Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Spam Editorial

How to Kill Spam Without the State 517

Posted by CowboyNeal from the at-least-bruise-it-real-good dept.
WaxParadigm writes "The Colorado Freedom Report, an online libertarian publication in Colorado, has an article today about How to Kill Spam Without the State. Will our heavy-handed attempts to stop spam through legislation have the outcome we desire?" The article advocates putting the burden on the end user, saying "We must also take personal responsibility to kill spam. We can't pretend the politicians will do it for us. Their incentive is to develop a cute re-election flyer, not solve the problem. If you're still tempted by the political approach, ask yourself one simple question: who is more technologically savvy, your average spammer or your average politician? There are steps each of us can take to kill spam, and to help foster a culture that encourages spam killing." While this forgets the onus of spam on the ISP and telco companies, it should well be part of a multi-tiered plan against spam.
This discussion has been archived. No new comments can be posted.

How to Kill Spam Without the State More

How to Kill Spam Without the State

Comments Filter:

  • State never kills spam (Score:3, Interesting)

    by jkrise ( 535370 ) on Friday October 03, 2003 @04:47AM (#7121975) Journal
    Spam is revenue for the State, and it isn't a good idea to kill it. Spam has also fetched more revenue for anti-spam s/w firms, than for the purportedly promoted products.

    It stands to reason therefore, that the most likely writers of spam are THE SAME ONES WHO PEDDLE ANTI-SPAM WARE.

    Thus, to kill spam:
    1. Do not trust the State to do anything.
    2. Do not buy, solicit or encourage anti-spam software.
    3. Use free anti-spam tools wherever possible (this is easier with Linux).
    4. Unless spam hogs your bandwidth or disk usage, don't bother.
    5. And lastly, or rather firstly, spend money on a CD Writer and media to take backups, rather than on anti-spam s/w.

    You will lead a cheerful, richer life.

    • True source of spam (Score:3, Insightful)

      by pr0ntab ( 632466 )
      Is not anti-spam vendors, or people who make money on the few hits garnerned by replies (other than Symantec and Learning Tree, but that's a story for another time)

      Rather, the majority of spam comes from suckers who bought into get-money-quick and be-your-own-boss internet marketing schemes. These poor schmoes in the US and Asia buy these kits, which may even come with rented rackspace out of the US to mailbomb from and proceed to splatter their wares to these double-opt-in lists in the hopes of making a r

  • Spam is not going away (Score:5, Interesting)

    by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Friday October 03, 2003 @04:47AM (#7121980) Journal
    No matter how technically savvy you are, if your email address is picked up by a spammer you will receive spam. Whether it hits your inbox or not, somewhere along the line someone has had to relay that message to your mail server and the bandwidth is already wasted.

    Get a good filter, use whitelists, whatever. Just don't think that you will be able to eradicate spam without governmental help.
    • If email communication had to be somehow authenticated, then you could demand that anybody sending you an email should authenticate himself with your email server first.

      That way people without the necessary authentication could not send.

      I know there are tools out there that already do that, what is missing is that a few big players in the ISP/ email market (Yahoo, MS, AOL) come together and change the defacto standard way machines interchange email with each other.

      • Re:Not so sure. (Score:3, Insightful)

        by __past__ ( 542467 )
        That doesn't really work. Either you would only be able to recieve mails from people whose auth token you already know, say from a key exchange in a personal, real-world meeting (obviously not a good idea for sales@example.com type addresses), or you need a global web of trust that makes sure that everyone that can connect to the internet has one, and only one, signature that can be unambigously traced down to the real person (of course, without harming privacy...). The first way is undesirable, the second
    • Save us, government! After you protect us from spam, keep us from riding merry-go-rounds, put up fences to keep us away from dangerous natural sites (that Grand Canyon is too dangerous for people to walk near), and then shut down that vile fast food industry, they're just trying to make us all fat slobs! And keep wasting billions on the war on drugs, that's been going SOOOO well.

      Government help should be limited to fraud, and that's about it. "Wasted bandwidth", give me a break, there are technological

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Friday October 03, 2003 @04:48AM (#7121985)
    Comment removed based on user account deletion

    • Re:dumb article (Score:5, Insightful)

      by TuataraShoes ( 600303 ) on Friday October 03, 2003 @06:28AM (#7122298)
      The author of the article says he is not a techie. Does that make him clueless? No. He says in the article that he would welcome response from the technical community. Too bad that a certain vocal percentage of techies are so egotistically arrogant that they insult anyone who is less technical than themselves.

      So if a non-techie says he is willing to learn, he correctly evaluates the economic reasons that spam continues, he suggests something quite sensible about graphical email addresses on web sites, and asks for further technical input... then why not give him the benefit of your technical knowledge? Or on the other hand, if you have no ideas of your own, you could just insult him.

      The thrust of his argument is understanding why spam exists. Until this is understood, the psuedo solutions will fail, because they miss the mark. I thought the article had a valuable point to make. Good on you, Ari.
      • He says in the article that he would welcome response from the technical community.

        Which is his way of saying, "Explain this to me, I'm too lazy to run a few Google searches and educate myself." It's not as if the information on anti-spam techniques are difficult to find.

        Spam exists because it works, pure and simple.

      • Comment removed based on user account deletion

        • Re:dumb article (Score:3, Insightful)

          by Degrees ( 220395 )

          He writes an article shunting the blame for the spam issue off on the user.

          Well.... I got a work order last night (could not have been better timing) to assist one of my users. It says 'Client has over 21,000 junk mail in her GroupWise Inbox and would like our Network's Group help in deleting them, if that is possible.'

          As I was sitting there deleting stuff, I noticed that on one day she got 203 items. I also saw that she reads spam, and replies to it!

          So we have two problems here. 1) Sometimes, the us

    • "personal responsibility" (Score:5, Insightful)

      by SuperBanana ( 662181 ) on Friday October 03, 2003 @06:40AM (#7122331)
      Take personal responsibility. Yeah, right.

