Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam

Email (As We Know It) Doomed? 747

Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?
This discussion has been archived. No new comments can be posted.

Email (As We Know It) Doomed?

Comments Filter:
  • by JeffSh ( 71237 ) <jeffslashdot@m[ ].org ['0m0' in gap]> on Tuesday November 19, 2002 @06:27AM (#4704880)
    Right now, my email box gets about 30 spams a day. I almost never receive legitimate email anymore.

    Additionally, I find that email communication is too slow, which is ironic since its so much more efficient than the old way everyone used to communicate by post.

    Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.

    Email will always have a place of course, like websites will need email addresses for contacts, and other such things. But for person to person communication, instant messaging clients are much easier to use .. Email is just becoming outdated as a method of communication, funny how fast that happened. Spam didn't help though, that's for sure.
    • by evilviper ( 135110 ) on Tuesday November 19, 2002 @06:41AM (#4704945) Journal
      I almost never receive legitimate email anymore.

      If you have a mail box that where you don't recieve any legitimate mail, then, of course, you will have a very high percentange of junk. It's not rocket science. The more people use it, the less of an annoyance that small percentage of junk is.

      Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.

      I'm afraid not. E-Mail allows me to send a message, or respond when I want to. Much better flexibility than IM.

      Spam will catch up. There are already a small number of spamers working IM effectively, and it could get as bad as e-mail at any time.

      Email is just becoming outdated as a method of communication

      Yeah, e-mail is going to be outdated, just like postal-mail has long been outdated, and telephones have been outdated. You heard it here first... According to 'JeffSh', IM is going to replace them all...
      </sarcasm>
      • by gowen ( 141411 ) <gwowen@gmail.com> on Tuesday November 19, 2002 @06:51AM (#4704988) Homepage Journal
        You heard it here first... According to 'JeffSh', IM is going to replace them all..
        Hey, lets all "Ask William Shatner" why I don't yet have a subspace communicator built into the badge on my sweatshirt.

        Also : why don't these sweatshirts come in nicer colours...
      • by RAMMS+EIN ( 578166 ) on Tuesday November 19, 2002 @07:40AM (#4705190) Homepage Journal
        ``Yeah, e-mail is going to be outdated, just like postal-mail has long been outdated, and telephones have been outdated. You heard it here first... According to 'JeffSh', IM is going to replace them all...
        ''
        Call me a net junkie, but this is indeed the case for me. I hardly receive or send any snail mail, and I only occasionally get phone calls. About half of the conversation I partake in is face to face, the rest is electronic (email, IRC, IM).

        With the advent of VoIP, we can voice chat with others around the world at lower rates than would be possible over the phone (Speak Freely rules), largely obsoleting the telephone for personal communication between people with suitably equipped computers.

        The Internet _is_ revolutionarizing society even now. I know that many people and organizations prefer doing things the old way, but I also know that many people prefer the comfort of doing everything in one place. Since especially the younger generations tend to fall in the latter category, it is likely that computerized communication and business will dominate in the future. Computers haven't taken over the whole world yet, but they're getting there. That's why we need Open systems, so that whose who want can shape their world, instead of being fully dependent on giant multinationals.

        ---
        "There is hopeful symbolism in the fact that flags do not wave in a
        vacuum."
        -- Arthur C. Clarke
        • by General Cluster ( 450538 ) on Tuesday November 19, 2002 @10:09AM (#4706246)
          I have had several serious misunderstandings with people when communicating over IM.

          Instant messaging is a difficult medium. It as immediate as conversation, but without being as clear and concise as email or other forms of writing. With most writing you read back what you wrote to make sure that you didn't accidently write something that can be misunderstood. Since IMs happen in (almost) real time this sort of care is not generally used. Also people do not type at the same rate so the thread of the converstation is often lost.

          If the subject is important I always use another medium.
      • I'm afraid not. E-Mail allows me to send a message, or respond when I want to. Much better flexibility than IM.

        Actually, when I used ICQ, I admired it's treatment of messages as mini-emails. If you were offline when you got a message, it would be available for you when you logged back in.

        Therefore, it's perfect for sending offline important messenges that need greater priority than spam-neighbored emails (which people classicaly think to check periodically instead of continuously).

        Effectively, ICQ was equivalent to an email client with a heirarchy of per-sender mail-boxes, where only the most activly recieved are up front (such as a spline tree). If you could set the "you've-got-mail" equivalent-tone to only activate when a top tier (say 10 senders) give you new mail, then you'd effectively have the same thing, though for high-volumen, it wouldn't be as efficient (due to TCP session per message-group, and header over-head).
      • Spam will catch up. There are already a small number of spamers working IM effectively, and it could get as bad as e-mail at any time.

        But IM is a type of white-list by default. People are used to this kind of set up. I use ICQ, so I'll use it as an example. Other systems may not have these same features.

        I've set my account to always require authorization. No one gets to add me to their list if I don't want to. (OK, this mechanism is client side, or at least was a couple years ago when I checked. Still, explicitely blacklisting people, to varying levels, is almost as easy as whitelisting someone. Add to ignore, add to invisible. Done.)

        No one I know just randomly adds me to their ICQ list. There are so few of these requests anyways, it's easy enough to check out the requester's info and decide whether it's legitimate or not.

        Messages from people not on my list get deleted without even being read, and if there was an option to do this automatically, I'd turn it on.

        Turned off all the other messaging crap, like web pager, email gateway, etc. It's all spam, no one I know would use it legitimately to contact me.

        IM does not have to be disruptive, contrary to popular belief.

        Set file transfers to be autoaccepted and minimized from people on your list. Everyone else gets denied.

        Turn off all sound effects... ugh.

        Set incoming messages to no notification, flash in try only. No windows will automatically open or pop up to disturb whatever you are doing.

        So IM does not have to be anything like email. Sure, you can go balls out and enable everything, and make it way worse than any email system devised. There is nothing ICQ spammers can do to me aside from me seeing their id number just before I delete it. Big deal. You can even let the message sit unread for weeks, and it won't bother you.

    • by chamenos ( 541447 ) on Tuesday November 19, 2002 @06:49AM (#4704978)
      as i see it, the only way to rectify this situation is to make spam a legally punishable offence. a jail term, a hefty fine, anything! i just want something to be done! everytime i think about all the spammers making a quick buck by killing off email slowly, i get pissed as hell.

      the same way DOS attacking a website is a serious offence as it costs a lot of money, spamming is no different from a DOS attack on individual users. those individual users being attacked number by the millions and this is an everyday DOS attack on all of us.

      write into a newspaper forum, send a letter to your senator. do SOMETHING. create more awareness and resentment towards spammers; its the only way to get anything done about them. i'm halfway through a letter to my local newspaper as i type this.
      • by Safety Cap ( 253500 ) on Tuesday November 19, 2002 @07:24AM (#4705127) Homepage Journal
        The only thing that anti-spam laws will do is have unintended consequences, perhaps of restricting legit email. If you want to stop spam, don't buy from them and don't respond to them.

