Email (As We Know It) Doomed? 747
Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?
I don't even use email anymore (Score:4, Interesting)
Additionally, I find that email communication is too slow, which is ironic since its so much more efficient than the old way everyone used to communicate by post.
Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.
Email will always have a place of course, like websites will need email addresses for contacts, and other such things. But for person to person communication, instant messaging clients are much easier to use
Re:I don't even use email anymore (Score:5, Insightful)
If you have a mail box that where you don't recieve any legitimate mail, then, of course, you will have a very high percentange of junk. It's not rocket science. The more people use it, the less of an annoyance that small percentage of junk is.
I'm afraid not. E-Mail allows me to send a message, or respond when I want to. Much better flexibility than IM.
Spam will catch up. There are already a small number of spamers working IM effectively, and it could get as bad as e-mail at any time.
Yeah, e-mail is going to be outdated, just like postal-mail has long been outdated, and telephones have been outdated. You heard it here first... According to 'JeffSh', IM is going to replace them all...
</sarcasm>
Re:I don't even use email anymore (Score:4, Funny)
Also : why don't these sweatshirts come in nicer colours...
Re:I don't even use email anymore (Score:4, Funny)
Re:I don't even use email anymore (Score:4, Funny)
Hahaha, I can just imagine Kirk slapping on that thing and getting spammed.
"Boost your subspace communicator signal!"
"Dilithium herbal crystals!"
"Barely legal teenaged green chicks!"
"Captain's log, stardate 10.25.2... We are going to beam down to the planet's surface, to meet the late Mr. Mogubutu's brother and transfer the funds from the dead ambassador's bank account to my own."
Re:I don't even use email anymore (Score:5, Insightful)
''
Call me a net junkie, but this is indeed the case for me. I hardly receive or send any snail mail, and I only occasionally get phone calls. About half of the conversation I partake in is face to face, the rest is electronic (email, IRC, IM).
With the advent of VoIP, we can voice chat with others around the world at lower rates than would be possible over the phone (Speak Freely rules), largely obsoleting the telephone for personal communication between people with suitably equipped computers.
The Internet _is_ revolutionarizing society even now. I know that many people and organizations prefer doing things the old way, but I also know that many people prefer the comfort of doing everything in one place. Since especially the younger generations tend to fall in the latter category, it is likely that computerized communication and business will dominate in the future. Computers haven't taken over the whole world yet, but they're getting there. That's why we need Open systems, so that whose who want can shape their world, instead of being fully dependent on giant multinationals.
---
"There is hopeful symbolism in the fact that flags do not wave in a
vacuum."
-- Arthur C. Clarke
Instant Messaging Limitations (Score:5, Insightful)
Instant messaging is a difficult medium. It as immediate as conversation, but without being as clear and concise as email or other forms of writing. With most writing you read back what you wrote to make sure that you didn't accidently write something that can be misunderstood. Since IMs happen in (almost) real time this sort of care is not generally used. Also people do not type at the same rate so the thread of the converstation is often lost.
If the subject is important I always use another medium.
Re:I don't even use email anymore (Score:3, Insightful)
Actually, when I used ICQ, I admired it's treatment of messages as mini-emails. If you were offline when you got a message, it would be available for you when you logged back in.
Therefore, it's perfect for sending offline important messenges that need greater priority than spam-neighbored emails (which people classicaly think to check periodically instead of continuously).
Effectively, ICQ was equivalent to an email client with a heirarchy of per-sender mail-boxes, where only the most activly recieved are up front (such as a spline tree). If you could set the "you've-got-mail" equivalent-tone to only activate when a top tier (say 10 senders) give you new mail, then you'd effectively have the same thing, though for high-volumen, it wouldn't be as efficient (due to TCP session per message-group, and header over-head).
Re:I don't even use email anymore (Score:3, Insightful)
But IM is a type of white-list by default. People are used to this kind of set up. I use ICQ, so I'll use it as an example. Other systems may not have these same features.
I've set my account to always require authorization. No one gets to add me to their list if I don't want to. (OK, this mechanism is client side, or at least was a couple years ago when I checked. Still, explicitely blacklisting people, to varying levels, is almost as easy as whitelisting someone. Add to ignore, add to invisible. Done.)
No one I know just randomly adds me to their ICQ list. There are so few of these requests anyways, it's easy enough to check out the requester's info and decide whether it's legitimate or not.
Messages from people not on my list get deleted without even being read, and if there was an option to do this automatically, I'd turn it on.
Turned off all the other messaging crap, like web pager, email gateway, etc. It's all spam, no one I know would use it legitimately to contact me.
IM does not have to be disruptive, contrary to popular belief.
Set file transfers to be autoaccepted and minimized from people on your list. Everyone else gets denied.
Turn off all sound effects... ugh.
Set incoming messages to no notification, flash in try only. No windows will automatically open or pop up to disturb whatever you are doing.
So IM does not have to be anything like email. Sure, you can go balls out and enable everything, and make it way worse than any email system devised. There is nothing ICQ spammers can do to me aside from me seeing their id number just before I delete it. Big deal. You can even let the message sit unread for weeks, and it won't bother you.
Re:I don't even use email anymore (Score:4, Insightful)
Yeah, but, well, isn't that the point of this article?
Re:I don't even use email anymore (Score:5, Interesting)
Re:I don't even use email anymore (Score:5, Interesting)
the same way DOS attacking a website is a serious offence as it costs a lot of money, spamming is no different from a DOS attack on individual users. those individual users being attacked number by the millions and this is an everyday DOS attack on all of us.
write into a newspaper forum, send a letter to your senator. do SOMETHING. create more awareness and resentment towards spammers; its the only way to get anything done about them. i'm halfway through a letter to my local newspaper as i type this.
Re:I don't even use email anymore (Score:5, Insightful)
Look, it is not hard to understand. Spammers send out their garbage because someone is responding with cash or a legitimate email address that can be sold to other spammers. If you are posting your email address to a public area (e.g., Usenet), then you might as well get a new email address.
Here's a tip: use a throwaway account (Hotmail/Yahoo) for all your on-line purchases, and use your ISP email address for personal communications. Never, ever post your ISP address anywhere and never use it for on-line purchases. Once your throwaway account starts getting spam, get another one. Never, ever respond to any spam with "remove," "take me off your list," or "you #$(&*#@$!!!!"