      If not for users, how about 'personal responsibility' for admins?

      On a mailing list I help run, we turned on Postfix's DNS checks(not RBLs and the like, just "does connecting host have valid forward DNS? Does it match what they claimed?" etc- postfix can do a half dozen DNS-related checks to make sure you're legit. It was ENORMOUSLY successful, virtually killing off all soam overnight, because so much spam has so many fake headers.

      We had zero problems with users with funky setups(ie sending work email from home, their own domains, etc). We had ENORMOUS problems with a dozen ISPs whose freaking mail servers often didn't even have FORWARD DNS! Worse, some claimed, when contacted by their users, that it was a problem with OUR dns.

      The problem was mostly with clustered outgoing mail servers, where ISPs didn't give a shit enough to set up proper DNS for each cluster member. Do you think they had reverse DNS? :-)

      So, we can take personal responsibility by a)refusing to accept connections from servers which have bad/no DNS and b)fixing our own mail server's DNS. That would be a biiiig step...

  • Onus is on users (Score:5, Insightful)

    by Kanasta ( 70274 ) on Friday October 03, 2003 @04:49AM (#7121989)
    Firstly, stop buying things from spam!

    My friend once commented on how all he hated getting so much spam the everyday. I myself get maybe one or two pieces a week, so I started to show him the basics of filtering out some of the crap.

    So what do you think he says? He doesn't want all his spam automatically deleted he said, because sometimes something interesting comes! He even likes to follow the links two visit the sites.

    Fuck I wanted to smack him right in there and then. Actually I'm in a bad mood right now I want to go back and find him and smack him anyway.

    • Re:Onus is on users (Score:5, Insightful)

      by JaredOfEuropa ( 526365 ) on Friday October 03, 2003 @06:22AM (#7122281) Journal
      He doesn't want all his spam automatically deleted he said, because sometimes something interesting comes!
      And that is the crux of the problem I have with the notion that we can cure spam by acting like responsible users. As long as there is the possibility of one single potential customer who might be interested in penis enlargement pills, spammers will continue to inundate the world with their emails.

      The solution is indeed to make spam unprofitable, but I do not think that the way to achieve that is to ask everyone to stop buying penis enlargers. Making spam illegal helps a little, but the well-known spammers out there aren't exactly known as law-abiding mr. Squeeky Clean. It should be illegal to advertise through spam. For one, it may give some of the avertisers pause, and in addition these culprits may be a lot easier to find, since they need some address to send their wares from and receive payments.

      And yes, they can always move abroad... but more and more countries are considering legislation against spam. And since many countries follow the US' lead when drafting trade and economic legislation, it would be nice if the US would take the lead and implement a decent law for once, against spam and against those hiring spammers.
      • I don't think you'll be able to legislate spam out of existance. In fact, I know so. There are, let's just round it off, nearly 200 nations in the world.

        There is no way every one of them has laws (with teeth to stop it. And hey, look how well laws against murder work!!), and there's no way the U.S. diplomats are going to say, "No, we'll stop our billion dollar trade unless you stop your spammers."

        Spam is so tiny a problem in comparison to what the trade diplomats are really working on... Compare spam t
        • There is no way every one of them has laws (with teeth to stop it. And hey, look how well laws against murder work!!), and there's no way the U.S. diplomats are going to say, "No, we'll stop our billion dollar trade unless you stop your spammers."

          I don't expect the diplomats to do it, I expect ISPs to do it. If spammers move to Vanuatu, I expect most ISPs to say "Fuck Vanuatu!" and block all incoming e-mail from that country. :) That would cause a minor inconvenience for Vanuatuans, forcing them to use US
          • Why not just rely on ISPs entirely? Publically flog ISPs that allow spammers, get existing ISPs to drop all connections to/from them.

            What I want to know is, why aren't the ISPs doing something about this now? They're the ones with the bandwidth costs, aren't they??

            • Re:Onus is on users (Score:4, Insightful)

              by berzerke ( 319205 ) on Friday October 03, 2003 @10:32AM (#7123627) Homepage

              ...What I want to know is, why aren't the ISPs doing something about this now? They're the ones with the bandwidth costs, aren't they??

              Simple, money. Ever heard of pink contracts? Basically, for something on the order of 2x normal fees (perhaps more), the spammers gets to ignore the TOS. In short, the spammers bribe the ISPs to look the other way. For some ISPs, it is simply more cost effective to look the other way.

              In addition, those within the ISP who do want to drop the spammers are often not liked. The salesman who brings in a "new" customer at more than the going rate looks good. The admin that kills that spammer's account is getting rid of a "valuable" paying customer.

              And that leds back to a point the article made: Spamming is done because it is profitable. I still favor email filtering upstream (at the ISP level) as the best (long sigh) solution. Give customers notice that the filtering is occuring, and give them the option to opt-out. Those stupid enough to buy from spammers will (a) probably ignore the notice that there is filtering in place, and (b) not be able to figure out how to opt-out.

              This will reduce the number of ads seen by the stupid user, who therefore won't send money to the spammer. Spammer's profits go down, and if the go down far enough, spammer goes out of business.

    • The problem is who is buying from the spamers? Its not the end customers, its the people pushing their junk. They are the ones paying the spam shops.

      This small point seems to be missed by most of the posters here.

      Its just like an adverting agency. An adverting company doen't get paid to get you to buy soap, they get paid by convincing the soap company to part with some money.

  • Spamcop sucks (Score:3, Interesting)

    by Bluefirebird ( 649667 ) on Friday October 03, 2003 @04:49AM (#7121994)
    I just got a legitimate email returned because spamcop claims that the smtp server of the webhosting provider has an abnormal rate of spam.
    The worse thing about spam is that filtering systems create false positives...
    My provider requires authentication but everyone knows that you can create spam using a IP address from a well behaved smtp server.