        Look, it is not hard to understand. Spammers send out their garbage because someone is responding with cash or a legitimate email address that can be sold to other spammers. If you are posting your email address to a public area (e.g., Usenet), then you might as well get a new email address.

        Here's a tip: use a throwaway account (Hotmail/Yahoo) for all your on-line purchases, and use your ISP email address for personal communications. Never, ever post your ISP address anywhere and never use it for on-line purchases. Once your throwaway account starts getting spam, get another one. Never, ever respond to any spam with "remove," "take me off your list," or "you #$(&*#@$!!!!"

        If everyone did that, then most spam would dry up and blow away. (And if my 89-yr old Grandmaw can do it, so can you!)

        • by schon ( 31600 ) on Tuesday November 19, 2002 @09:09AM (#4705743)
          The only thing that anti-spam laws will do is have unintended consequences, perhaps of restricting legit email.

          Bullshit.

          Look at Washington state, or California, or any of the other sites that have anti-spam laws... I don't see anyone complaining about legitimate email being restricted, but I do hear about spammers being sued, and people collecting money.. and it is doing something, because 1/2 of the spam I get now has a disclaimer of "this isn't intended for people in Washington, California, etc.. if you are in one of these states, please don't sue me" at the bottom.

          The laws are working.

          If you are posting your email address to a public area (e.g., Usenet), then you might as well get a new email address.

          Ahh what wonderful logic - "if you want your email address to be useful to you, then you better not tell anyone about it" - which, of course, makes it useless.
        • I agree with the poster above. Someone else put it very well in a post to an earlier article re: spam when they said that it doesn't *matter* to the spammer if you filter out their pitches. If you were that pissed off about spam, you weren't going to buy it anyway, and sending email is so ridiculously cheap it would cost them more to think about it than just to send it off.

          The problem is not you, or me, or anyone who reads Slashdot, or anyone who has any sort of clue, technical or not. The problem is that one idiot ordering makes up for 10^x angry people hitting delete or mark as junk or using SpamAssassin. It's the idiot who orders from spammers we need to be apply the clue-by-four to.

          • Sometimes I wonder. How much money is there, really, in the SPAM buisness? Let me rephrase that... how much money is there to be made by selling things to the people you SPAM?

            I don't know of anyone who's bought from a SPAMer. Not one. No one I know seems to know of someone who's done that either. Even at two degrees of seperation that's a fairly large number of people.

            I've often wondered if the money to be made in SPAMing comes from selling the "verified" address list you've aquired to other SPAMers. The messages seem to serve as a form of confirmation (afterall, you know which ones get returned as undeliverable).

            For some reason it wouldn't supprise me to learn that the turnover in the SPAM industry is very high and that it's just feeding on itself... a kind of twisted pyramid scheme.

            • There was a slashdot story recently that actually mentioned some of the numbers. A spammer sends out like 300,000 email in hopes of getting fewer than 50 responses. A huge success would be 50, a dismal failure would be five. They break even at and expect about 12. So if they don't quite word that spam properly or don't negotiate their cut right, they actually lose money. Yes email is ridiculously cheap but the amazing thing is that even at their low low costs, they will lose money on a fair number of bulk emailings. It all seems strangely like some sort of gambling scheme.

              I tend to agree with you on the confirmed email list/pyramid scheme thing, I would guess that someone is making their living off of email lists. But spam still gets sent, which means that someone still thinks they can make money at it. Even if the turnover is high, someone somewhere is still making a bit of money, and I'm not just talking about people selling lists. This means that believe it or not, SOMEONE IS ACTUALLY BUYING THE PENIS ENLARGER.

              The interesting thing here is that by educating a few of the bottom feeders, the 0.01% or less that actually respond to these things, you could make spam unprofitable. Who are these people? I certainly don't know any of them. I know people who respond to the remove me link and I know people who might (sorry grandma) fall for bogus deals, but by and large they aren't the same people, in my case, the people I know who fall for this stuff don't have email accounts.

              So who are they, how to figure this out? Hmm... Almost makes me want to hire a spammer to hit all the lists with an email collection scheme and all the people who respond get an email explaining how they're just enabling spammers and tell them how to avoid it in the future. Really, these people are the only ones who fall for this stuff, the brute force approach might actually work here. Just crazy enough to work. Just need to find someone with the cash to make it happen.
        • by catfood ( 40112 ) on Tuesday November 19, 2002 @09:48AM (#4706065) Homepage

          Look, it is not hard to understand. Spammers send out their garbage because someone is responding with cash or a legitimate email address that can be sold to other spammers.

          It's harder to understand than you know then. Spammers send out their garbage because they think someone will buy their product. But have you noticed how many products you get pitched to you exactly once? The spammer isn't successful, he gives up, he curses the spam-enabler who sold him the Millions of Addresses CD for US $295.00. And the spam-enabler finds another sucker.

          It doesn't matter if nobody buys the product. What matters is that the spamware peddlers keep going and going and going...

      • Legislation will never even put a dent in the amount of spam you or I receive, because the Internet is global. Legislation is bound to a single state/country. Even if something as mighty as the U.N. decreed it unlawful to send spam, it wouldn't affect nations not part of the U.N. Legislation could only work if every single country in the WORLD buys into it, AND actively enforces it.

        In fact, most North American ISP's (and I'm sure thousands in other countries) are doing a great job of finding and killing spam accounts as they flair up. But most of the regular spams being sent today are from open relays hosted in other (often third-world) countries, or from foreign ISPs who encourage the business (the more bandwidth used from them, the more money they make - they don't care HOW it's used). Unless we're willing to close the borders (and destroy one of the greatest aspects of the Net), this will always hold true.

        I'm afraid the author of this article is correct - email, as we know it, is dying a quick death. The whitelist concept is the only spam-proof technical, and legal, solution there is.

    • by pr0nbot ( 313417 ) on Tuesday November 19, 2002 @07:01AM (#4705034)

      The reason I like e-mail is that it is asynchronous. If I want synchronous communication, I use the telephone.

    • You should count yourself quite lucky. The fact that you almost never receive legitimate email means that you can likely switch to a new address (i.e. not on spam lists) fairly painlessly.

      However, for those of us who have used our address for several years, our email is known to hundreds of people. Though unfortunately that means it's also known to be on hundreds of spammer's lists. Here's a sample summary from my procmail log just yesterday alone:

      Nov 18: 271 of 349 messages marked as spam (77.65%), 268 deleted.

      How about that? 268 of them had a spam score higher than 6 and were deleted. The rest were delivered (POPped) with the rest of my mail.

      I think it's high time that *something* be done that's easy for the n00bs to use, or it'll never get off the ground.

  • Not really (Score:4, Insightful)

    by jez9999 ( 618189 ) on Tuesday November 19, 2002 @06:29AM (#4704893) Homepage Journal
    E-mail's primary purpose is to be different from instant messaging; to allow a stranger to just contact you without much hassle, just fire off an e-mail to x@y.com and you've got through to them. If obfuscation like 'identify this number' was added, is sure as hell WOULD kill e-mail.
  • Zero Tolerance (Score:5, Interesting)

    by e8johan ( 605347 ) on Tuesday November 19, 2002 @06:31AM (#4704902) Homepage Journal

    Tolerate no spamming what so ever. If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down. There is no need to allow this, and no need to "warn" users doing this.