If everyone did that, then most spam would dry up and blow away. (And if my 89-yr old Grandmaw can do it, so can you!)
Re:I don't even use email anymore (Score:5, Insightful)
Bullshit.
Look at Washington state, or California, or any of the other sites that have anti-spam laws... I don't see anyone complaining about legitimate email being restricted, but I do hear about spammers being sued, and people collecting money.. and it is doing something, because 1/2 of the spam I get now has a disclaimer of "this isn't intended for people in Washington, California, etc.. if you are in one of these states, please don't sue me" at the bottom.
The laws are working.
If you are posting your email address to a public area (e.g., Usenet), then you might as well get a new email address.
Ahh what wonderful logic - "if you want your email address to be useful to you, then you better not tell anyone about it" - which, of course, makes it useless.
Re:I don't even use email anymore (Score:3, Insightful)
The problem is not you, or me, or anyone who reads Slashdot, or anyone who has any sort of clue, technical or not. The problem is that one idiot ordering makes up for 10^x angry people hitting delete or mark as junk or using SpamAssassin. It's the idiot who orders from spammers we need to be apply the clue-by-four to.
Re:I don't even use email anymore (Score:3, Insightful)
I don't know of anyone who's bought from a SPAMer. Not one. No one I know seems to know of someone who's done that either. Even at two degrees of seperation that's a fairly large number of people.
I've often wondered if the money to be made in SPAMing comes from selling the "verified" address list you've aquired to other SPAMers. The messages seem to serve as a form of confirmation (afterall, you know which ones get returned as undeliverable).
For some reason it wouldn't supprise me to learn that the turnover in the SPAM industry is very high and that it's just feeding on itself... a kind of twisted pyramid scheme.
Re:I don't even use email anymore (Score:3, Interesting)
I tend to agree with you on the confirmed email list/pyramid scheme thing, I would guess that someone is making their living off of email lists. But spam still gets sent, which means that someone still thinks they can make money at it. Even if the turnover is high, someone somewhere is still making a bit of money, and I'm not just talking about people selling lists. This means that believe it or not, SOMEONE IS ACTUALLY BUYING THE PENIS ENLARGER.
The interesting thing here is that by educating a few of the bottom feeders, the 0.01% or less that actually respond to these things, you could make spam unprofitable. Who are these people? I certainly don't know any of them. I know people who respond to the remove me link and I know people who might (sorry grandma) fall for bogus deals, but by and large they aren't the same people, in my case, the people I know who fall for this stuff don't have email accounts.
So who are they, how to figure this out? Hmm... Almost makes me want to hire a spammer to hit all the lists with an email collection scheme and all the people who respond get an email explaining how they're just enabling spammers and tell them how to avoid it in the future. Really, these people are the only ones who fall for this stuff, the brute force approach might actually work here. Just crazy enough to work. Just need to find someone with the cash to make it happen.
Re:I don't even use email anymore (Score:5, Insightful)
It's harder to understand than you know then. Spammers send out their garbage because they think someone will buy their product. But have you noticed how many products you get pitched to you exactly once? The spammer isn't successful, he gives up, he curses the spam-enabler who sold him the Millions of Addresses CD for US $295.00. And the spam-enabler finds another sucker.
It doesn't matter if nobody buys the product. What matters is that the spamware peddlers keep going and going and going...
Re:I don't even use email anymore (Score:4, Funny)
Yep.
I love it, too, when well-meaning relatives annotate their email address books to help provide a detailed handle on exactly to whom the email addresses really belong. Not to mention filling the message with plain text details of their lives and yours.
As Joey the teen script kiddie looks in horror at the email headers, Aunt Agatha has completely blown his coveted stealth email address...
To: '"Joseph Wayne Smallpecker, Des Moine Iowa"' <h4Xor31337@x5.cx>
(plain text describing Joey in detail to the Feds.
Is he still getting a C in shop class at Fred MacMurray High School?
Aunt Agatha is happy with her sweater she got for her birthday.
Her poodle is not feeling well.)
Re:I don't even use email anymore (Score:3, Interesting)
In fact, most North American ISP's (and I'm sure thousands in other countries) are doing a great job of finding and killing spam accounts as they flair up. But most of the regular spams being sent today are from open relays hosted in other (often third-world) countries, or from foreign ISPs who encourage the business (the more bandwidth used from them, the more money they make - they don't care HOW it's used). Unless we're willing to close the borders (and destroy one of the greatest aspects of the Net), this will always hold true.
I'm afraid the author of this article is correct - email, as we know it, is dying a quick death. The whitelist concept is the only spam-proof technical, and legal, solution there is.
Re:I don't even use email anymore (Score:5, Insightful)
The reason I like e-mail is that it is asynchronous. If I want synchronous communication, I use the telephone.
Re:I don't even use email anymore (Score:5, Funny)
Re:I don't even use email anymore (Score:3, Interesting)
You should count yourself quite lucky. The fact that you almost never receive legitimate email means that you can likely switch to a new address (i.e. not on spam lists) fairly painlessly.
However, for those of us who have used our address for several years, our email is known to hundreds of people. Though unfortunately that means it's also known to be on hundreds of spammer's lists. Here's a sample summary from my procmail log just yesterday alone:
Nov 18: 271 of 349 messages marked as spam (77.65%), 268 deleted.How about that? 268 of them had a spam score higher than 6 and were deleted. The rest were delivered (POPped) with the rest of my mail.
I think it's high time that *something* be done that's easy for the n00bs to use, or it'll never get off the ground.
Not really (Score:4, Insightful)
Zero Tolerance (Score:5, Interesting)
Tolerate no spamming what so ever. If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down. There is no need to allow this, and no need to "warn" users doing this.
My ISP limits me from commersial activities at my homepage, why not limit the e-mail account from spamming.
The biggest problem today is that the price of spam is not charged from the spammer, but the poor user who recieves the shit. For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.
Zero Discernment (Score:5, Interesting)
If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
Re:Zero Discernment (Score:5, Informative)
The idea of SPEWS is not just to block spam, but also to force ISPs to terminate their spammers. Blocking only the spammer's IP is pointless; too many providers just move the spammer about in their IP space, and the world has to play whack-a-mole. SPEWS' policy is that if an ISP decides it wants to keep its spammer online in the face of repeated complaints, fine; but then SPEWS don't want to receive any email from such a network.
