to make a solicitation from a phone line that does not in some way identify the call as such--so that the victims can avoid having the phone ring in the first place.


        hawk

      • Unfortunately this doesn't hurt the people responsible, just the people being paid very little to make the phone calls

        Ahh, but it does. You see they are paying for the call, generally long distance. They are also paying a telemarketer (minimum wage), who isn't making a sale, so they have to hire more wage slaves. And because you are taking away a commision in a undetectable way, wage slaves earn less, so they demand more in the wage to make up for the commission loss.

        At church they always teach us to do onto others as you would want them to do to you. I wouldn't want someone to call me on my private phone, so I don't take a job calling people on their phone. Seems the wage slaves deserve whatever they get, and they should find a more productive job. (yes they exist, and creative people can create jobs)


      • > Unfortunately this doesn't hurt the people responsible, just the people being paid very little to make thephone calls

        Probably it does: cheap labor may be their biggest expense. If you've noticed, they all switched over to mass-dialing systems about a year ago, so now when you pick up the phone you immediately know it's a telemarketer because there is a 4-second pause while their war-dialer says "hey, a sucker anwsered" and tries to find a free human operator to connect you to.

        I've started doing essentially what Restil suggests -- as soon as the operator makes the required introduction, I say "hang on a second" and put the phone down on my desk as quietly as I can.

        If they waste my time, I don't feel the least bit guilty about wasting theirs. Hopefully they'll decide that I'm too expensive for them to waste their time on.

    • I used to hang up on telemarketers immediately.

      Now, I let them go through their speil.
      It's sort of a random act of kindness thing: time spent talking to me is time they can't spend harassing my neighbors.

      If everyone did this, it would raise their costs significantly.
    • Contact me when you need a beta tester. :) I've considered a similar idea where you play back a sales pitch from a different telemarketer, but this has more possibilities for fun.

      There's already a device you can put on your phone line that, when activated, recites the relevant sections of the laws governing telemarketing. And our local phone company (Qwest) says it provides a similar service which, according to their TV ads, identifies telemarketers and recites a message along the lines of, "This number does not accept messages from solicitors. Please hang up now." I haven't checked into it yet.

    • Re:Telemarketer tarpit. (Score:4, Funny)

      by mikeee ( 137160 ) on Thursday January 31, 2002 @02:19PM (#2931860)
      Personally, I like to ask the telemarketers if they've been Saved by Jesus...

  • What everyone seems to be missing... (Score:3, Insightful)

    by jd ( 1658 ) <imipak@yahoGINSBERGo.com minus poet> on Thursday January 31, 2002 @01:12PM (#2931386) Homepage Journal
    Is that it would be very easy for that "trusted seal" to contain all sorts of nasties.


    If the "trusted seal" is, in fact, a hyperlink to an image, you get an instant list of all recipients and a good idea of their timezone. You also get their actual computer ID, not just the ID of the mail server that they use. Other information sent includes the browser/mail client ID, the OS used, and any other bits of information included in an HTTP request.


    Of course, if the connection goes via a .NET-enabled system, you also get their .NET id (if they have one), which can be used for comparisons. (eg: Is the personal name for the e-mail the same as that for their e-mail client and/or their passport account, which can then be used to cross-reference other database entries for that same person, to build up a better marketting picture.)


    There may be other controls in the e-mail, or the image, which can feed back other information. It's not as if the average Windows box is hyper-secure.


    I don't know if Outlook lets people slide controls into the subject line (say, via a buffer overflow), but if it does, you can also get the date and time the e-mail was delivered to the user, regardless of whether they opened it or not.


    If someone is detected as having .NET (see above), and their connection is not secured, then the server would have sufficient information to scan the victim^H^H^H^H^H^Huser's machine, say for keywords of interest, pirated software, etc.