    My ISP limits me from commersial activities at my homepage, why not limit the e-mail account from spamming.

    The biggest problem today is that the price of spam is not charged from the spammer, but the poor user who recieves the shit. For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.

    • Zero Discernment (Score:5, Interesting)

      by melonman ( 608440 ) on Tuesday November 19, 2002 @06:51AM (#4704992) Journal

      If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.

      I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?

      A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!

      • Re:Zero Discernment (Score:5, Informative)

        by meringuoid ( 568297 ) on Tuesday November 19, 2002 @08:00AM (#4705272)
        A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!

        The idea of SPEWS is not just to block spam, but also to force ISPs to terminate their spammers. Blocking only the spammer's IP is pointless; too many providers just move the spammer about in their IP space, and the world has to play whack-a-mole. SPEWS' policy is that if an ISP decides it wants to keep its spammer online in the face of repeated complaints, fine; but then SPEWS don't want to receive any email from such a network.

        Now, the question is: do you agree with SPEWS' policy? If you do, great! Use SPEWS' blacklist to filter incoming email. If you don't, no problem; there are plenty of other blacklists, some more lenient, some far more radical. Pick one or more, or none if you want to accept everything. It's a free internet.

        The great advantage of SPEWS is that it _really_ hurts to be listed. It's the email version of the UDP, and has the power to hit rogue ISPs where it hurts, strongly encouraging them to rethink their policies.

        Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16? I doubt it... SPEWS normally start with the single IP, then incrementally expand the listing (as further complaints are ignored, most likely). If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.

        As for big spammers who can change ISP frequently: if the threat of a SPEWS listing is so terrible, what ISP is going to sign up Empire Towers as a customer? Nobody in their right mind. Alan Ralsky spams from China these days, I gather, because nobody in the West will touch him. ISPs must decide whether they want spammers or humans as customers; those that choose the spammers will surely be listed by SPEWS, and so real humans won't have to receive their crap. Those that choose humans will not be listed, for they will terminate their spammers promptly and will not play silly buggers with IP numbers. If this means that the internet fragments into the spamnet and the nospamnet, fine - who wants to hear from the spamnet anyway?

        • by melonman ( 608440 ) on Tuesday November 19, 2002 @08:55AM (#4705663) Journal

          Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?

          The ISP in question leases servers one by one to individuals and companies. They hand over the root password, and off you go. So what exactly does slashdot think they should do?

          • Monitor exactly what every customer does with their private server?
          • Ban their clients from installing software that will send more than one email at a time?
          • Have a private detective check on any potential clients to make sure they have no connection with the spamming trade?
          • Some other brilliant plan that slashdot would promptly cite as a reprehensible attack on privacy?

          The best they can do is to close the accounts of spammers once they are reported. But since their entry level machines cost under $100 up front, one spam campaign per machine is still viable. So maybe slashdot thinks that hosting should become more expensive? I'm sorry, but the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.

          If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.

          The /16 block thing didn't work either, the support guy basically said 'the people refusing your mail are cretins, they'll probably get over it'. Which they did.

          • by arkanes ( 521690 )
            You don't need to do anything but promptly and efficently respond to spam complaints, by terminating accounts. Maybe change your TOS on your cheaper accounts so you can throttle port 25 traffic. You don't need to do any of the extreme things mentioned. From the reports in this case, it looks like the ISP had no real interest in preventing spam, even in the face of complaints, so a block is exactly what they needed to get a boot.
          • by schon ( 31600 )
            The ISP in question leases servers one by one to individuals and companies. They hand over the root password, and off you go. So what exactly does slashdot think they should do?

            How about just what the previous poster said:

            shut them down if they start spamming, which would fall into "none of the above"

            the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.

            Bullshit. It works right now (you're living proof!) Your ISP is spam-friendly, and everybody who uses SPEWS won't accept mail from them. If you don't like the fact that you're 'collateral damage', then change ISPs, to one that has a clue - then everybody's happy; you're not blacklisted, your brain-dead former ISP keeps it's customers, the spammers have a home which can't send spam to people who don't want it.
          • by JohnDenver ( 246743 ) on Tuesday November 19, 2002 @09:46AM (#4706047) Homepage
            Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?

            Read what he said first. He clearly stated that SPEWS starts by blocking smaller IPs and notifies the ISP. If the ISP doesn't response, they block a larger range, until the ISP feels compelled to terminate the spammer's account.

            If you're an ISP and want to avoid being blocked by SPEWS, it seems like all you really have to do is reply to abuse reports and terminate the offending account. See, Was THAT so hard?

            How's that for a brilliant plan?

            Jesus, I'd hate to see how you blow your personal problems out of proportion.

    • by dago ( 25724 ) on Tuesday November 19, 2002 @06:58AM (#4705017)


      Subject: bulk email received from one of your account

      hi,
      I just received a unsollicited bulk email from one of your email adress : e8johan@etek.chalmers.se

      Here's a copy of the first few lines of this email :

      Received: from mail.etek.chalmers.se (129.16.32.20)
      by mta448.mail.yahoo.com with SMTP; 10 Oct 2001 17:48:42 -0700 (PDT)
      Message-Id:
      From: e8johan@etek.chalmers.se
      Subject: product for you... but i think u need to buy it
      X-Priority: 3
      X-MSMail-Priority: Normal
      Date: Thu, 11 Oct 2002 3:47:35 +0200
      Mime-Version: 1.0
      Content-Type: text/plain; charset="Windows-1251"

      Online Drugstore can have your order of discounted Viagra shipped to you for
      only 5 minutes of your time!!!
      http://www.justgottago.com/od/azzbc/

      No Prior Prescriptions Needed
      -Licensed U.S. Physicians are ready to fill your order
      -Guaranteed Lowest Prices Available
      -Discreet Mailing directly to your home or office

      Just visit http://www.justgottago.com/od/azzbc/ and enjoy the good life today!!!



      So now, your account will be shut down without any warning, that's it ?

    • Re:Zero Tolerance (Score:5, Interesting)

      by Anonymous Coward on Tuesday November 19, 2002 @06:58AM (#4705019)
      Why not make the spammers pay?

      Set up a system like this:
      To mail to a particular e-mail address you have to pay some nominal amount (say $0.50) which gets sent to the account of the e-mail address holder.

      Now here's the clever bit...If the recipient wanted to recieve the mail, they can opt to have the $0.50 refunded to the sender. If the mail is considered a spam, keep the $0.50.

      The system could (of course) be automated so that the money is refunded automatically after reading the mail unless you click the "This is spam button"

      -----
      Simon.
  • by reaper20 ( 23396 ) on Tuesday November 19, 2002 @06:31AM (#4704903) Homepage
    Another doomsayer, give me a break, the Internet is going to fall apart in $random years, we'll be swimming in spam and popup ads, hackers will wage "cyberwar" on our "infostructure" unless we do something about it. Whatever. Use the proper [mozilla.org] tools [spamassassin.org]. By now if you're still swamped in spam/popups/adware, then you're an idiot.