    • Re:Spamcop sucks (Score:5, Informative)

      by Phroggy ( 441 ) * <slashdot3@@@phroggy...com> on Friday October 03, 2003 @05:27AM (#7122129) Homepage
      I just got a legitimate email returned because spamcop claims that the smtp server of the webhosting provider has an abnormal rate of spam.

      Your e-mail was returned because whoever runs the mail server you were trying to deliver the message to has chosen to bounce mail from any IP in SpamCop's blacklist, which SpamCop has always recommended against. Complain to the people who made that decision, not SpamCop.

      And, the reason the IP is listed in SpamCop's blacklist is probably because the server you're relaying your mail through has also been relaying spam, and people have complained about it (using SpamCop's reporting service). Go here [spamcop.net] to find out exactly why an IP is listed, along with sample e-mails that users have reported as spam and some statistics about how much spam has been reported from that IP.

      The worse thing about spam is that filtering systems create false positives...

      SpamCop says this is why their blacklist should not be used to block mail. Their list is entirely automated; it's based on reports from users, and SpamCop does not verify it. Read more on SpamCop's site about exactly how it works.

      My provider requires authentication but everyone knows that you can create spam using a IP address from a well behaved smtp server.

      SpamCop is really very good about identifying where a message actually came from, not just where it's been relayed through - unless there's something suspicious-looking about the server it's been relayed through (such as, for example, the hostname the server identifies itself as [the Dj line in sendmail.cf] doesn't resolve to the server's IP).

    • Re:Spamcop sucks (Score:2, Insightful)

      by azzy ( 86427 )
      > The worse thing about spam is that filtering systems create false positives...

      No, that's not the worst thing about spam. Try again?

  • "who is more technologically savvy...." (Score:3, Insightful)

    by rokzy ( 687636 ) on Friday October 03, 2003 @04:50AM (#7121996)
    "who is more technologically savvy, your average hacker or your average politician?"

    ABOLISH ALL LAWS AGAINST HACKING!

    it's up to individuals to make sure every single port is secure against someone wanting to cause damage to your computer/company/bank account.
    • To paraphrase:


      Abolish all laws against violence, fraud, theft, etc.

      It is up to individuals to ensure that they are secured properly against all kinds of theft, and it is up to individuals to ensure that they protect themselves.

      Let's think.

      It is clear that the result of the above would be lawless anarchy and rule of the gun.

      What next? People would eventually work together, gradually bringing about despotic rule in various forms. Better forms of government would then come about, allowing members of
    • "who is more technologically savvy, your average hacker or your average politician?" Your average monkey.

  • Just posted this elsewhere... (Score:5, Insightful)

    by CGP314 ( 672613 ) <CGP@ColinGregor y P a lmer.net> on Friday October 03, 2003 @04:51AM (#7122005) Homepage
    It's obvious what to do about the #1 problem: people who run web pages should stop listing e-mail addresses in readily spammable form.

    On my London Blog [colingregorypalmer.net] I don't use any form of obfuscation. The reason for this is I want people to contact me about my writing. I want to know what people think, and any barrier I put in the way will reduce the number of legitimate emails I get. I'm not confident that most of the Internet population would understand that they need to remove the REVOVE.THIS.TO.EMAIL.ME part of my address.

    Sure, I drastically increase the number of spams I get, but popfile [sourceforge.net] takes care of them all. The author of this article is still correct in his economic analysis. There is little burden for me using this method, but a much larger burden for my ISP.

  • Set your inbox to filter all HTML formatted email.. no more spam. Of course this can only work well for personal addresses for correspondence with friends who understand how to configure their mail client. If you want to be able to correspond with lots of people (ie link your addy on your website, on usenet, etc) I don't see an end to receiving spam any time soon.

  • spam and nntp news (Score:2, Insightful)

    by Spaham ( 634471 )
    Here's an idea about spam on the news: Why not make the following a rule for most groups: If a company posts commercial advertising on a group, it thereby gives the right to anyone to post copyrighted material from the said company. This should slow down unwanted ads, shouldn't it ? Would this be legal ?


  • > We can't pretend the politicians will do it for us. Their incentive is to develop a cute re-election flyer, not solve the problem.

    Fortunately we have this completely spin-free political rag to set us straight on it...

  • Makes me pay for my spam (Score:5, Insightful)

    by marcovje ( 205102 ) on Friday October 03, 2003 @04:58AM (#7122036)

    They really wanted to give it a libertarian twist,
    no matter what, didn't they?

    99% of the users can't block spam serverside, and just putting the burden on them, will make them pay for the costs, since they have to download it (telephone, burden on bandwidth).

    Not putting a brake on the origin will cause even more spam.

    There is only one solution: put cost on sending spam AND their ISPs that try to get away with it. Moneywise, or with penalties.

    • The solution, as in many other cases of antisocial behaviour, is to cut the revenue stream. Has legislation and armed intervention stopped the drugs trade?

      So we need to reduce the return rate on spam to a point where it is no longer worth doing. If people stopped clicking on spam links the advertisers would stop using it.

      Actually, it would be perfectly reasonable, and technologically possible AFAICS, for an ISP to share the cost of handling spam among those who click on the links. That way, whatever bandw


      • No, but that is no reason to drop legislation and intervention as an instrument entirely. They are
        also a way to increase the costs, (and thus decrease spammers revenue)

        The article pretty much suggest to drop the burden
        entirely on the end-user
        • Yes, because the war on drugs has reduced the average big-time drug cartel's revenue. I guess they're only able to afford 1 or 2 Ferraris for their chases with Crockett and Tubbs...

  • Perspective from the abuse desk (Score:3, Interesting)

    by Enoch Zembecowicz ( 698998 ) on Friday October 03, 2003 @05:00AM (#7122040)
    I work the abuse desk for a regional cable ISP, and end up suspending several customers accounts per day because they're either sending or relaying spam (mostly the latter, and usually unwittingly). The majority of the complaints we get come from giant ISPs like AOL, but from time to time we get a mail header from some end user, and the ip is looked up in the dhcp log and the customer is suspended just as if AOL or RoadRunner were complaining.