Now, the question is: do you agree with SPEWS' policy? If you do, great! Use SPEWS' blacklist to filter incoming email. If you don't, no problem; there are plenty of other blacklists, some more lenient, some far more radical. Pick one or more, or none if you want to accept everything. It's a free internet.
The great advantage of SPEWS is that it _really_ hurts to be listed. It's the email version of the UDP, and has the power to hit rogue ISPs where it hurts, strongly encouraging them to rethink their policies.
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16? I doubt it... SPEWS normally start with the single IP, then incrementally expand the listing (as further complaints are ignored, most likely). If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.
As for big spammers who can change ISP frequently: if the threat of a SPEWS listing is so terrible, what ISP is going to sign up Empire Towers as a customer? Nobody in their right mind. Alan Ralsky spams from China these days, I gather, because nobody in the West will touch him. ISPs must decide whether they want spammers or humans as customers; those that choose the spammers will surely be listed by SPEWS, and so real humans won't have to receive their crap. Those that choose humans will not be listed, for they will terminate their spammers promptly and will not play silly buggers with IP numbers. If this means that the internet fragments into the spamnet and the nospamnet, fine - who wants to hear from the spamnet anyway?
Re:Zero Discernment (Score:5, Insightful)
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?
The ISP in question leases servers one by one to individuals and companies. They hand over the root password, and off you go. So what exactly does slashdot think they should do?
The best they can do is to close the accounts of spammers once they are reported. But since their entry level machines cost under $100 up front, one spam campaign per machine is still viable. So maybe slashdot thinks that hosting should become more expensive? I'm sorry, but the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.
If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.
The /16 block thing didn't work either, the support guy basically said 'the people refusing your mail are cretins, they'll probably get over it'. Which they did.
Re:Zero Discernment (Score:3, Insightful)
Re:Zero Discernment (Score:3, Insightful)
How about just what the previous poster said:
shut them down if they start spamming, which would fall into "none of the above"
the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.
Bullshit. It works right now (you're living proof!) Your ISP is spam-friendly, and everybody who uses SPEWS won't accept mail from them. If you don't like the fact that you're 'collateral damage', then change ISPs, to one that has a clue - then everybody's happy; you're not blacklisted, your brain-dead former ISP keeps it's customers, the spammers have a home which can't send spam to people who don't want it.
Didn't you READ me post? (Score:4, Informative)
Here's what typically happens.
1. SPAMMER gets account on your ISP
2. SPAMMER SPAMS from your ISP
3. Someone reports SPAMMER
4. SPEWS sends warning to your ISP
5. ISP does nothing
6. SPEWS blocks small IP range, sends second warning
7. ISP does nothing
8. SPEWS blocks larger IP range, sends third warning
9. YOU get blocked (It's obvious your ISP doesn't care about your connection)
10. ISP finally takes appropriate action, SPEWS unblocks ISP
If SPEWS didn't follow that procedure, then shame on SPEWS. If you're ISP didn't respond to SPEWS, then shame on your ISP.
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
Re:Didn't you READ me post? (Score:4, Interesting)
4. SPEWS sends warning to your ISP
6. SPEWS blocks small IP range, sends second warning
8. SPEWS blocks larger IP range, sends third warning
When SPEWS mails people, I doubt they do so saying 'We're SPEWS and this is an official warning.' They'd do it saying 'This spammer at aaa.bbb.ccc.ddd hit my account this morning, please remove him'. This would have two advantages:
1) SPEWS remains anonymous - this helps, because by now there are an awful lot of spammers screaming for blood
2) ISPs have to treat every spam complaint seriously, because they have no way of knowing which ones are from SPEWS and which are from ordinary users
If SPEWS sent complaints in their own name, then ISPs would simply ignore all non-Spews complaints. An anonymous SPEWS leads to ISPs reading their abuse@ mailboxes with much greater care...
Your making it more difficult than it really is... (Score:4, Insightful)
Read what he said first. He clearly stated that SPEWS starts by blocking smaller IPs and notifies the ISP. If the ISP doesn't response, they block a larger range, until the ISP feels compelled to terminate the spammer's account.
If you're an ISP and want to avoid being blocked by SPEWS, it seems like all you really have to do is reply to abuse reports and terminate the offending account. See, Was THAT so hard?
How's that for a brilliant plan?
Jesus, I'd hate to see how you blow your personal problems out of proportion.
Re:Zero Discernment (Score:3, Insightful)
You mean I almost lost customers because of a problem that had nothing to do with me and over which I had no control, along with a few thousand other completely innocent people, and the bad guy is still in business?
The spammer is still in business, and still blacklisted by SPEWS, as are those who shelter him. The spammer is no longer on your ISP, who are no longer on the blacklist (though the record is still there for reference). The spammer's life is made far more difficult; his mails bounce, his ISP finds that their other customers are complaining about their mails too, and then finds out why... The career spammer becomes a Jonah, whose presence at an ISP has the potential to sink it. That's the idea.
SPEWS aren't in this to make friends. They're in this to inflict damage on spam-friendly ISPs, and force them to change their ways. And it's working. Check the original record on the spammer who caused all this trouble: he's been thrown off Rackspace and Cavecreek, two of the blackest hats on the net. They ignore every abuse@ email they get, but they can't pretend SPEWS doesn't exist.
As for you? You're a customer of an ISP who is sheltering spammers, and unfortunately you're likely to be collateral damage when the daisycutters come in. Too bad. Be glad your ISP killed the spammer, and that you only suffered for a week. Some people decide to make a fight of it, they posture grandly in news.admin.net-abuse.email ranting on about their upcoming lawsuite and their right to frea speach, and meanwhile the list stays there, denying them mail access to a large slice of the net... Your ISP is hopefully now on the side of the angels, and will be sure not to let this happen again. If it does happen again, I suggest you look for a different provider.