    The moron who cut me off on the road this morning is a danger to motorists, highways are doomed to failure!
    • Email dying isn't failure of the internet, or of it falling apart. The article is just talking about the degredation of one of the plethora of services which use the internet.. E-mail.
    • Use the proper tools. By now if you're still swamped in spam/popups/adware, then you're an idiot.

      No offense, but that's band-aid engineering. It will work for a while, but the core problem isn't solved.
      • The core problem as you put it is humans. There's not much we can do to force everyone to play nice. There will always be greedy abusers of the system, criminals, spammers, scam artists, and the like. And there will always be people who either encourage them or do nothing to stop them. And the rest of us are just caught in the crossfire.

        Quite frankly, I browse the web without any popups, etc. and very few actual ads. My email accounts get almost no spam (I don't even need to use tools like spamassin).

        The only way to solve the core problem of spam is to convince people to play nice. And call me a cynic, but I just don't think that's going to happen anytime soon. So all that's left is "band-aid engineering" (or mass genocide, but I don't think that's a particularly good solution, even for spammers :)
    • Another doomsayer, give me a break

      Another young person, give me a break. Back before you were born, there was a thing called USENET. Bad people started spamming USENET. People like you said, "Another doomsayer, give me a break."

      The doomsayers were right. USENET is a vast wasteland now. Ask your mommy and daddy what it used to be like before the Spammers destroyed it.
  • Mozilla spam filter (Score:5, Interesting)

    by Tyreth ( 523822 ) on Tuesday November 19, 2002 @06:32AM (#4704904)
    When the new Mozilla spam filter matures, and other e-mail clients begin to implement efficient spam filters, I think this will become unimportant.

    Previously bayesian spam filtering was demonstrated on slashdot [slashdot.org] to be very effective. Once this becomes commonplace, and seamless, no extra configuration required on the users behalf, hopefully we will see the end of spam.

    However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognised as spam, when it sends a confirmation e-mail your client could recognise it and ask if you want to add it to your whitelist.

    Anyway, with the introduction of bayesian filters into an ordinary client means that the future of e-mail may not necessarily have to be so bleak.

    • Apple's works great (Score:3, Informative)

      by Kinniken ( 624803 )
      No idea how they implemented it, but I wouldnt be suprised if it was based on bayesian principles as well, since it learns from its mistake (it marks junk emails as such, but allows you to change a mail's status if it guessed wrongly).

      Since it starts of in "learning mode", where it only color junk mail but does not delete them, you get to check its efficiency before putting it in "real mode". And even there, by default it only moves the mail in a "junk mail" box, so you can check once in a while if there was anything important there.

      Since using it, my father found that it caught something like 95% of emails, and very very rarely had false positive. Even when it had, correcting the mistake meant it was not repeated.

      I expect such anti-spam systems to get a lot more frequent... and they DO work. Not flawlessly, but well enough to stop spam being such a pain.

      BTW, Apple's filter also have an elemnt of whitelisting, since emails from people in your address book go through without checking.

      Just my 0.02 E
    • by Etyenne ( 4915 )
      I think filter do not solve the problem at its base; it only cure the symptom. Spam still get sent, you just don't see them in your inbox. Since you will have to download and process them, you are still paying the "cost".

      Also, people who configure and use spam filter are VERY unlikely to buy anything from spam. For spammer, these people are just part of the deadweight anyway. So even if 99% of the population would use spam filter, it would be of no use in curbing the problem if this is the 99% that would not buy from spam anyway.

      At it's base, the problem can only be solved by reducing the value of spam to spammer. There are two ways to accomplish : augment the cost of spamming or lower the return.

      Various way exist to augment the cost of spamming. Having them banned from their ISP is one of these, but its effectiveness is limited : eventually, spammer will move where they are tolerated (ie China) and spam from there unpunished. Other possibilities include the morally objectionnable one, like infiltrating spammer circle, poisoning their address list and hacking their infrastructure.

      Spam is profitable because, apparently, some people are dumb enough to fall for it. If less people would fall for it, spam would be less profitable thus less common. In that respect, awarness campaign should be done. The question is : who would pay for it ? I say the major ISP should at least try to educated a tiny little bit their new customer on the subject. Something anybody could do however is, if you know somebody who falled for spam, please hit him with a cluestick ... twice!
  • Funny (Score:2, Funny)

    I had spam yesterday where they spelt Viagra wrong. Unless Viagrea is a new wonder drug?
    • Re:Funny (Score:5, Interesting)

      by sql*kitten ( 1359 ) on Tuesday November 19, 2002 @07:05AM (#4705051)
      I had spam yesterday where they spelt Viagra wrong. Unless Viagrea is a new wonder drug?

      Not funny at all. You knew what they meant; a filter on your inbox on the keyword 'Viagra' wouldn't have. Someone I know once worked on software to do realtime filtering of keywords in "family friendly" chatrooms. He said it was almost impossible; a human's ability to communicate FUCK without out actually typing it was far ahead of any rules he could encode into his software without breaking legitimate conversations. That's one of the reasons the spam problem is so difficult to solve purely with technology.
      • Fsck U 2 (Score:3, Insightful)

        by hughk ( 248126 )
        And that is without a load of "133t d00d5" speak. It is easy to dump Viagra and penis enalrgement ads automagically into the trash but misspellings and alternative representations can cause problems, even a space between letters (i.e., V I A G R A) can fool simpler filters. Also there is the problem of false positives, a problem when you discuss your visit to Scunthorpe.
    • Re:Funny (Score:3, Funny)

      by Temporal ( 96070 )
      I received a spam once with the subject line "You're a winner!" and no body. No text, no attachments, nothing. Just "You're a winner!" I guess they thought I needed some moral support. ::shrug::

      Also, 90% of all spam I receive is in Korean. I live in the United States, and have never visited Korea nor spoken Korean. I only know it is Korean because Eudora used to ask me if I wanted to install the Korean language pack whenever I'd get one (I eventually told it to stop asking).

      Though nothing beats the spam I received which started with "If you are a time traveler or alien and or in procession of alien or government technology I need your help!" As far as I could tell, it was completely genuine. The guy seriously wanted alient time travel tech. He requested that responses be sent to his AOL e-mail address. Go figure. (The complete text is a page or two long, but it's pretty funny. I'll post it if anyone is curious.)
  • Re: (Score:2, Redundant)

    Comment removed based on user account deletion
  • by jki ( 624756 ) on Tuesday November 19, 2002 @06:35AM (#4704915) Homepage
    Lately there has been many efforts that seriously help the problem with spam. One of those being Spamnet [cloudmark.com] - today there are already almost 200 000 spamnet clients installed and as the result almost all of the spam gets classified as junk and never consume your time.

    Then, I should ofcourse plug this Openchallenge submission about Learning e-mail classifier [openchallenge.org]:The use of a naive bayesian algorithm in automatically filtering spam and classifying e-mail has been discussed and also implemented in the past. Implement an automatic e-mail classifier system which works together with an IMAP server. The system should: a) constantly refine the database used to classify messages either by periodically re-analyzing the IMAP folders or by tracking each incoming message and periodically checking to which folder the user actually moves each message. b) assign each incoming message an extra header item which contains the path of the IMAP folder where the message belongs according to the classification algorithm.