  • At least for users with domains that are not run by large corporate entities. I have already been designing an email server which will allow each user to maintain lists of trusted email senders, define policies by which they will accept email from senders not on the list, etc. The basic idea is that the user would be able to control their receipt of email by the server. I am sure that better coders than I are already thinking along these lines, as well. As the volume of spam grows, it will be easy to get ISPs and self-managed domains to switch to this kind of email system. The only people who would be SOL (besides the spammers) are those using AOL, Hotmail and the like.

    Of course, this also inherently reduces the utility of email, because it will almost certainly result in the loss of mail we want, because human nature is to forget to add things in to filters like this.

    -jeff
  • Isn't it about time good ol' SMTP is put to rest?

    In an ideal mail system, it would work much like the current IM clients do. All email is digitally signed by the sender, and encoded using your public key. Each client has a filter list of signatures they will accept mail from ("friends"), a set of keywords they are interested in ("acceptable spam"), and a set of keywords they will never accept ("objectionable content"). Any message not signed and not encoded using a registered public key (you might have several) will be rejected.

    The reason for multiple public keys is you might post to a newsgroup saying you have some stuff for sale. You post a public key with it, specifically to receive things about that message. After a week, or when you've sold your goods, you unregister that key with your mail reader and you never see anything about it again. Spammers would otherwise troll for public keys and your email address. You'd probably give family and friends your 'trusted' public key. If it ever leaks out, you change your key and mail it to your friends, then disconnect your old one.

    I suppose this can all be implemented on top of SMTP, but giving servers the ability to reject mail and kill spam would be a big reduction in wasted bandwidth.

  • Email should work more like ICQ... (Score:4, Interesting)

    by NanoGator ( 522640 ) on Thursday January 31, 2002 @01:15PM (#2931401) Homepage Journal
    I don't rely on e-mail much anymore, just at work. I have Trillian to keep in touch with my friends. I like it because people have to get my authorization to see me on-line. Why can't email act like this? Heck, it'd only require a client really. It works like this:

    Somebody sends an email, it sits on the mailserver. The new mail client checks the from field of the address and attempts to match it up to its address book. If it finds it, the mail goes through. If not, then a mail is sent back saying "You are not authorized to send this mail. Would you like to acquire authorization? Then please send a message back with exacctly this in the Subject 'INSERT PASSWORD HERE'." (that part is an image like a .JPG file or a .GIF file, preventing spammers from writing a script to automatically seek authorization.) Then, once it's sent, I get a message on my mail client saying "So and so has requested authorization", alot like ICQ. If I authorize it, they're good to go. If I deny it, then I dont recieve any more messages from them.

    I'd get this client installed today if it were available. Right now I manually add filters to put people I really want to hear from in a different folder. Everything else sits out in the inbox until I do a cleansing. I'm starting to see patterns in what I'm getting too. I think I'm going to filter the words diploma, enlarge, and celebrity.
    • Despite the comments from the nay-sayers, I have seen this system in action and it seems to work just fine.

      The system held incoming email from a new correspondent for 24 hours until they emailed back a randomly generated password that was sent to them.

      Even just stopping here would be enough to remove 99% of spam because almost all return addresses are forged.

      To go further and encode the password in a picture file would stop almost all automated systems you could make, and a few little tweaks (using a striped background) that you changed every few months would keep them from using OCR.

      And finally, who gets enough email from new people every day that the fraction of a second to encode a .GIF (or .PNG if you wish) file and email it is going to add up to more than a few seconds? It might inconvenience the emailer and if for example you applied for a job with that email address it might be a bad thing, but you could always either tell it to let anything from a certain domain through beforehand.
    • It is called TMDA and it is available at tmda.sourceforge.net
  • For giving me a set of strings to filter out more spam. Sure is nice of you. I've been blocking doubleclick spam for over a year for my users. I'm getting ready to launch 3 proxy options to my customers. 1 will be a basic caching proxy to speed up web browsing. The 2nd will have content filtering for our customers that are schools (or parents) that either must filter content to get eRate funding or parents that wish to create a profile for their young children that uses the proxy. The last proxy is a proxy that uses junkbuster to filter out shit like doubleclick.net.