Re:Zero Discernment (Score:3, Informative)
I already explained why this is good. Previously, blacklist maintainers were subject to legal threats simply for reporting the truth: ISPs were tolerating criminal activity within their netblock. When word of these threats got out -- even if action was never filed -- many individuals added the ISPs blocks to their own personal firewall lists with a note not to remove them ever under any circumstances, ever. As a result, the ISP would find themselves blocked by hundreds of individual lists from which they could never be removed rather than one big central list where they could be removed if they just cleaned up their act.
SPEWS being anonymous and immune to legal action is a good thing for everyone. Well, except spammers, but spammers don't count. Spammers should all be shot into the sun, but not our sun. We should pick a sun that has no inhabited planets in orbit so as to avoid contaminating life.
If SPEWS became abusive, in listing ISPs simply because someone in SPEWS didn't like a person there, then people would stop using SPEWS. SPEWS works because it not only lists spam-friendly ISPs but provides information as to exactly why the ISP is listed. If that information becomes 'person X is a ninny' or it involves demonstratably false claims, people would know that it wasn't trustworthy and they would stop using it.
If you happen to be on a blocked Sprint IP, then yes, your complaint is with Sprint. Other ISPs CHOOSE to filter with SPEWS's list (one of the two, since there are two SPEWS lists) because they've decided that if an ISP tolerates spammers, nothing from that ISP is worth hearing. You don't like that, find an ISP that does not tolerate spammers or tell your ISP to stop doing it. SPEWS simply tells it like it is. Don't like it? Too bad.
Re:Zero Discernment (Score:3, Informative)
The user will hook up, not change anything, and as soon as something goes out with a port 25 destination, your local mail server grabs the connection instead, and takes over sending the mail.
Their ease of use, your ease of control and security.
To: abuse@etek.chalmers.se (Score:4, Insightful)
Subject: bulk email received from one of your account
hi,
I just received a unsollicited bulk email from one of your email adress : e8johan@etek.chalmers.se
Here's a copy of the first few lines of this email :
Received: from mail.etek.chalmers.se (129.16.32.20)
by mta448.mail.yahoo.com with SMTP; 10 Oct 2001 17:48:42 -0700 (PDT)
Message-Id:
From: e8johan@etek.chalmers.se
Subject: product for you... but i think u need to buy it
X-Priority: 3
X-MSMail-Priority: Normal
Date: Thu, 11 Oct 2002 3:47:35 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Online Drugstore can have your order of discounted Viagra shipped to you for
only 5 minutes of your time!!!
http://www.justgottago.com/od/azzbc/
No Prior Prescriptions Needed
-Licensed U.S. Physicians are ready to fill your order
-Guaranteed Lowest Prices Available
-Discreet Mailing directly to your home or office
Just visit http://www.justgottago.com/od/azzbc/ and enjoy the good life today!!!
So now, your account will be shut down without any warning, that's it ?
Re:Zero Tolerance (Score:5, Interesting)
Set up a system like this:
To mail to a particular e-mail address you have to pay some nominal amount (say $0.50) which gets sent to the account of the e-mail address holder.
Now here's the clever bit...If the recipient wanted to recieve the mail, they can opt to have the $0.50 refunded to the sender. If the mail is considered a spam, keep the $0.50.
The system could (of course) be automated so that the money is refunded automatically after reading the mail unless you click the "This is spam button"
-----
Simon.
*sigh* not this argument again. (Score:5, Insightful)
The moron who cut me off on the road this morning is a danger to motorists, highways are doomed to failure!
Re:*sigh* not this argument again. (Score:2, Insightful)
Re:*sigh* not this argument again. (Score:3, Insightful)
No offense, but that's band-aid engineering. It will work for a while, but the core problem isn't solved.
Re:*sigh* not this argument again. (Score:3, Interesting)
Quite frankly, I browse the web without any popups, etc. and very few actual ads. My email accounts get almost no spam (I don't even need to use tools like spamassin).
The only way to solve the core problem of spam is to convince people to play nice. And call me a cynic, but I just don't think that's going to happen anytime soon. So all that's left is "band-aid engineering" (or mass genocide, but I don't think that's a particularly good solution, even for spammers
Re:*sigh* not this argument again. (Score:3, Insightful)
Another young person, give me a break. Back before you were born, there was a thing called USENET. Bad people started spamming USENET. People like you said, "Another doomsayer, give me a break."
The doomsayers were right. USENET is a vast wasteland now. Ask your mommy and daddy what it used to be like before the Spammers destroyed it.
Mozilla spam filter (Score:5, Interesting)
Previously bayesian spam filtering was demonstrated on slashdot [slashdot.org] to be very effective. Once this becomes commonplace, and seamless, no extra configuration required on the users behalf, hopefully we will see the end of spam.
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognised as spam, when it sends a confirmation e-mail your client could recognise it and ask if you want to add it to your whitelist.
Anyway, with the introduction of bayesian filters into an ordinary client means that the future of e-mail may not necessarily have to be so bleak.
Apple's works great (Score:3, Informative)
Since it starts of in "learning mode", where it only color junk mail but does not delete them, you get to check its efficiency before putting it in "real mode". And even there, by default it only moves the mail in a "junk mail" box, so you can check once in a while if there was anything important there.
Since using it, my father found that it caught something like 95% of emails, and very very rarely had false positive. Even when it had, correcting the mistake meant it was not repeated.
I expect such anti-spam systems to get a lot more frequent... and they DO work. Not flawlessly, but well enough to stop spam being such a pain.
BTW, Apple's filter also have an elemnt of whitelisting, since emails from people in your address book go through without checking.
Just my 0.02 E
Re:Mozilla spam filter (Score:3, Insightful)
Also, people who configure and use spam filter are VERY unlikely to buy anything from spam. For spammer, these people are just part of the deadweight anyway. So even if 99% of the population would use spam filter, it would be of no use in curbing the problem if this is the 99% that would not buy from spam anyway.
At it's base, the problem can only be solved by reducing the value of spam to spammer. There are two ways to accomplish : augment the cost of spamming or lower the return.
Various way exist to augment the cost of spamming. Having them banned from their ISP is one of these, but its effectiveness is limited : eventually, spammer will move where they are tolerated (ie China) and spam from there unpunished. Other possibilities include the morally objectionnable one, like infiltrating spammer circle, poisoning their address list and hacking their infrastructure.