    Also, you could also mine your site for smammers like this [cyberian.org].

    So, my point is that just during last two years the spam problem has exceeded so much that there is enough interest in fighting it seriously. Spam will die.

    • Also, you could also mine your site for smammers like this [cyberian.org].

      as one person already mailed me about the unique address per spammer, I thought I should clarify here that it is infact: as unique per spammer as an md5sum of all the details gathered from the requester of the page can be - without attacking the requesting host :) Therefore it is _NOT_ unique per request, that would be insane - instead per host/useragent/referer & some mystical details. yes, you can avoid it, but it seems spammers are not that educated. And when they are, it will just need to be enhanced :)

      And to the other question: No, I have not sent any actual invoice to a spammer. Instead I have succesfully made 5 spammers so fall apologize in the fear of being invoiced and stop harvesting my site for emails.

    • One of those being Spamnet [cloudmark.com]

      Damn-it, I hate companies that don't state up front what their business model is. Is it shareware? Is it trialware? Is it demo? Are they going to ask for money at some point? WTF is the repercussion of me downloading and running their software? I do NOT want to download someone's softare and have to read all the installation crap *while* installing it to figure out what the limitations/deal/catch is with the software.

      More and more small win32 software companies are not mentioning *at all* what their software is on their webpages. So I have to spend 10-20 minutes crawling their site trying to figure out what the hell they are doing and who they are. Often I end up having to use Google Groups to find someone commenting on the company's angle. Pain in the ass!

      It *sounds like* they let you use SpamNet right now, and use the "spam information" that everyone provides in their enterprise spam filtering solution. But it's buried on one of their other pages.
  • by myspys ( 204685 ) on Tuesday November 19, 2002 @06:35AM (#4704917) Homepage
    so what happens when person A emails person B? if both of them have this whitelist-filter..

    B's whitelist emails back saying "identify yourself", A's whitelist respons with "identify yourself"

    infinite loop?
    • by matth ( 22742 )
      You need to do as I do and when you send an e-mail out to someone not in your whitelist have your mail program add it, so that all outgoing e-maila ddresses are checked against the white list and if they are not in they are added. Whitelist is great... and I've not missed any e-mails :)
      • I moved to a complete whitelist solution about 3 years ago. Previously I used to use the "Bcc" method of filtering, but stopped doing that after a friend invited me to a party, and it accidentally got chucked in my (public) spam archive.

        $ wc -l .whitelist
        804 .whitelist

        It works, but it's a pain, and I still have to manually check the spam folder once in a while to catch people writing to me out of the blue about my software. And there are still a few false positives in the archive (tell me about them, and I'll try and weed them out).

        Rich.

        Gratuitous spam archive advert: http://www.annexia.org/spam/ [annexia.org]

  • PGP anyone? (Score:2, Interesting)

    by gomerbud ( 117904 )
    I would have no problem with public crypto. If a message isnt cryptographically signed by someone who you care about, then you could just nuke it. I'd be all for this.
  • Cloudmark. (Score:3, Interesting)

    by jericho4.0 ( 565125 ) on Tuesday November 19, 2002 @06:37AM (#4704929)
    CloudMark [cloudmark.com] or other systems that use peer based filtering seem like the way to go. If 10 people have said this is spam, why should I have to see it?
  • Checking the early morning Hotmail... *sigh* another ad for me to get a bigger penis. Imagine if my real friends were always telling me to get a bigger penis? I'd have no where to turn.
  • It is a shame (Score:5, Interesting)

    by MoThugz ( 560556 ) on Tuesday November 19, 2002 @06:40AM (#4704934) Homepage
    ...but email should not be abandoned as a primary form of communication on the net. Sure, IMs are gaining popularity, and don't forget good old IRC. The problem is that any form of communication online needs some sort of moderation.

    They exist on various levels on IM (as mentioned, authorised user list) and IRC (IRCOps, channel op), email has admins, but it's not easy filtering out scums of email abusers.

    The problem lies with the weakness of tracing the sender of email itself. Sure, you can get sender info from the email headers, but most web based email and normal email clients disable viewing the headers by default. And how many email clients that you know actually dedicate a thorough Help section (or howto) on how to decipher info in email headers?

    After 2 years of receiving spam, I got sick of it and engage in the use of SpamPal [spampal.org.uk] to filter out my mailboxes. So far it's going pretty well... but there should be a more newbie-friendly way to get rid of spam.

    Hopefully there can be a globally-enforced law to bring spammers to justice, but this, like any internet-related law, will be very hard to enforce.
  • human identification (Score:3, Interesting)

    by StandardDeviant ( 122674 ) on Tuesday November 19, 2002 @06:41AM (#4704938) Homepage Journal

    There is some interesting work out there in the field of human identification. For example, the word-in-distorted-image thing Yahoo! uses to filter out spambots from yahoo! mail account creation, developed in collaboration with the Captcha [captcha.net] project at CMU. I've heard reports of a sort of shadow arms-race developing between the portal/communications providers (web mail, instant messaging, the like) and the spammers (who have an incentive to attempt autogeneration of accounts), where each robot countermeasure is attacked by the opposing robots' programmers. E.g. hiring humans for some minimal wage to type in the words they see on the yahoo! system as prompted by some account generation robot. This in a sense is like the radar/ECM/ECCM succession...

    Presupposing that some method of easy robot/human sender determination/authentication existed, how difficult would this be to integrate into existing mail infrastructure? Something like "Howdy! You've attempted to send mail to foo.com. Please visit foo.com/mailverify to verify your identity." where the reply URL has some form of captcha-esque human/robot test?

  • by TillmanJ ( 223874 ) on Tuesday November 19, 2002 @06:45AM (#4704957) Homepage Journal

    I just can't really see email going away, especially not in favor of IM. Emails true usefulness, the thing that makes it a 'killer app' is that it is asynchronous. Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message. Their email server is more than happy to hold their email for them until they can get it, and allows them to respond when they can.

    Additionally, it's not like IM is spam-free. A quick google search reveals a growing business in providing anti-spam tools to IM users, so I doubt that making email more IM-like will help, though I do see some limited use of whitelists to be beneficial.

    Businesses however, can never get away with using whitelists, or even most blacklists to reduce the amount of spam they have to deal with. I know that at our company, we cannot block nearly the number of netblocks that we would like to, as we need communicate with customers almost exclusively by email, and cannot afford to lock out potential buyers for any reason.

    The solution to the spam problem is not an easy one, especially not for businesses, but small steps forward are made all the time, in better pattern matching, address lookup, etc that one day will (hopefully) allow for spam to be stopped, or at least to stem the tide...

    • Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message.

      Check out Jabber. It does just that. If someone sends me an IM, I don't even need to be online, the jabber server will store the IM for me until I sign on.