  • I think, the solution... (Score:5, Funny)

    by SharpFang ( 651121 ) on Friday October 03, 2003 @05:01AM (#7122044) Homepage Journal

    1) Set up a "trade site" anonymously. Very anonymously.
    2) Get your hands on a spammer's mailing lists.
    3) Send out several millons of spam with "new better penis enlargement" or some other viagra.
    4) Receive all the offers. Even don't bill them, just send out the product. TRICKY PART: Don't send any viagra or other penis enlargers, send out cyanide or some other really lethal poison.
    5) Run, wipe all your tracks before your mail reaches its destinations. Leave the "spamming server" with a note on the harddrive for the police to find: "These idiots deserved to die. As long as anyone answers to spam, such 'accidents' will happen. This is not our last action". Take care that it gets to the news.

    Fear is a powerful weapon.
    • Nice, but it doesn't need to be lethal - just make it bad enough that it makes the news. TRICKY PART: get the media to point the finger at spam in general, not just your actions.
  • These are some steps that I take:

    1) Use a mail filter ;) I use the one in Apple's Mail program, using a combination of its built in abilities and custom filter settings to hit the big stuff.

    2) Disable rendering of images in HTML documents. This way you'll kill most web bugs that indicate your account is valid.

    3) Bounce messages. If it is connected to a live account you'll come up as an inactive account. This has helped before, but most of the time it just generates extra messages in your account.

  • i think there is one solution (Score:3, Interesting)

    by mOoZik ( 698544 ) on Friday October 03, 2003 @05:06AM (#7122066) Homepage
    The only solution that I believe is viable is to prohibit companies from purchasing unsolicited advertising from spammers. Spammers don't spam for fun - they get paid to send the millions of mails out. In the end, there are companies and individuals behind them who choose to advertise via email. By making it illegal to do so, the need to stop spammers disappers, as the companies would be 100% liable.
    • I completely agree with most of that. However, what about when the spammer lies to the client and tells them what they're doing is not spamming? Is the client still at fault? Obviously not; the spammer is - but going after the spammers hasn't really been effective so far.
      • Good point, but if a law stating all unsolicited e-advertising is illegal (and if that law is well publicized and promoted), then it would take a clueless fool to proceed with it anyway (I'm talking about the client, not the spammer) and perhaps he/she could use a nice penalty to teach him (and other clueless folk) a lesson. I don't think it would solve every single case, but I suspect it will reduce the volume dramatically. I believe the only way to stop spamming is to kill the demand for spammers.
      • That would just force the client to be careful when hiring advertising companies, and I'm sure they could include a clause that would make the company liable for any spam they send without the consent of the client. So if the client was prosecuted, they could then turn around and sue the company doing the spamming.

  • The broken-ness of email (Score:5, Interesting)

    by Alioth ( 221270 ) <no@spam> on Friday October 03, 2003 @05:06AM (#7122068) Journal
    We need more than this to stop spam. There's too many idiots about who'll buy spammer's products.

    I don't think SMTP itself is fundamentally broken - we just need some improvements to the administration.

    In the early days of road transport, drivers were unlicensed - anyone with the money could buy a car and drive it. As traffic built up, eventually this was no longer tenable. As email traffic builds up - lack of licensing for MTA operators is becoming untenable. My server has rejected over 1.2 *gigabytes* of malware in the last week (mostly Swen worms). SpamAssassin kills 80 spam messages a day in my mailbox alone - and still about 15 a day get through. The option of "doing nothing" about email is no longer viable. Schemes like "sender pays" are untenable too (and unfair - why should I pay yet another fee to use bandwidth I'm already paying for once?)

    What is really needed is a licensing scheme for people who operate MTAs, just like there is for amateur radio. In brief, here's an outline of what could be implemented. I know this will probably draw the ire of Slashdotters who think they should be able to just run an MTA on their cable modem connection with no qualifications - but this is *exactly* where the problem stems from: to be sure of not dropping too much 'ham' we have to accept SMTP connections from more or less anyone. And this means we get flooded with over a gigabyte of Swen worm traffic in a week.

    This list of requirements is by no means comprehensive - it's just a starting point for discussion.

    * If you want to run an MTA, you must be licensed to do so.
    * A licensed MTA operator may only relay mail from their own network or from other licensed MTA operators. In the case of a home user, this means they can only relay mail from their LAN. In the case of an ISP, from their own netblocks etc.
    * A licensed MTA operator may only receive mail from other licensed MTAs. This means you must reject email from the unlicensed (virus/spam spewing) MTA on adsl-192.14.5.6.pacbell.net.
    * A licensed MTA operator may only send mail to other licensed MTAs.

    MTA licensing can be based on digital certificates. The MTA oper's signature will appear in the header of the email.

    To obtain a license, the MTA operator would have to take an exam. The awarding and administering of licenses will be done by TLD. (A good idea would be that the licensing authority must not be the same company or subsidiary of the company that runs the TLD, so VeriSign is not allowed to be the licensing authority for .com/.net, and Nominet is not allowed to be the licensing authority for .uk, and Domicilium is not allowed to be the licensing authority for .im) There can be more than one licensing authority per TLD.

    The upshot of this is that if a licensed MTA operator passes spam or malware, they can have their license suspended or revoked, or fines levied. MTA operators at the ISP level will be *very* careful to ensure they don't harbour spammers because they'll lose their MTA license. They will be *very* careful they configure their system to not allow executable attachments, or at least scan them for malware. Small MTA operators will be *very* careful not to accidentally configure their mail server to be an open relay.

    To obtain an MTA license, an exam should be passed not for a specific MTA such as Exim or Sendmail, but general good practise in operating an email server, and general knowledge about internetworking - just like amateur radio licenses don't have exams on a specific model of ICOM radio. Additionally, the MTA operator must provide positive ID when applying for the license - this way, we make sure the MTA oper is accountable for what their MTA emits.