Spam is profitable because, apparently, some people are dumb enough to fall for it. If less people would fall for it, spam would be less profitable thus less common. In that respect, awarness campaign should be done. The question is : who would pay for it ? I say the major ISP should at least try to educated a tiny little bit their new customer on the subject. Something anybody could do however is, if you know somebody who falled for spam, please hit him with a cluestick
Re:Mozilla spam filter (Score:3, Insightful)
Of course, it passing through their own filter will be a helpful guaruntee that it will pass through some filters - the problem is with a bayesian filter it is thought that spammers will only be able to say "Click here" - anything more will be detecting. See the slashdot article I linked to anyway for more details, I'm only repeating what I've read elsewhere.
Funny (Score:2, Funny)
Re:Funny (Score:5, Interesting)
Not funny at all. You knew what they meant; a filter on your inbox on the keyword 'Viagra' wouldn't have. Someone I know once worked on software to do realtime filtering of keywords in "family friendly" chatrooms. He said it was almost impossible; a human's ability to communicate FUCK without out actually typing it was far ahead of any rules he could encode into his software without breaking legitimate conversations. That's one of the reasons the spam problem is so difficult to solve purely with technology.
Fsck U 2 (Score:3, Insightful)
Re:Funny (Score:3, Funny)
Also, 90% of all spam I receive is in Korean. I live in the United States, and have never visited Korea nor spoken Korean. I only know it is Korean because Eudora used to ask me if I wanted to install the Korean language pack whenever I'd get one (I eventually told it to stop asking).
Though nothing beats the spam I received which started with "If you are a time traveler or alien and or in procession of alien or government technology I need your help!" As far as I could tell, it was completely genuine. The guy seriously wanted alient time travel tech. He requested that responses be sent to his AOL e-mail address. Go figure. (The complete text is a page or two long, but it's pretty funny. I'll post it if anyone is curious.)
Re: (Score:2, Redundant)
Instead, Spam (as we know it) is doomed (Score:5, Insightful)
Then, I should ofcourse plug this Openchallenge submission about Learning e-mail classifier [openchallenge.org]:The use of a naive bayesian algorithm in automatically filtering spam and classifying e-mail has been discussed and also implemented in the past. Implement an automatic e-mail classifier system which works together with an IMAP server. The system should: a) constantly refine the database used to classify messages either by periodically re-analyzing the IMAP folders or by tracking each incoming message and periodically checking to which folder the user actually moves each message. b) assign each incoming message an extra header item which contains the path of the IMAP folder where the message belongs according to the classification algorithm.
Also, you could also mine your site for smammers like this [cyberian.org].
So, my point is that just during last two years the spam problem has exceeded so much that there is enough interest in fighting it seriously. Spam will die.
Re:Instead, Spam (as we know it) is doomed (Score:3, Informative)
as one person already mailed me about the unique address per spammer, I thought I should clarify here that it is infact: as unique per spammer as an md5sum of all the details gathered from the requester of the page can be - without attacking the requesting host :) Therefore it is _NOT_ unique per request, that would be insane - instead per host/useragent/referer & some mystical details. yes, you can avoid it, but it seems spammers are not that educated. And when they are, it will just need to be enhanced :)
And to the other question: No, I have not sent any actual invoice to a spammer. Instead I have succesfully made 5 spammers so fall apologize in the fear of being invoiced and stop harvesting my site for emails.
Re:Instead, Spam (as we know it) is doomed (Score:3, Interesting)
Damn-it, I hate companies that don't state up front what their business model is. Is it shareware? Is it trialware? Is it demo? Are they going to ask for money at some point? WTF is the repercussion of me downloading and running their software? I do NOT want to download someone's softare and have to read all the installation crap *while* installing it to figure out what the limitations/deal/catch is with the software.
More and more small win32 software companies are not mentioning *at all* what their software is on their webpages. So I have to spend 10-20 minutes crawling their site trying to figure out what the hell they are doing and who they are. Often I end up having to use Google Groups to find someone commenting on the company's angle. Pain in the ass!
It *sounds like* they let you use SpamNet right now, and use the "spam information" that everyone provides in their enterprise spam filtering solution. But it's buried on one of their other pages.
whitelist vs whitelist (Score:3, Funny)
B's whitelist emails back saying "identify yourself", A's whitelist respons with "identify yourself"
infinite loop?
Re:whitelist vs whitelist (Score:3, Interesting)
whitelists - can be effective (Score:3, Interesting)
$ wc -l .whitelist .whitelist
804
It works, but it's a pain, and I still have to manually check the spam folder once in a while to catch people writing to me out of the blue about my software. And there are still a few false positives in the archive (tell me about them, and I'll try and weed them out).
Rich.
Gratuitous spam archive advert: http://www.annexia.org/spam/ [annexia.org]
PGP anyone? (Score:2, Interesting)
Cloudmark. (Score:3, Interesting)
Up early to see the Leonids, and I got SPAMMED! (Score:2, Funny)
It is a shame (Score:5, Interesting)
They exist on various levels on IM (as mentioned, authorised user list) and IRC (IRCOps, channel op), email has admins, but it's not easy filtering out scums of email abusers.
The problem lies with the weakness of tracing the sender of email itself. Sure, you can get sender info from the email headers, but most web based email and normal email clients disable viewing the headers by default. And how many email clients that you know actually dedicate a thorough Help section (or howto) on how to decipher info in email headers?
After 2 years of receiving spam, I got sick of it and engage in the use of SpamPal [spampal.org.uk] to filter out my mailboxes. So far it's going pretty well... but there should be a more newbie-friendly way to get rid of spam.
Hopefully there can be a globally-enforced law to bring spammers to justice, but this, like any internet-related law, will be very hard to enforce.
human identification (Score:3, Interesting)
There is some interesting work out there in the field of human identification. For example, the word-in-distorted-image thing Yahoo! uses to filter out spambots from yahoo! mail account creation, developed in collaboration with the Captcha [captcha.net] project at CMU. I've heard reports of a sort of shadow arms-race developing between the portal/communications providers (web mail, instant messaging, the like) and the spammers (who have an incentive to attempt autogeneration of accounts), where each robot countermeasure is attacked by the opposing robots' programmers. E.g. hiring humans for some minimal wage to type in the words they see on the yahoo! system as prompted by some account generation robot. This in a sense is like the radar/ECM/ECCM succession...