      IM has the potential to replace email because there really isn't anything email provides that IM can't. Even syncronous communication.
  • by Eggplant62 ( 120514 ) on Tuesday November 19, 2002 @06:49AM (#4704975)
    The anti-spam movement has been saying this since 1997. It's about time the world woke up and realized how badly the spammers have trashed the effectiveness of email. I know I block using several DNSbl's, a huge access.db with spamassassin picking up the slack that the others miss. I have had to whitelist people whose email gets caught in the other traps.

    To me, I dream of the day we can go back to simply leaving email unfiltered and where we receive only that mail we would normally expect, not drivel from marketoons who think that email is the next best thing to handbills posted on my front door. I'm tired of having to update my access.db. I'm tired of keeping up all the diligence, watching logs to see what legitimate mail might have bounced.

    Thank you, you rotten, spamming assholes and all the idiots that ever bought anything advertised in spam email.

    Rich
  • by Old Wolf ( 56093 ) on Tuesday November 19, 2002 @06:50AM (#4704981)
    The worse spam gets, the more people will look to alternatives. Maybe it's time to set up some infrastructure for Internet Mail 2000 [cr.yp.to].
  • by Kryptoff ( 611007 ) on Tuesday November 19, 2002 @06:52AM (#4704993) Homepage Journal
    ... has been discussed here before: Hash Cash [slashdot.org].
  • by bongobongo ( 608275 ) on Tuesday November 19, 2002 @06:54AM (#4705000)
    os x's default email app, mail, seems to toss spam directly into the trash with (about) 99% accuracy... that is, 99% of spam is correctly identified as spam. perhaps twice i've found emails that i've wanted to receive in the trash, but that's over many months, and the mistakes will never be repeated after a quick "whitelisting".

    anyway, if you're really upset by spam, it's pretty friggin' easy to avoid it... do NOT put down your regular email address for any site that wants to email you a password for registration. get a trashy hotmail account (or whatever) just for verifications, and use your regular email addresss for real communication.

    perhaps spam, collectively, is a huge problem, but the problems it causes for typical individuals are small, especially given the existence of spam filters. that's why spam won't "kill" email by any measure.

    .
  • by arvindn ( 542080 ) on Tuesday November 19, 2002 @06:54AM (#4705001) Homepage Journal

    For a long time, there were doomsday predictions of the "web as we know it". The pessimists claimed that the signal-to-noise ratio was constantly decreasing and that things would soon degrade to such a point that it would be untenable. Well, what happened? The link structure of the web serves to greatly amplify useful content on the web and filter out noise (so neatly exploited by google).
    This is only the latest in a long line of articles saying "spam is increasing at an exponential rate. So in X years Y% of our time will be spent deleting SPAM. E-mail is doomed!!!". This author, for example, says nothing of bayesian spam filters [slashdot.org]. What is likely is that spam and anti-spam will both mature in a few years, and that a combination of filtering methods will weed out most junk from our mailboxes; users will have so problem manually sending the handful of remaining penis enlargement offers to /dev/null.
  • Bayesian filtering (Score:3, Interesting)

    by Flamesplash ( 469287 ) on Tuesday November 19, 2002 @06:57AM (#4705016) Homepage Journal
    Maybe Yahoo and MSN will implement user by user Bayesian spam filtering now :) It would also be interesting to see if they could do the filtering on their entire user base instead of person by person.
  • by simong_oz ( 321118 ) on Tuesday November 19, 2002 @07:03AM (#4705039) Journal
    Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.

    I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.

    I also have an email address that is used solely for usenet - this one receives by far the most spam.

    Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to .net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.
    • I have two primary email addresses. Both are over six years old. Both have been plastered all over my website for the past four years, with no obfuscation (by necessity; it's how potential clients contact me).

      One goes thru a subdomain and a BBS. It seems to attract more than its share of spam with blank or bogus TO fields. The BBS spam filter (written by our intrepid sysop) kills all mail not sent to a legit user. That, and some filtering specific to spammer-only return addresses, is sufficient to kill off 99% before it reaches my mailbox.

      My other email address is via a real ISP, and is completely unfiltered. It typically gets only a handful of spams a day, the work of 15 seconds to delete 'em all. But more significant -- the total amount of spam received has DECREASED over the years. It now gets maybe half as much as it did in 1997. Lately, some days I don't get any spam at all.

      The only thing I've done to protect this address is use something completely bogus for usenet. Once in a while I post with another client that shows my correct address, and forget to change it first, and then for a couple weeks I get a spasm of spam -- but it soon drops back off to the usual handful.

      One oddity: every so often, some moron uses my real ISP address for sporging on Usenet. When that happens, my spam drops to ZERO for the duration -- as if this somehow poisons the address!!

      As to webmail: My Yahoo account (about 4 years old, only used if all others are down) has never received a single spam. My Hotmail account (going on 5 years old), occasionally used as a spamtrap for sites of unproven privacy policies [cough* realtor.com *cough] but never used in Real Life nor posted anywhere, gets a ton of generic Asian spam, but almost never gets any of the same spams as my regular ISP address. Hotmail's spam blocker sometimes works great, and sometimes not at all -- just about anything in Asian character sets sneaks thru anyway.


    • Sneakemail.com [sneakemail.com] was created just for this purpose, its like a condom for your email address. And no its not going to disappear, its been running over 2 years and is profitable

  • Nonsense (Score:5, Insightful)

    by Dr Thrustgood ( 625498 ) <ThrustGood@spamoff.atari.co.uk> on Tuesday November 19, 2002 @07:05AM (#4705050)
    The telephone gets bombarded with equally determined spammers and yet that hasn't changed. Certainly, you might not pick up the phone if it's not a number you recognise, but you're still going to look. It's the same for email.

    The only reason email will go away is when mobile (cell) phones become as convenient and cheap a way to communicate as email currently is.
  • by cheeseflan ( 462270 ) on Tuesday November 19, 2002 @07:11AM (#4705084) Homepage
    This wouldn't happen. Anyone who lives in the EU: check your emails - are any sent from EU nations? NO. If the US would stop this stupid insistence on your personal details being everyone else's property but your own - then we wouldn't have to put up with so much sh*te being sent to our inbox about mortgages on another continent. I hope the EU goes through with the (jokey) threat to find and list the names of the people breaking the law - so if they ever take a holiday to Paris, we can be waiting.
  • Feeling lonely.... (Score:3, Insightful)

    by MosesJones ( 55544 ) on Tuesday November 19, 2002 @07:18AM (#4705106) Homepage

    I get bugger all Spam, at work or at home. Could this be because I always tick the "don't spam me" boxes. And because I don't put real email addresses on the internet.

    Strange isn't it.
  • Donald Knuth (Score:3, Interesting)

    by SystematicPsycho ( 456042 ) on Tuesday November 19, 2002 @07:25AM (#4705132)
    Knuth killed his email address in 1990,

    Knuth vs Email [stanford.edu]
  • by RAMMS+EIN ( 578166 ) on Tuesday November 19, 2002 @07:27AM (#4705145) Homepage Journal
    One thing I have observed about spam is that seems to especially target free webmail services, and in particular, MSN Hotmail. I have several email accounts, some of which are webmail accounts I signed up for, others came with dial-up or hosting accounts, the universities I've studied at, and the companies I've worked for. The webmail accounts I signed up for are the ones that receive the spam, the others get zero or next to none.