    Of course, an actual implemented system like this will be more complex than what's outlined in this posting. Of course, most Slashdotters will hate the idea expressed above - I wouldn't really like to have to take exams to keep running the mail server I already
    • Quick thoughts:

      A licensed MTA operator may only send mail to other licensed MTAs
      So how does the MTA legally send the email to the target inbox? I think you mean '... or to their own network.'

      There are also considerations about how the email system should work (for example, to get the burden to be more on the sender than on the receiver.)

      The current system is suboptimal in many ways, and enshrining the current system in law could be counter productive. (Essentially, the international treaties underlying
    • Great idea - in fact we could extend it to solve some other problems...

      maybe a license to send email?

      how about a license to get on the internet in the first place - you have to be able to recognize spyware.

      of course we'll have to expand government bureaucracy to deal with the licenses. and the police to track the new criminals.

  • We can stop it ourselves... (Score:3, Informative)

    by zer0harm ( 712952 ) on Friday October 03, 2003 @05:06AM (#7122069)
    Here in New Zealand we just post spammers personal details in major newspapers... http://www.ananova.com/news/story/sm_811235.html?m enu= Followed up with threats and obscene phone-calls, this is an effective tactic. There are now up to 100 million less spamails per day.
  • He says the way to kill spam is to foil address harvesting, by obfuscating email addresses in web pages and on Usenet.

    All very well for new addresses, I suppose. I've taken that approach myself, on my spamless email addresses. If it becomes a problem to spammers, they are likely to adapt by harvesting addresses directly from PCs using viruses and other malware.

  • What they're missing (Score:5, Interesting)

    by Phroggy ( 441 ) * <slashdot3@@@phroggy...com> on Friday October 03, 2003 @05:11AM (#7122085) Homepage
    Spam exists because it works; enough people buy products that are advertised through spam that the increased sales more than make up for the cost of spamming.

    Companies choose Microsoft solutions because Microsoft provides the most flexible, stable and secure systems, with lower TCO than the competition.

    I believe both of these statements are false, but are believed to be true by people making the decisions. Why? Because spammers and (to a much lesser extent) Microsoft salespeople are dirty rotten lying scumbags out to make a buck by cheating whoever they can. On top of that, spammers also sell their service by claiming what they're selling is not spam - it's direct marketing to a targeted opt-in list of interested consumers over the Internet. We all know in reality it's completely untargetted and their definition of "opt-in" includes allowing your e-mail address to appear unobfuscated on any web page, using it to register a domain name or post to a newsgroup, or simply choosing an e-mail address that could be guessed at random. We know that, just like we know Windows almost never has a lower TCO than anything. But the people paying the money don't, because they simply don't know better.

  • who is more savvy? (Score:5, Insightful)

    by penguin7of9 ( 697383 ) on Friday October 03, 2003 @05:19AM (#7122104)
    who is more technologically savvy, your average spammer or your average politician?

    Who is more technologically savvy--your average bank robber or your average politician? Who is more savvy about poisons and guns--your average murderer or your average politician?

    See, by your argument, most laws are useless because they were made by people not as good at committing the crime as the people who actually did commit the crime.

  • No, this isn't a a daft claim like the one that do-not-call lists breach freedom of speech [southbendtribune.com]. I agree with the article that it's just not the place of the state, or even infrastructure providers like ISPs or Hotmail, to filter our private mail based on content.

    Even if you think that governments might be technically competent to fight spam, should they be given licence to read (even in an automated way) and analyze all private correspondence just in order to stop some junk mail? [1] I'm not so concerned abo

  • Clean up SMTP first (Score:3, Interesting)

    by iamacat ( 583406 ) on Friday October 03, 2003 @05:31AM (#7122139)
    Run SMTP over SSL and make all connections that are not listed in DNS MX records login with local username and password. Then, have the server sign the message of a logged-in user with server's key, which is registered with a certificate authority. If enough ISPs adopt that and there are cheap mail-only services, people will have an option to only accept signed messages or at least move unsigned ones to a separate folder.

    Then, once all e-mail (that gets read) is tracable to a particular person/company, outlaw spam. No need for a no-spam list, because nobody wants spam. People can always sign up for whatever mailing lists interest them. No need to harvest e-mail addresses given for totally unrelated purposes.

    Will it get rid of all unwanted e-mail? By no means. But its irresponsible to just complain or try to pass laws without making simple changes to the software first and seeing how well it works. You don't install a UNIX system with an empty root password and then whine about intruders, do you?

  • In my view the best solution to end spam is to stop its real cause: Demand. It should be a civic duty to find these people, who respond to spam (thereby funding it).

    Once identified they should be publicly humiliated re-educated and their computer confiscated.

    Repeat offenders should be taken to the center of town and publicly beaten.

    Only with the reduction of spam generated income will spam decrease! Hey who knows Infomercials and Televised Home shopping may disappear as well!

  • In order to deal with spammers, we have to analyze their vulnerabilites. Understanding their weaknesses is easy once you answer this question: What do spammers fear the most?

    That's easy. Look at spam messages. You'll see forged return addresses, redirections through open relays, spoofed Received lines, etc.

    What does this mean? Spammers are most afraid of being tracked and identified.

    And they have a good reason to be afraid. When spammers are identified, they get their ISP accounts terminated, and may get stuck paying hundreds of dollars of cleanup fees. They're harrassed, sued, threatened, they quickly earn a terrible reputation. They'll go to extremes to remain anonymous.

    The key is to make it difficult or impossible for spammers to forge headers and obfuscate their emails' points of origin. How do we do this? Require cryptographic authentication of all mail going through any MTA. No exceptions, ever. Every time a mail goes through an MTA, it must be signed by that MTA. Any message without a signature or with an invalid signature gets dropped. By requiring crypto signatures, responsible MTAs can be easily tracked, and spamming MTAs can be blocked.