  • Certified? (Score:2, Interesting)

    by Batou ( 532120 )
    Let me get this straight: These clowns are going to ensure the ads I receive for "Live Sex With Farm Animals" and penis pumps are legitimate? And according to their logic, the only reason I haven't leaped up to buy this crap in the past is because I was afraid of being defrauded? I don't know about you, but I'd have just LOVED to have been a fly on the wall when these marketing idiots came up with this.

    Sigh... Here's a clue to these morons: I, like I would assume all readers of this site (or anyone with an IQ over 40), do NOT buy stuff from spam. Whether you can guarantee me it came from a legitimate source or not is NOT THE POINT. How is this so freaking hard to understand? You are essentially forcing me to foot the cost for your advertising by costing me bandwidth and diskspace up front.

    If it weren't for procmail, I can't imagine how many of these freakin things I'd be receiving each day. When the new IT director for my company started receiving "Hot Underage Teen XXX" spam within days of instantiation of his account, we were prompted to come up with some filtering capabilities in a hurry. Through a series of scripts, I was able to not only bounce 99% of spam, but automagically forward it to Spamcop to let them take care of chasing down those open relays and shutting them down.
  • 25 of the 50 states now have No Call lists where telemarketers are severely penalized for calling anyone on the list. The federal government is deciding on the best way to do a nation-wide version.

    When do we get the No Email list?

  • Here in Norway, we've got this nice little thing called the marketing law (this is not an official translation, original text at the end):

    2b. Limitation in the use of certain communication methods

    It is forbidden in commerical use, without the recipient's prior consent, to direct marketing approaches to consumers by the use of telecommunications methods that allow individual communications, for example electronic mail, text messages to cellular phones, telefax or automated dialing systems (speechmachine).

    17. Punishment.

    The one who intentionally breaks 2 - 9 in this law or rulings made under the power of this law, is punished with fines, prison for up to 6 months or both if not stronger punishment paragraphs are applicable.

    Potentially 16 about fines if a company refuses to change it's marketing after legal ruling against it could also be applied, but I think 17 is much stronger. This one is pretty damn efficent against anyone you manage to track down, also, ignorance of the law is not an excuse, even if it's foreign law. So be careful about spamming .no addresses, if someone gets pissed enough they can have you behind bars. Oh, and if you think "Norway, who cares, I'm never going there anyway", note that we're part of Schengen, so forget pretty much all of Europe then.

    Kjella

    Original text:

    2b. Begrensninger i bruk av visse kommunikasjonsmetoder

    Det er forbudt i næringsvirksomhet uten mottakerens forutgående samtykke å rette markedsføringshenvendelser til forbrukere ved hjelp av telekommunikasjonsmetoder som tillater individuell kommunikasjon, som for eksempel elektronisk post, tekstmelding til mobiltelefon, telefaks eller automatisert oppringningssystem (talemaskin).

    17. Straff.

    Den som forsettlig overtrer 2 - 9 i denne lov eller vedtak som er gjort i medhold av denne lov, straffes med bøter, fengsel i inntil 6 måneder eller begge deler dersom ikke strengere straffebestemmelse kommer til anvendelse. Medvirkning straffes på samme måte.
  • someone stole my email address.. and now they are spaming the hell out of it.

    On a more serious note. I have an earthlink account (call them what you will) and they have their spaminator that catches lots of spam, but somehow loads more still gets through. I wish I could access their servers and create an "acceptance list" rather than a denial list.

    Wouldn't it be nice (or is there?) if there was a CLIENT email program, that one could program with smart filters that could delete mail on the server before ever downloading it (I think pine can do some of this, but I want a full GUI). You could put people who you would accept mail from reguardless like family and friends that are in your address book. You could set it up so that if you heard about a virus with a specific title you could reject it, even if it was from family or move it to a special folder. You could even set it up so that it validated email addresses, or accept email addresses from corporations that you were potentially interested in or were sending you through a job message bord like hotjobs or dice. Hmm .. this sounds like I should modify my java SMTP and POP beans to do some of this. I think it would make mail take longer to download, but it would help reduce spam in my mail box.