    It is worth mentioning that my Hotmail account fills up in three days if I disable the `delete mail from unknown users' filter. The reason is that I enter my Hotmail address whenever I think it's going to be used for spamming. This keeps my other addresses clean.

    The reason I use my Hotmail account for that, as opposed to another free-as-in-beer service, is that I have noticed that Hotmail accounts attract spam no matter what. Even though MicroSoft claims they do their best to protect their customers from junkmail, I have noticed that next to everyone who uses Hotmail complains about spam, email that is sent to a long sequence of ASCII-ordered addresses are delivered as if it wasn't obviously spam, a Hotmail account will receive junk mail even if you just let it sit there and never use it or give the address to anybody, and countless other badnesses. I don't know how this compares to other providers of free webmail, but I do know that my Yahoo account gets an acceptible (for me) amount of spam, despite having only the default level of spam protection, whatever that amounts to.

    Now there is an additional issue here. I do not use my webmail accounts for everyday email; I prefer POP and SMTP for that. I don't know if more frequent usage would result in higher volumes of spam, but I could see a scenario of how this would work. Most modern email clients, whether they be stand-alone programs or web interfaces, keep an address book. The address books of notable email programs are known to contain exploits that allow hackers access to the stored addresses, and malicious (money-hungry?) webmail interfaces could easily read their clients' address books and sell the information to third parties. In this case, by sending an email to somebody, I expose myself to the risk that my email address will eventually be known by spammers.

    Having said all this, I will come up with a couple of hints for avoiding spam. There work for me, YMMV:

    1. Avoid using free webmail services (especially Hotmail) for accounts you don't wish to recieve spam on.
    2. Use an address other than your primary account when dealing with a party you don't trust.
    3. Don't leave your email address on webpages. Even encoding or scrambling your email address won't protect you - if humans can understand it, programs can be made to do so as well.

    These practices have left my mailboxen uncluttered for years, aside from the incidental win32 virus. Which brings me to another point: make sure your email client does NOT execute code attached to emails. Most versions of MicroSoft Outlook and Outlook Express are known to be vulnerable. For your own good and that of the rest of the Internet: DO NOT USE THESE PROGRAMS.

    I hope my comments will prove helpful to some of you. Feel free to redistribute as you see fit.

    ---
    (1) Everything depends.
    (2) Nothing is always.
    (3) Everything is sometimes.
    • I use a Hotmail account as my public, "throwaway" email account - but even Hotmail can be configured so that you rarely get spam. The method is simple - whenever you get any piece of spam, add the entire domain to your "block" list. It is not good enough to block a specific address such as "netoffers3@netoffers.com" -- you must block the entire "netoffers.com" domain.

      Maybe I am just lucky, but I almost never get spam anymore on my Hotmail account - an account which, I assure you, is *very* public. (I have been using this account for online transactions for years now). The only "spam" I still get are sale pitches from vendors like Amazon.com and Buy.com - domains which I do not want to block outright.
  • I've got an idea (Score:5, Interesting)

    by comic-not ( 316313 ) on Tuesday November 19, 2002 @07:45AM (#4705209) Homepage

    Let's think outside the (mail)box for a second.

    Imagine a system where only whitelisted e-mail with a confirmed return address gets through. That would be enough to kill spam. The problem is, how can we allow previously unknown people to get on this whitelist without human intervention and gray/blacklists. Complicated? Not necessarily.

    Here's the idea: suppose that we have a certifying service attached to our e-mail address. Say, my e-mail address is me@foo.com and my certifying address is certify.me@foo.com. Now I would want to send e-mail to you@bar.com but you do not know me and you are using a whitelist. No problem. I send you an electronically signed e-mail, and my mailing program, upon deciding that you are not already on my buddy list, cc:s the message (or relevant parts of it) to certify.me@foo.com. When your program receives my message and checks that I am not on your buddy list, it sends a signed query to certify.me@foo.com. The automatic service behind that address verifies that

    1. Yes, this is my signature, and
    2. Yes, I have sent it to you.

    Upon receiving the certification your program adds my address to your whitelist and accepts the original message. After all, you now know my e-mail address. Even a spammer who would be willing to reveal his identity would be pummeled to a certain death by millions of certify requests (which would make his ISP very unhappy). And should a spammer once get on your whitelist, just blacklist him.

    This would not be a burden for mailing lists, because the certifying procedure is only invoked during the first contact.

    This scheme would triple the initial number of e-mail messages, but because it's a one time event, the overhead is small. Considering that 95 some percent of all e-mails seem to be spam, this could actually reduce the traffic significantly after all the spammers have either been auto-spammed back for every single piece of spam that they send, or vanished into oblivion if none of their messages ever reach people.

    So, anybody willing to implement this?

    • What's to prevent you@bar.com from getting SPAM in his mailbox or spammers on his whitelist with this scheme? Basically, you have a box receiving an email, and then talking to the sender of the email to verify that the signature was his and correct.

      But I (as a hypothetical spammer) can make a signature in any name, and I can set up any accounts on any hostname I like rather easily. So a spammer could get messages into your box and get a name (even if it's a throwaway name) onto your whitelist without any human intervention. He has his certify address always respond in the affirmative, and voila.
  • by RichLooker ( 556121 ) <<richard> <at> <disputable.org>> on Tuesday November 19, 2002 @07:53AM (#4705242)
    Spam filtering in mail clients is futile. The filtered messages still consume network bandwidth, CPU cycles and storage space on the MTA's and MDA's. Almost every spam message I have ever received had forged sender addresses, and were relayed through a third party MTA. An MTA should ONLY accept messages SENT BY or DESTINED TO users in their own domains. This way the spammers would be unable to hide their identities, and shutting down the offender's accounts would be easy. IMHO, blacklisting open relays is perfectly acceptable. Heck, we should even DNS-blackhole them out of existence !
  • Just ignore them. (Score:3, Insightful)

    by miffo.swe ( 547642 ) <{daniel.hedblom} {at} {gmail.com}> on Tuesday November 19, 2002 @07:59AM (#4705263) Homepage Journal
    Sure, its annoying but i dont think its going to stop e-mail. Heck i even watch tv and they have chopped the damn shows up into small bits. Im more annoyed by popups and banners that any spam ive ever received.
  • by doodleboy ( 263186 ) on Tuesday November 19, 2002 @08:09AM (#4705341)
    I think the commercial software vendors are largely responsible for the massive increase in spam. IE is basically an ad delivery system; there's no way to control pop-ups, and no way to block images from ad servers. This is because from the corporate perspective our job as computer users is to view as many ads as humanly possible. Don't expect MS to be of any help. And don't expect any useful legislation either, as the DMA has a powerful and generous lobby in Washington.