Presupposing that some method of easy robot/human sender determination/authentication existed, how difficult would this be to integrate into existing mail infrastructure? Something like "Howdy! You've attempted to send mail to foo.com. Please visit foo.com/mailverify to verify your identity." where the reply URL has some form of captcha-esque human/robot test?
Imminent-Death-Of-Email-Predicted (Score:5, Insightful)
I just can't really see email going away, especially not in favor of IM. Emails true usefulness, the thing that makes it a 'killer app' is that it is asynchronous. Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message. Their email server is more than happy to hold their email for them until they can get it, and allows them to respond when they can.
Additionally, it's not like IM is spam-free. A quick google search reveals a growing business in providing anti-spam tools to IM users, so I doubt that making email more IM-like will help, though I do see some limited use of whitelists to be beneficial.
Businesses however, can never get away with using whitelists, or even most blacklists to reduce the amount of spam they have to deal with. I know that at our company, we cannot block nearly the number of netblocks that we would like to, as we need communicate with customers almost exclusively by email, and cannot afford to lock out potential buyers for any reason.
The solution to the spam problem is not an easy one, especially not for businesses, but small steps forward are made all the time, in better pattern matching, address lookup, etc that one day will (hopefully) allow for spam to be stopped, or at least to stem the tide...
Re:Imminent-Death-Of-Email-Predicted (Score:3, Interesting)
Check out Jabber. It does just that. If someone sends me an IM, I don't even need to be online, the jabber server will store the IM for me until I sign on.
IM has the potential to replace email because there really isn't anything email provides that IM can't. Even syncronous communication.
No surprise here... (Score:4, Insightful)
To me, I dream of the day we can go back to simply leaving email unfiltered and where we receive only that mail we would normally expect, not drivel from marketoons who think that email is the next best thing to handbills posted on my front door. I'm tired of having to update my access.db. I'm tired of keeping up all the diligence, watching logs to see what legitimate mail might have bounced.
Thank you, you rotten, spamming assholes and all the idiots that ever bought anything advertised in spam email.
Rich
So an alternative is needed (Score:4, Interesting)
One solution to spam... (Score:4, Informative)
os x's default email app... (Score:5, Interesting)
anyway, if you're really upset by spam, it's pretty friggin' easy to avoid it... do NOT put down your regular email address for any site that wants to email you a password for registration. get a trashy hotmail account (or whatever) just for verifications, and use your regular email addresss for real communication.
perhaps spam, collectively, is a huge problem, but the problems it causes for typical individuals are small, especially given the existence of spam filters. that's why spam won't "kill" email by any measure.
.
Even better... (Score:3, Interesting)
Hardly the first doomsday prediction (Score:3, Interesting)
For a long time, there were doomsday predictions of the "web as we know it". The pessimists claimed that the signal-to-noise ratio was constantly decreasing and that things would soon degrade to such a point that it would be untenable. Well, what happened? The link structure of the web serves to greatly amplify useful content on the web and filter out noise (so neatly exploited by google).
This is only the latest in a long line of articles saying "spam is increasing at an exponential rate. So in X years Y% of our time will be spent deleting SPAM. E-mail is doomed!!!". This author, for example, says nothing of bayesian spam filters [slashdot.org]. What is likely is that spam and anti-spam will both mature in a few years, and that a combination of filtering methods will weed out most junk from our mailboxes; users will have so problem manually sending the handful of remaining penis enlargement offers to
Bayesian filtering (Score:3, Interesting)
Be careful with your email address (Score:5, Informative)
I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.
I also have an email address that is used solely for usenet - this one receives by far the most spam.
Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to
Re:Be careful with your email address (Score:3, Interesting)
One goes thru a subdomain and a BBS. It seems to attract more than its share of spam with blank or bogus TO fields. The BBS spam filter (written by our intrepid sysop) kills all mail not sent to a legit user. That, and some filtering specific to spammer-only return addresses, is sufficient to kill off 99% before it reaches my mailbox.
My other email address is via a real ISP, and is completely unfiltered. It typically gets only a handful of spams a day, the work of 15 seconds to delete 'em all. But more significant -- the total amount of spam received has DECREASED over the years. It now gets maybe half as much as it did in 1997. Lately, some days I don't get any spam at all.
The only thing I've done to protect this address is use something completely bogus for usenet. Once in a while I post with another client that shows my correct address, and forget to change it first, and then for a couple weeks I get a spasm of spam -- but it soon drops back off to the usual handful.
One oddity: every so often, some moron uses my real ISP address for sporging on Usenet. When that happens, my spam drops to ZERO for the duration -- as if this somehow poisons the address!!
As to webmail: My Yahoo account (about 4 years old, only used if all others are down) has never received a single spam. My Hotmail account (going on 5 years old), occasionally used as a spamtrap for sites of unproven privacy policies [cough* realtor.com *cough] but never used in Real Life nor posted anywhere, gets a ton of generic Asian spam, but almost never gets any of the same spams as my regular ISP address. Hotmail's spam blocker sometimes works great, and sometimes not at all -- just about anything in Asian character sets sneaks thru anyway.
Re:Be careful with your email address (Score:3, Informative)
Sneakemail.com [sneakemail.com] was created just for this purpose, its like a condom for your email address. And no its not going to disappear, its been running over 2 years and is profitable
Nonsense (Score:5, Insightful)
The only reason email will go away is when mobile (cell) phones become as convenient and cheap a way to communicate as email currently is.
If the rest of the world had privacy laws... (Score:5, Interesting)
Feeling lonely.... (Score:3, Insightful)
I get bugger all Spam, at work or at home. Could this be because I always tick the "don't spam me" boxes. And because I don't put real email addresses on the internet.
Strange isn't it.
Donald Knuth (Score:3, Interesting)
Knuth vs Email [stanford.edu]
Spam: How to Attract or Avoid It (Score:3, Informative)
It is worth mentioning that my Hotmail account fills up in three days if I disable the `delete mail from unknown users' filter. The reason is that I enter my Hotmail address whenever I think it's going to be used for spamming. This keeps my other addresses clean.