    Key creation, distribution and endorsement can be through a central authority, though I prefer a PGP-style web of trust because central authorities can abuse their power. Naturally, any MTA caught distributing spam should immediately get their keys revoked, and the revocation should be distributed to MTAs as widely as possible, causing all emails from that MTA to be blocked in a matter of minutes. If an MTA wants its emails to reach its destinations, it will crack down hard on spammers.

    The difficult part is convincing ISPs to require authentication and drop unsigned messages. However, if a large ISP such as AOL or Comcast can be convinced to do this, MTAs will have a strong incentive to start signing messages, and authentication will start to catch on.

  • So if someone is pissing through our letterbox.... (Score:5, Insightful)

    by Dj ( 224 ) on Friday October 03, 2003 @06:01AM (#7122227) Homepage
    So if someone is pissing through our letterbox, the libertarian response is "Get a bucket", rather than stop the person pissing through the letterbox. My that's brilliant! And the way to reduce gun deaths is for people to learn how to dodge bullets matrix-stylee.

    • If someone is urinating on your property, that's an actual initiation of force, and hence a legitimate use of government to solve the problem. It is not easy to argue that spam (and junk snail mail for that matter) represents an initiation of force. That is the root of the issue for Libertarians: the role of government is to protect the citizens against the initiation of force, and nothing more. Why? Because concentrated power is the most dangerous force that exists in the world -- it needs to be strictly l
      • It is not easy to argue that spam (and junk snail mail for that matter) represents an initiation of force.

        That's another advantage to my proposal that the laws should be focused, not on spamming per se, but on the use of filter-circumvention techniques (which should be prohibited just as other forms of computer cracking are prohibited).

        The distinction between spamming and normal e-mail is sufficiently fuzzy at the edges (e.g. what constitutes "bulk"?) to give your position a grain of plausibility. Howe

  • wrong question (Score:5, Insightful)

    by Tom ( 822 ) on Friday October 03, 2003 @06:05AM (#7122236) Homepage Journal
    who is more technologically savvy, your average spammer or your average politician?

    That is the totally wrong question.

    Politicians know that they don't know everything. That is why they have staff and expert advisors.

    Politicians, however, have something that we the tech-community do not: Police, jails and option to use them.
    Spam won't go away 100%, ever. But if the spam rate were on par with the murder or robbery rates (i.e. I have a single-digit percentage chance of getting one spam during my life), then I'd be satisfied.

    What we, the tech-community, can do is help them find the culprits. All we need are bounties high enough to make it worth our time.

    Raise your hands, you unemployed geeks who would jump at the chance of becoming paid-for spammer hunters.

  • Online bayesian filtering (Score:3, Interesting)

    by PhilHibbs ( 4537 ) <snarks@gmail.com> on Friday October 03, 2003 @06:05AM (#7122237) Journal
    Is there an online bayesian filtering service, that keeps an individual spam profile? I delete most of my spam without downloading it using a webmail service, I'd really like to enhance this to use bayesian filtering but I don't want to download all that spam. I also would like to do this from work (as I do now), and then just download the remaining email over my modem at home. I might even be persuaded to pay for this service.
  • All I want is for the state to keep their nose out of it. As it is now, you jail jail-time for killing spammers, which is a clear violation of my citizin right to protect myself and my property. If they would just stop interfering, we could sove the spammer-problem by ourself.

    On the other hand, if the state insists on taking away our right to defend ourselves, the state has the duty to defend us. The current situation is not acceptable.
  • I consider myself to be a small-"l" libertarian, not as extreme about it as when I was younger, but I don't understand the reluctance to bring the state in on this problem. It's thoroughly in line with libertarian philosophy.

    What does a libertarian say is the role of the state? To protect the people from force or fraud.

    What do you call a message that has a fake From: address, fake headers, a subject line that says "Increase your Penis Size 2 to 4 Inches me@mydomain.com ubbnvp6443853 rtoh" and even has a f
    • Absolutely!

      Spam is already illegal. All we need to do is prosecute it as such. More than that, we need to get the big players (hotmail, aol, etc.) to force prosecution against spammers who use their domains to spoof email addresses.

      It's so simple--I don't know why people like the article's author are trying to make it more difficult.
  • Despite the fact I'm basically a liberty-oriented free-market-loving sort of person, I've never described myself as a Libertarian, and this article is a good illustartion of why. Basically, he says, "do nothing, solve the damned problem yourself." Which is what we're currently doing, and it's why we're all so pissed off by spam.

    Seems that most folks I know who call themselves libertarians fall for this sort of shallow thinking... they're basically non-violent anarchists. But the State can play a helpful
  • It's harder to search for your email-address that way. People sometimes write about me and includes my email address. I prefer to be able to search for it and find what have been written where. It could be a link to my webpage, a quote from usenet or something else. Ofcourse then I can lobby those pages as well and have them replace it with a more generic web@mydomain.com to atleast ease filtering.

  • Everyone must pitch in (Score:3, Insightful)

    by flakac ( 307921 ) on Friday October 03, 2003 @06:23AM (#7122285)
    The author is right in one regard, legislation won't do it. If everyone who is capable of deciphering the email headers to try to track down the originators of SPAM would try to report just one piece of spam to the offender's ISP, it would possibly begin to make a difference. The math is simple -- there are only a certain number of reputable (ie., non spammer-friendly) ISPs. If even 1000 people a day would use the available tools (www.abuse.net [abuse.net] for one), and report this junk, eventually spammers will be forced to move to the spam-friendly ISPs. Then it's just a matter of adding the spam-friendly ISP to your favorite black-hole list, and you've just done your little part to stop spam.
    • This is harder than you think. My email was being used by a spammer connected by a major Vegas ISP. They didn't care. Their abuse email address gave me a form response and no action. Their answer desk put me on hold (basically in an infinite loop because I was not a subscriber). Their tech support likewise did nothing. When I screamed and yelled they referred me to their legal department who stonewalled me.