    But where proprietary software fails us, free software supplies the features that people actually want. Mozilla has built-in pop-up blocking and a great deal of work is going into spam filtering. On my linux box, I use spamassassin and vipul's razor for email, and filterproxy and mozilla to block ads and protect my privacy on the web. Very rarely does any spam make it into my inbox, and I almost never see ads of any kind online. However, it fills me with horror to use other peoples' computers. How can anyone stand all the flashing and blinking?

    Conclusion: decent tools are the answer, not bug-eyed rants about the death of email.
  • BS (Score:3, Interesting)

    by Junior J. Junior III ( 192702 ) on Tuesday November 19, 2002 @08:16AM (#4705383) Homepage
    Email shouldn't die. If mailserver admins do their jobs right, it should be possible to block out loads of spam.

    For instance, look at www.myrealbox.com -- I've had accounts with them for over a year and never received ONE spam in them. Ever! I don't give my address out publicly or to untrusted sources. They do a damn good job of blocking spam.
  • by alanjstr ( 131045 ) on Tuesday November 19, 2002 @08:18AM (#4705395) Homepage
    Part of the problem with ICQ is that your username is a number. Not only that, but a sequential number so a spammer can message a whole range of people with a simple broadcast. Nothing like having your boss sit next to you when your spam just pops up at you. A lot of people don't do IM whitelisting. Friends change screen names, or maybe you give it out to someone and you just don't have theirs yet.
  • Way to stop Spam (Score:5, Insightful)

    by Quill_28 ( 553921 ) on Tuesday November 19, 2002 @08:39AM (#4705516) Journal
    OK i thought of a way to stop spam. It is very simple. Charge people to send e-mail. Yep, let's say you charge .0001 per e-mail that is sent out. That would be 100 e-mails for a penny. Spamming would then be unprofitable, and people would gladly pay a few cents a month to stop spam.

    Now this may be a situation like the mouse putting a bell on the cat, great idea impossible implementation, but I don't understand enough about e-mail to know.

    Comments as to why it wouldn't work?

    • Re:Way to stop Spam (Score:3, Interesting)

      by Styros ( 144779 )
      How does that stop anything? .0001 per email = $100 if you send out 1 million emails. That doesn't put enough dent into the spammers' costs to really deter them. I think you have to consider the type of spam and where they originate. IMHO, spam comes in 2 forms.

      1) Legitimate - ones that come from real companies, with working unsubscribe policies.
      2) Illegitimate - from companies that forge headers, spoof IPs, steal legitimate email accounts, etc.

      For type 1), you can follow tactics that have proven effective to telemarketing by developing a state/federal do-not-email list. If any company sends email to an address on that list without explicit permisson, they will be warned the first time, and fined $500 per email each time after.

      For type 2), you'd just have to criminalize those acts. I don't see any other way to stop them.
  • by derF024 ( 36585 ) on Tuesday November 19, 2002 @09:07AM (#4705735) Homepage Journal
    i've had the same set of working email addresses for 5+ years and i get maybe 1 spam out of 1000+ legitimate emails a day. i never spam-proof my email addresses on message boards/usenet/mailing lists either.

    i block mail using dsbl.org, spamcop and a few simple procmail rules (when a spam does get through, i block that company via procmail). i don't ever lose legitimate mail, and i don't get any of the "anonymous spam" i used to get from people pretending to be @hotmail.com/yahoo.com/etc.

    clearly the reason that these people claim that blacklists don't work is because they're not using them.
  • by nicestepauthor ( 307146 ) on Tuesday November 19, 2002 @10:29AM (#4706496) Homepage
    I get a lot of spam at work (maybe 30 or more/day) and almost none at home. I am careful about giving out my email address, and in fact I think I've given out the home address more than the work address. It puzzled me that I was getting so much spam at work, then someone here mentioned that we should not use auto-reply with Lotus Notes because that replies to spammers and confirms your email address. Of course everyone here sets Notes to auto-reply when they are on vacation, etc. I'm convinced this courtesy is the source of my spam problem.

    It's too late to do anything now. Yeesh.

  • Cost/benefit (Score:3, Interesting)

    by Tomster ( 5075 ) on Tuesday November 19, 2002 @10:55AM (#4706778) Homepage Journal
    Right now the cost/benefit analysis favors spammers.

    The Spammer's View:
    First, it's very inexpensive to collect/buy a million email addresses and very inexpensive to send a million emails. Second, the return is sufficient: out of those million emails, all it takes is a handful of replies to make a profit. Third, the risk of being prosecuted or otherwise suffering financial damages is still practically nil, so the worst you have to fear is your ISP cutting you off -- whoop de doo, go uncover another rock and sign up with a new one.

    The ISP's View:
    It costs little more than a little bandwidth to send a million emails. It costs a little in reputation to be weak on busting spammers' accounts. Signing up a new customer is a profit.

    The User's View:
    Here's where the "cost" of spam is high, and consequently where most of the effort in fighting it has been made. Most users either just delete or have software to keep spam out of their inbox. Some people are careful about how they publish their email address. Some use blacklists or (more recently) whitelists. The cost to receive an email is fortunately low or nothing.

    When the cost of spam becomes too high to ignore, for spammers to send or ISPs to relay, spam will decrease. It already has started to become more expensive: some ISPs have strong anti-spam policies and measures; some laws have been passed against spam; and there is quite a bit of software to deal with spam at the recipient end. But that's not enough, as evidenced by the continuing growth in spam.

    Eventually, spam will be dealt with more strongly at the source. It has to be sufficiently painful first, and the pain is starting to be felt by ISPs and others involved in relaying email. I expect the situation to be much better a couple years from now.

    -Thomas
  • by SysKoll ( 48967 ) on Tuesday November 19, 2002 @01:26PM (#4708397)

    I was getting so much spam on my dial-up account that it sometimes took me 20 mins to download mostly useless, if not offensive, email. Sorting it automatically by client-side methods (e.g. SpamAssassin) wasn't helping the download time, since you still have to download the blasted spam before you sort it.

    So I got rid of my contaminated address. I created an account on two web sites: www.spamgourmet.com [spamgourmet.com] (free) and www.sneakemail.com [sneakemail.com] (mostly free).

    Spamgourmet allows you to create an infinity of different email addresses all going to your POP3 account, by adding various prefixes. So say, to take a recent example, that your account is SpammerMaimer and you want to subscribe to, oh, MIT Technology Review's newsletter. You create an address called MITTechReview.20.SpammerMaimer (@ the SG domain). The "20" in the middle word of the address gives them 20 shots at emailing you before the address shuts itself down (and you can manually reset the counter).

    Then, surprise! This stupid magazine sells your address to several spammers. On top of that, their forum system is spammer-friendly because it encourages email address collection.. You know that it's them, because you haven't given that address to anyone else. So what do you do? You go to your Spamgourmet account and shut down that MITTechReview.20.SpammerMaimer address. Problem solved.

    For truly one-shot emails, I use sneakemail, which creates disposable addresses that you can disable individually.

    The hardest thing is to keep the old address active for a while until all your usual correspondants have been informed of your new address. Then, when you switch your ISP email address, you just have to change the forward address in SG and Sneakemail.

    Highly recommended.

    -- SysKoll

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin

Working...