The reason I use my Hotmail account for that, as opposed to another free-as-in-beer service, is that I have noticed that Hotmail accounts attract spam no matter what. Even though MicroSoft claims they do their best to protect their customers from junkmail, I have noticed that next to everyone who uses Hotmail complains about spam, email that is sent to a long sequence of ASCII-ordered addresses are delivered as if it wasn't obviously spam, a Hotmail account will receive junk mail even if you just let it sit there and never use it or give the address to anybody, and countless other badnesses. I don't know how this compares to other providers of free webmail, but I do know that my Yahoo account gets an acceptible (for me) amount of spam, despite having only the default level of spam protection, whatever that amounts to.
Now there is an additional issue here. I do not use my webmail accounts for everyday email; I prefer POP and SMTP for that. I don't know if more frequent usage would result in higher volumes of spam, but I could see a scenario of how this would work. Most modern email clients, whether they be stand-alone programs or web interfaces, keep an address book. The address books of notable email programs are known to contain exploits that allow hackers access to the stored addresses, and malicious (money-hungry?) webmail interfaces could easily read their clients' address books and sell the information to third parties. In this case, by sending an email to somebody, I expose myself to the risk that my email address will eventually be known by spammers.
Having said all this, I will come up with a couple of hints for avoiding spam. There work for me, YMMV:
1. Avoid using free webmail services (especially Hotmail) for accounts you don't wish to recieve spam on.
2. Use an address other than your primary account when dealing with a party you don't trust.
3. Don't leave your email address on webpages. Even encoding or scrambling your email address won't protect you - if humans can understand it, programs can be made to do so as well.
These practices have left my mailboxen uncluttered for years, aside from the incidental win32 virus. Which brings me to another point: make sure your email client does NOT execute code attached to emails. Most versions of MicroSoft Outlook and Outlook Express are known to be vulnerable. For your own good and that of the rest of the Internet: DO NOT USE THESE PROGRAMS.
I hope my comments will prove helpful to some of you. Feel free to redistribute as you see fit.
---
(1) Everything depends.
(2) Nothing is always.
(3) Everything is sometimes.
Re:Spam: How to Attract or Avoid It (Score:3, Interesting)
Maybe I am just lucky, but I almost never get spam anymore on my Hotmail account - an account which, I assure you, is *very* public. (I have been using this account for online transactions for years now). The only "spam" I still get are sale pitches from vendors like Amazon.com and Buy.com - domains which I do not want to block outright.
I've got an idea (Score:5, Interesting)
Let's think outside the (mail)box for a second.
Imagine a system where only whitelisted e-mail with a confirmed return address gets through. That would be enough to kill spam. The problem is, how can we allow previously unknown people to get on this whitelist without human intervention and gray/blacklists. Complicated? Not necessarily.
Here's the idea: suppose that we have a certifying service attached to our e-mail address. Say, my e-mail address is me@foo.com and my certifying address is certify.me@foo.com. Now I would want to send e-mail to you@bar.com but you do not know me and you are using a whitelist. No problem. I send you an electronically signed e-mail, and my mailing program, upon deciding that you are not already on my buddy list, cc:s the message (or relevant parts of it) to certify.me@foo.com. When your program receives my message and checks that I am not on your buddy list, it sends a signed query to certify.me@foo.com. The automatic service behind that address verifies that
Upon receiving the certification your program adds my address to your whitelist and accepts the original message. After all, you now know my e-mail address. Even a spammer who would be willing to reveal his identity would be pummeled to a certain death by millions of certify requests (which would make his ISP very unhappy). And should a spammer once get on your whitelist, just blacklist him.
This would not be a burden for mailing lists, because the certifying procedure is only invoked during the first contact.
This scheme would triple the initial number of e-mail messages, but because it's a one time event, the overhead is small. Considering that 95 some percent of all e-mails seem to be spam, this could actually reduce the traffic significantly after all the spammers have either been auto-spammed back for every single piece of spam that they send, or vanished into oblivion if none of their messages ever reach people.
So, anybody willing to implement this?
Doesn't work (Score:3)
But I (as a hypothetical spammer) can make a signature in any name, and I can set up any accounts on any hostname I like rather easily. So a spammer could get messages into your box and get a name (even if it's a throwaway name) onto your whitelist without any human intervention. He has his certify address always respond in the affirmative, and voila.
Educate ISP's and admins (Score:3, Insightful)
Just ignore them. (Score:3, Insightful)
sky not falling, no film at 11. (Score:5, Interesting)
But where proprietary software fails us, free software supplies the features that people actually want. Mozilla has built-in pop-up blocking and a great deal of work is going into spam filtering. On my linux box, I use spamassassin and vipul's razor for email, and filterproxy and mozilla to block ads and protect my privacy on the web. Very rarely does any spam make it into my inbox, and I almost never see ads of any kind online. However, it fills me with horror to use other peoples' computers. How can anyone stand all the flashing and blinking?
Conclusion: decent tools are the answer, not bug-eyed rants about the death of email.
BS (Score:3, Interesting)
For instance, look at www.myrealbox.com -- I've had accounts with them for over a year and never received ONE spam in them. Ever! I don't give my address out publicly or to untrusted sources. They do a damn good job of blocking spam.
Instant Messenger Spam (Score:3, Insightful)
Way to stop Spam (Score:5, Insightful)
Now this may be a situation like the mouse putting a bell on the cat, great idea impossible implementation, but I don't understand enough about e-mail to know.
Comments as to why it wouldn't work?
Re:Way to stop Spam (Score:3, Interesting)
1) Legitimate - ones that come from real companies, with working unsubscribe policies.
2) Illegitimate - from companies that forge headers, spoof IPs, steal legitimate email accounts, etc.
For type 1), you can follow tactics that have proven effective to telemarketing by developing a state/federal do-not-email list. If any company sends email to an address on that list without explicit permisson, they will be warned the first time, and fined $500 per email each time after.
For type 2), you'd just have to criminalize those acts. I don't see any other way to stop them.
but blacklists do work. (Score:3, Insightful)
i block mail using dsbl.org, spamcop and a few simple procmail rules (when a spam does get through, i block that company via procmail). i don't ever lose legitimate mail, and i don't get any of the "anonymous spam" i used to get from people pretending to be @hotmail.com/yahoo.com/etc.
clearly the reason that these people claim that blacklists don't work is because they're not using them.