    Maybe I just need to filter out messages that say "grow your penis larger" and "tighten up your vagina". Oh and my favorite one is "come see Me and my girl friends play with each other". I shudder to think of what my pre-teen neices and nephews, who are all on lilne at this time, get in the way of email. Oh and my favorite are the HTML pages that take so long to download hang my email program or slow it down. Why should anyone have to suffer like this, just because they allow viewing of HTML!

  • I propose that SMTP should be extended with a "jump-this-hoop" function that could be applied selectively to untrusted senders.

    Rather than blocking all email from untrusted senders, or accepting mail from anyone, my MDA should demand that unknowns factor a mid-sized product of two primes before it is willing to accept their email. If they're willing to burn half-a-minute of CPU time, I'll take their message; we can frob the task size to set the cost such that mass spamming becomes infeasible.

    All you'ld need to do is hack this into sendmail, and we're good.

    Or am I mad?

    • Re:my cunning plan (Score:3, Interesting)

      by Tazzy531 ( 456079 )
      One ISP that I had worked with a while ago setup his sendmail so that with each subsequent message it sends, it takes a quarter of a second longer. So, the idea was, spammers send thousands of messages at a time. So after the 100th email, they would have to wait a couple minutes to send. At this point, not knowing that the ISP set this up, they would cancel the send.
  • The FTC article cited above included this nice invitation:

    "The FTC invites consumers to forward any deceptive e-mail they receive to: uce@ftc.gov

    OK, folks, start barraging them. The more crap that fills their server, the more seriously they'll take the situation. They act in response to a high level of public complaints. So complain.

    BTW, many of the comments here say "I don't get why spam works, nobody would ever buy in response to UCE would they?" The bad news is that there are a bazillion morons out there who do precisely this. Well, maybe not a bazillion, but all it takes is 1 receptive cluck out of 100K spam haters to pay for the spammer's time. And they're out there. If nobody ever clicked through, spam would dry up.

  • Authenticated Spam (Score:3, Interesting)

    by Alan ( 347 ) <arcterex@NoSPaM.ufies.org> on Thursday January 31, 2002 @01:41PM (#2931573) Homepage
    While reading the article on info world, I first thought "great! finally I won't have to filter my spam, I'll actually be able to get off the lists!", but then I realized a a few of the larger implications.
    • Remember when some large company (I think it might have been ebay) reset all the user preferenes for "send me newletters" and "share my info with spammers^wpartner companies", claiming that there was some problem and they were resetting the user preferences because the users didn't understand? This is very similar to that. Suddenly all the nice, mostly working spam filters on places like hotmail, yahoo mail, or pretty much any large free email service that has spam filters will stop filtering these emails. Result, now you get just as much spam, but now a chunk of that will go into your inbox instead of your spam folder.

      Users then get to go through their spam, clicking on the 'click here to be removed' and wasting their time and bandwidth, until the next bout of spam comes through.

    • People will get just as much spam as before, just now some will be digitally signed. Chances are you will NEVER get off all the "certified spammers" lists, so you'll still get spam in your inbox, and have extra hassle as now users feel they have to go through the removal process for them. I'd much rather have a "never have any certified spammer send me any mail" service, which goes and removes you from all the certified spammers' databases. The services is to try to give the user control right? So give us the control to not get spam that we don't want!
    • How long do you think it'll take for these groups to really get it right? There are always glitches that show up in new systems and I'm anticipating that there'll be more than a few people who are spammed multiple times from companies that are not only certified, but the user has said "I don't want spam from you anymore!" Just a start up glitch or two, yea, that's it....
    • How long before someone figures out a way to beat the system? Sure, I know that it's a signed cert, but think of the potential for a non-certified spamming bastart to manage to spoof the 'seal of approval' and be assured that their spam gets into everyone's inbox. Not only that, but when people email them back with the 'remove' emails, they get a nice list of 'live ones' that they can spam merrily along using perhaps a different company name, from address or approach as not to make the user suspicious.
    • Along those lines, what stops companies from not spamming multiple times for different products, or from different spinoffs. Use the database of 'removes' to feed into a list of emails to send out for their next product, promotion or whatever... hell, just sell the list to non-legit spammers!