      Finally I found the actual extension number of their security/abuse person from a Vegas mailing

  • How to fight spammers (Score:4, Informative)

    by __past__ ( 542467 ) on Friday October 03, 2003 @06:35AM (#7122314)
    There are ways to directly fight spammers without waiting for new laws, and without delegating the problem to someone else. Client-side filtering is no solution, the spammers don't care much - people who filter wouldn't have bought from them anyway - and it still causes massive bandwith cost.

    One of the nicest ways is a "teergrube [iks-jena.de]" (tarpit) - a special SMTP server that is tuned to process incoming mail really, really slow, thus making the spammer's tools very ineffective. It doesn't take much bandwith or other resources to run one - everybody who has a computer connected to the net and doesn't need to run a "real" mail server (or is willing to configure a teergrubing proxy that only traps spammers and lets the real MTA take care of ham mail) should do so.

    Most spam is sent via open mail relays. If you are bored or annoyed enough, take the time to read spam mail headers (the interesting one is the last "recieved" line, usually), and inform the admin of the open relay, so that they can close it or get the fuck out of the internet. Also, inform a blacklist like the Open Relay Database [ordb.org], so that mail servers will reject mails from these hosts.

    Try to poison they address databases. Set up a web page invisible for human users that contains lots of addresses that don't exist. But be sure that these addresses also will never exist - only use subdomains that you control, or those mentioned in RFC 2606 (Reserved Top-Level Domain Names) [rfc-editor.org], hoping that stupid spamware will try to send to these addresses anyway.

    None of this is at odds with client-side filtering or legislative initiatives, just some additional ideas. And annoying these bastards feels good.

    • Re:How to fight spammers (Score:3, Informative)

      by scrytch ( 9198 )
      > One of the nicest ways is a "teergrube [iks-jena.de]" (tarpit) - a special SMTP server that is tuned to process incoming mail really, really slow, thus making the spammer's tools very ineffective.

      Feel free to suggest such a solution to earthlink, MSN, and AOL. Here's a clue: spammers don't send hundreds of spams from single IP's anymore. That's what relay networks are for.

      > Most spam is sent via open mail relays

      No, it's usually open proxies now. Proxy talks to local network mail server, local
  • Is when it isn't Spam.

    Let's say that I run a company that provides Real Estate software solutions to companies, and I pick out a couple of hundred estate agents and email them about my new software? AND, if people tell me to remove them, I am responsible enough to do it.

    Personally, I don't think of that as Spam. It's targeted quite closely to the people.

  • Doped up big penises with lower interest rates (Score:4, Funny)

    by snatchitup ( 466222 ) on Friday October 03, 2003 @06:48AM (#7122347) Homepage Journal
    I for one feel comforted by the fact that if, God forbid, the day comes that I can't get it up for my wife, and I feel so bad and depressed, and my mortgage interest rates are so high.....

    I feel comforted that everyday, there is veritable kornikovia(sic) of options.

  • what a stupid bit of reasoning. (Score:3, Interesting)

    by kevin lyda ( 4803 ) * on Friday October 03, 2003 @06:49AM (#7122353) Homepage
    who is more tech savvy?

    what does that have to do with legislating on spam? i'm sure a lot of murderers know more about killing people then most politicians (excluding bush of course, he was getting rather good at it in texas but he's really shining now that he has a military to order around), but we're ok with politicians passing laws about murder. i'm also sure ceo's and financial people know more about illegal stock trades then most politicians (damn, bush is an exception there too), but we want them passing laws to keep our pensions safe. actually, we still want that to happen. the same points apply to healh care, job creation and education (though the parenthetical comments about bush don't apply on those topics)

    i guess my point is that politicians pass laws on a wide variety of issues that concern the people they represent. to do that they have to consult experts in various fields - and that's the skill politicians need: the skill of asking for help and sifting through bullshit. and that's how they can best serve their people.

    and obviously the other point is that bush knows an awful lot more than people give him credit for. too bad ken lay didn't get some business advice - maybe harvard could have bailed ken lay out too.

  • Mailing Preference Service (Score:3, Informative)

    by radio4fan ( 304271 ) on Friday October 03, 2003 @07:11AM (#7122407)
    From the article:

    While people get all kinds of junk mail, nobody's calling for a "do not mail" list.


    Why not? We have one here in the UK -- the Mailing Preference Service [tpsonline.org.uk].
    If you sign up to it, direct mailers are forbidden to send you junk mail. The direct mailers have to pay its costs, and it's mostly effective.

    They even have a 'baby mps' to stop bereaved mothers from receiving baby-related junk mail/samples.

  • This article says nothing (Score:5, Interesting)

    by hankaholic ( 32239 ) on Friday October 03, 2003 @07:34AM (#7122460)
    This article was a waste of my time to read.

    For those who haven't read it (and I hope you haven't -- don't waste your own time), basically it says this:

    End-users should take responsibility for spam, and the best way to prevent spam is to stop putting email addresses in mailto: links on web pages and in unmunged form in posts to Usenet.

    However, it really doesn't explain how the author thinks that people can do something to take responsibility for receiving unsolicited (!) email.

    The article fails to mention dictionary attacks and worms, both of which have the potential to find millions of addresses which aren't listed on any web page or in any newsgroup.

    I'd be truly surprised if there weren't a worm in the works which would not only act as a mail relay, but which would take care to forward mail to every address listed in a person's address book. Rather than worry about maintaining lists of email addresses, spammers could feed their message to the network of worms (possibly through IRC, or maybe even an instant messaging protocol), and the network would feed messages to every address listed on an infected user's hard drive, and probably to several variants of the addresses as well.

    What the article fails to address is this: how can the person who never publishes their email address anywhere take responsibility for spam in the face of dictionary attacks, and when they have no control over friends putting the person's address in their address books?