Look at what FilmThreat is doing about it... (Score:3, Informative)
Don't use auto-reply! (Score:3, Informative)
It's too late to do anything now. Yeesh.
Cost/benefit (Score:3, Interesting)
The Spammer's View:
First, it's very inexpensive to collect/buy a million email addresses and very inexpensive to send a million emails. Second, the return is sufficient: out of those million emails, all it takes is a handful of replies to make a profit. Third, the risk of being prosecuted or otherwise suffering financial damages is still practically nil, so the worst you have to fear is your ISP cutting you off -- whoop de doo, go uncover another rock and sign up with a new one.
The ISP's View:
It costs little more than a little bandwidth to send a million emails. It costs a little in reputation to be weak on busting spammers' accounts. Signing up a new customer is a profit.
The User's View:
Here's where the "cost" of spam is high, and consequently where most of the effort in fighting it has been made. Most users either just delete or have software to keep spam out of their inbox. Some people are careful about how they publish their email address. Some use blacklists or (more recently) whitelists. The cost to receive an email is fortunately low or nothing.
When the cost of spam becomes too high to ignore, for spammers to send or ISPs to relay, spam will decrease. It already has started to become more expensive: some ISPs have strong anti-spam policies and measures; some laws have been passed against spam; and there is quite a bit of software to deal with spam at the recipient end. But that's not enough, as evidenced by the continuing growth in spam.
Eventually, spam will be dealt with more strongly at the source. It has to be sufficiently painful first, and the pain is starting to be felt by ISPs and others involved in relaying email. I expect the situation to be much better a couple years from now.
-Thomas
My very effective anti-spam method (Score:3, Informative)
I was getting so much spam on my dial-up account that it sometimes took me 20 mins to download mostly useless, if not offensive, email. Sorting it automatically by client-side methods (e.g. SpamAssassin) wasn't helping the download time, since you still have to download the blasted spam before you sort it.
So I got rid of my contaminated address. I created an account on two web sites: www.spamgourmet.com [spamgourmet.com] (free) and www.sneakemail.com [sneakemail.com] (mostly free).
Spamgourmet allows you to create an infinity of different email addresses all going to your POP3 account, by adding various prefixes. So say, to take a recent example, that your account is SpammerMaimer and you want to subscribe to, oh, MIT Technology Review's newsletter. You create an address called MITTechReview.20.SpammerMaimer (@ the SG domain). The "20" in the middle word of the address gives them 20 shots at emailing you before the address shuts itself down (and you can manually reset the counter).
Then, surprise! This stupid magazine sells your address to several spammers. On top of that, their forum system is spammer-friendly because it encourages email address collection.. You know that it's them, because you haven't given that address to anyone else. So what do you do? You go to your Spamgourmet account and shut down that MITTechReview.20.SpammerMaimer address. Problem solved.
For truly one-shot emails, I use sneakemail, which creates disposable addresses that you can disable individually.
The hardest thing is to keep the old address active for a while until all your usual correspondants have been informed of your new address. Then, when you switch your ISP email address, you just have to change the forward address in SG and Sneakemail.
Highly recommended.
Re:Death by Spam (MIRROR in case of /.) (Score:2, Funny)
It won't be slashdotted.
Re:What Spam? (Score:3, Insightful)
I can imagine other reasons, luck being one of them. Your ISP could be doing some filtering too. Needless to say, you seem to be the exception, not the rule. In my experience, the longer an e-mail address is around, the more spam gets sent. Usually takes me a while (months/years) before I see much spam though.
Just because you don't see much doesn't mean that it isn't a big problem for many people. In another country than America it is probably less of a problem, but it sounds like Americans receive the brunt of it. Of course, I'm only guessing here, since I live in Australia and don't get anywhere near as much spam as I hear about.
Re:Email has been killed (Score:4, Insightful)
I have perhaps 10 email addresses. Of those 10, 2 receive a significant amount of spam, and one of those is explicitly designated as a throwaway (I use it to post on USENET, for example.) All of these addresses are at least a year old.
The "secret" is simple: avoid giving your addresses away. If a website demands an email address, give it a throwaway. If you need to put a mailto link on your webpage, use the throwaway. Never, NEVER click a "remove" link. If you have the wherewithal, run your own local mailhost. Then you get to have fun with things like sendmail's access.db, and get the satisfaction of being able to block entire spammer domains at will, just because you're feeling zesty.
If your main account is somewhere like Hotmail, AOL, MSN, Yahoo, or whatever, forget about it -- there's enough juicy targets there so that it makes financial sense for the assholes to target those hosts with random address generators. That's the price you pay for cheap/easy.
Re:White Lists (Score:4, Informative)
Sending emails back to spammers is for brainless cretins - it serves only to clutter up your mail queue and risks offending innocent impersonated senders or having your email address confirmed as valid for spam.
And sending automated emails back to legitimate senders is downright *immoral* - making everyone do the work that a spammer *should* be doing to get through to you is indefensible.
And I've seen a case recently where this TMDA thing was so misconfigured that it sent an mail back to a mailing list saying there was an unrecognized sender address, and of course that mailing list was half of the gnu.emacs.help mail2news gateway, so the message appeared on the newsgroup for *all* to see. Talk about efficiently multiplying spam.
Now for something useful. Use one of the Bayesian filters, seeing as they're all the rage and get about 97-98% spam matched correctly, coupled with SpamAssassin as a fall-back for the remaining 2% cases, and you'll have far less of a problem.
Now incorporate those filters in your MTA so that the whole body is checked for spammishness before being "accepted for delivery" and you'll have the best solution of them all: bounce the mail at injection-point and be done.
Re:I honestly don't get any spam (Score:3, Informative)
1. Posting on a newsgroup with a valid e-mail address. (I use Sneakemail (www.sneakemail.com) to generate addresses for postings, and within hours of a post, I get new spam.)
2. Have a web page with your e-mail address on it in cleartext.
3. Respond to any spam, sign up for web contests, etc.
4. Have an e-mail address that is easily implied from your domain name (for example, john@johndoe.com, info@whatever.com, etc.)
5. Have a registered domain with contact info in the registration record.