    Basically, it's a good thought, but there looks (to me) to be so many potential fuckups, especially with the assumption that becuase it is "legit" people want to see it, that I don't think it'll be any better, and will probably be worse, as now you have two different types of spam to deal with. No thanks, it's spamassassin [taint.org] for me! :)

  • Uh-oh (Score:3, Funny)

    by Guppy06 ( 410832 ) on Thursday January 31, 2002 @01:48PM (#2931615)
    "What we are in the process of doing for the first time is to launch a systematic attack on fraudulent and deceptive spam,"

    So Hormel won't be able to sell turkey Spam any more?

  • Trusted Spammer (Score:3, Funny)

    by Anne_Nonymous ( 313852 ) on Thursday January 31, 2002 @02:25PM (#2931902) Homepage Journal
    "Trusted Spammer"

    ...brought to you by the same folks who brought you:

    passive agression
    alone together
    plastic glasses
    Microsoft Works
    pretty ugly
    postal worker
    military intelligence
    freezer burn
    jumbo shrimp
    junk food
    student teacher
    advanced BASIC
    bittersweet
    peace force
    found missing
    genuine imitation
    living dead
    soft rock
    taped live
    tight slacks
    athletic scholarship
    12-ounce pound cake
    working vacation
    resident alien
    same difference
    clearly misunderstood
    exact estimate
    Power Mac
    even odds
    negative growth
    random order

    ...and many, many others.

  • Read no further than this (Score:4, Insightful)

    by Uttles ( 324447 ) <uttles&gmail,com> on Thursday January 31, 2002 @02:43PM (#2932033) Homepage Journal
    The Federal Trade Commission (FTC) is poised to announce an unprecedented law enforcement sweep against deceptive junk e-mail, also known as "spam."

    Unfortunately, that happens to be the first line of the article.

    Spam is not only definted as deceptive junk-email. Spam is email sent to someone in a broadcasting manner when that person has not signed up for that broadcast. In other words, if you send a message, deceptive or not, commercial or not, to a list of recipients that you don't know, that's spam.

  • DCMA and 'authorised' spam (Score:3, Interesting)

    by duncan bayne ( 544299 ) <dhgbayne@gmail.com> on Thursday January 31, 2002 @04:33PM (#2933076) Homepage

    Here's a thought - what if I wrote an email client that forced users to read TrustE-authorised spam. Say, before you could read any non-TrustE-spam, you had to spend at least 5 seconds on each spam, scrolling from top to bottom. This would be to put it mildly a trivial addition to any existing mail client (except telnet :-).

    Hey presto, you have a spamming tool that is legally enforced in the U.S.A. by the DCMA. Want to remove the spam? You're breaking the law.

    Of course, if I was being a *real* bastard, I would prosecute any clients that don't enforce spam, but use my mail-server. Yep, if you're using an unauthorised mail client to strip spam from mail you receive, that's a DCMA violation as well.

    Do you doubt this could happen? Imagine having a conversation with someone twenty years ago, trying to explain to them the DCMA, DVD encryption and the Skylarov case.

    • Since when does the DMCA force people to use this software? It only forces people to not reverse-engineer the software they are using.

      What would be more realistic (but still rather bizarre) would be receiving a piece of mail that has JavaScript or some other executable in it, that, when opened, downloads images or cookies or other web bugs, and claims that trying to stop it or intercept the connections is a violation of the DMCA.

      Hello! I send you this file in order to have your advice!

      By opening this message, you have agreed to allow SIRCAM~1.EXE to install itself on your computer and periodically send copies of files in your Documents Folder to selected users from your address book. Any attempt to intercept, block or otherwise try to circumvent this behavior is a violation of the Digital Millenium Copyright Act ("DMCA").

Slashdot Top Deals

"The medium is the massage." -- Crazy Nigel

Close