    The article says that when fighting spam, you shouldn't look to the politicians, because they have not the technical knowledge to make legislation stick.

    In response to that, I suggest that you not look to the article for spam-fighting advice, because the author seems not to have the technical knowledge to actually develop a solution, or even offer suggestions beyond never publishing unmunged headers.

    To those of you who read the article, I feel your pain. You will never get those wasted moments back. But did anyone else cringe when he suggested using graphics to display email addresses in Usenet postings?

    My thought is that people advocating posting graphics to Usenet with every post probably don't have a spam solution either. In fact, they're suggesting placing a higher load on NNTP servers, in effect doing the same thing to news servers as spammers do to mail servers: clog them with extra, unneeded garbage, reducing their overall capacity with respect to legitimate communication.

    Oh, and have a nice day, everyone!
  • Anti-spam legislation is a bad and wrong-headed solution to the problem of spam. Filtering is a stop-gap measure that doesn't solve anything.

    The key is this: Spam is already illegal! Even entirely ignoring vandalism and theft-of-service, when was the last time you got spam that:

    1) Had a legitimate and correct return mail path
    2) Actually honoured an 'opt-out' request
    3) Advertised a legitimate product

    In other words, nearly all spam is fraud, and should be prosecuted as such.

    We have laws on the books agai

  • Libertarian Fantasy ... Again (Score:5, Insightful)

    by looie ( 9995 ) <michael@trollope.org> on Friday October 03, 2003 @08:05AM (#7122555) Homepage
    this is the standard libertarian fantasy, that the world would become just wonderful ... if everybody became a libertarian. and, as usual, there's no follow-through as to what it actually would be like to live in a world in which "i'm alright jack, screw you" was the dominant social theorem.

    notice the standard libertarian assumption that, if you (a) aren't a libertarian and/or (b) want gov't action against ________________ [fill in the blank with spammers, in this case], you are a person without a sense of "personal responsibility." notice also, the standard libertarian assumption that, as a libertarian, the author is a cut above the rest of us "schmoes."

    the fact is, spammers are thieves, stealing services from bandwidth providers. it's not clear to me why the author of this piece, and libertarians in general, regard this behavior as something that can be stopped if i display "personal responsibility" on the internet. it also is not clear just what that actually means, but never mind. and it is not clear exactly why they are less than eager to legally stop this behavior, but my suspicion is that it is because spamming is a business; and libertarians just can't bring themselves to take serious action against that "entrepeneurial spirit." if you're doing it to make money, a libertarian will bless you for it.

    i'm dubious about laws against spammers, because i think they will be ineffectively administered. it's not that the technological means of tracking down spammers don't exist, it's that such a process would be time-consuming and expensive. i think that prosecutors just don't want to invest in it. that may be a necessary decision -- funds for attorneys general are not unlimited, and they have to deal with rapers, murderers and wife beaters, too.

    i think a bounty law, that would allow individual citizens to bring spammers to book, would be more effective. imagine forming a company comprised of some technically proficient individuals, lawyers and maybe accountants, who working together could track down big-money spammers and present all the technical, legal and financial information about the spammer to a prosecutor, in exchange for either a state-sponsored reward or a percentage of the seized property.

    that would rule.

    mp

  • Put your company's name in Spam, pay a million dollar fine per day.

    Spam stops. Simple. Straight-forward. Effective. Needs no tech to implement at all.

  • Burden entirely on the end user? Not likely! (Score:3, Insightful)

    by KC7GR ( 473279 ) on Friday October 03, 2003 @12:03PM (#7124587) Homepage Journal
    The best possible means of controlling spam is to run one's own mail system(s). However, doing so correctly takes decent levels of skill in Unix-type OS's, TCP/IP networking, firewall setup and security basics.

    I don't think it's at all reasonable to expect that all end users of E-mail have those skills. It takes considerable time, effort, and outside help, even for someone with lots of prior network and computing background (it took me about a year and a half), to become what could probably be considered a 'competent' SysAdmin.

    Even assuming the right skills are present, one still needs an ISP that will (1), provide one or more static IP addresses on a broadband connection, and (2), allow their customers to be self-hosted. Such ISPs are, in my experience, rare at best.

    It's well within the realm of possibility for ISP's, the big backbone providers, and domain registrars, to put a very serious dent in spamming right here and now. Some things they could all do include:

    (1) For domain registrars: Be absolutely scrupulous about requiring accurate contact info in ANY domain registration. We're talking valid address, phone number, and contact name and E-mail addresses. VERIFY that information BEFORE issuing a domain registration. Considering that most spammers want to remain anonymous, this simple change alone would throw a huge wrench into spammers' gears.

    (2) For ISP's: Stop hosting spammers NO MATTER HOW MUCH THEY'RE WILLING TO PAY!!! This is a big problem, as spammers are willing to pay serious $$ for ISP's to ignore their own Terms of Service.

    There should be a universal policy of suspending an account at the first hint of a spam complaint regarding it. Once said complaint is investigated, the account should be immediately terminated, AND a substantial clean-up fee charged, if there is clear proof that the account was involved with spamming. If not, simply lift the suspension.

    (3) For the big backbone providers (and they're the ones who could really help if only they weren't as indifferent as the former Bell System): ENFORCE your own Terms of Service! If one of the downstream ISP's they're supplying bandwidth to is infested with spammers, and does not seem interested in controlling the problem, cut that ISP's pipe fercryinoutloud! Tell them that the pipe remains cut until they dump ALL their spammy customers, permanently! If SpewSpewNet (aka UUNet) did this with even ONE of their big spam havens, I think it'd make a huge difference in the Internet's 'Quality of Life' as it were.

    If the ISP in question goes out of business as a result, well, they have no one but themselves to blame for hosting network abusers and criminals.

    Regrettably, I doubt we'll see any of the above taking place. Too much greed vs. too much common sense, and greed usually wins.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close