Another Whack at Spam 282
mmoncur writes "Tim Bray just put up an article called Another Whack at Spam that has been getting some attention. It just looks like a variation of the old pay to send idea to me."
You are in a maze of little twisting passages, all different.
Wrong title? (Score:2)
How could a pay mail service even work? (Score:5, Insightful)
Re:How could a pay mail service even work? (Score:2)
Re:How could a pay mail service even work? (Score:2)
Re:How could a pay mail service even work? (Score:2)
Incoming mail from an SMTP server that is not one of these authenticating-and-billing ones would be subject to the scrutiny of your Bayesian filter, which could have its thr
Re:How could a pay mail service even work? (Score:2)
The big problem with any pay-per-send idea is spam economics. Somehow everyone believes that paying a poultry sum will scare spammers off, despite ongoing problems with spam calls, snail mail, SMSs, and the like. Charging money won't take away the spam.
Nobody wants Chicken-Flavored Spam? (Score:2)
Re:How could a pay mail service even work? (Score:2)
How about this: The recepient indicates whether or not the sender should pay $0.01.
Regular folk will take ages to spend $1 (spiteful receipients, etc), and spammers will have to pay $0.01 for each message.
It's a dull rehash of the same idea (Score:2)
SPAM filter (Score:5, Insightful)
Trying to get everyone to change from SMTP to something else just isn't going to work. There is too much for an instant change. This principle is basically why we're still using IPv4.
Re:SPAM filter (Score:3, Insightful)
Bayesian filters work pretty well, but there is still a cost being borne by every system that must transfer the mail that's just being thrown away. Pay-to-play e-mail punishes everybody. SPEWS and similar are error prone as SomethingAwful have demonstrated and are reactive, not proactive.
We've got a greater need for SMTPng than IPng. I'm pretty sure that
Re:SPAM filter (Score:2)
Tim Bray proposes [tbray.org] having people pay 1 cent per email. It's not much, but it would make some many non-profit email lists unworkable. Most other proposals like this charge only for the first email from an unknown sender, and usually a lot more than one cent. This does require the recipient (perhaps at the ISP level) keeping track of who is already authorized to send free mail.
There are actually quite a few workable schemes for preventing spam. Tim Bray is right that any
Re:SPAM filter (Score:2)
and spambots result in fun articles for me to write. http://www.evilcouch.com/tiki-read_article.php?art icleId=58
Re: (Score:2)
Re: (Score:2)
Re:SPAM filter (Score:2)
If hardly anyone reads the emails then their current business model becomes ineffective. The amount of people that respond to spams is a very small fraction of the recipients as it is now. If most were filtered automatically then it would barely achieve any effect.
Unfortunately you are wrong. The current business model is already ineffective if you are trying to sell something with spam. Fortunately most spammers are not selling products. They sell the service of sending millions of emails to suckers^
Uh.... no! (Score:3, Interesting)
Even though a penny an email sounds innocuous, this just won't fly. For one thing, the infrastructure you'd need to track the financial side of things would probably prevent the figure from being that low. Plus there's the whole loss-of-anonymity that goes along with paying for email rights. The biggest problem is that while this service might appeal to those on the receiving end of email, I can't see a wide market wanting to sign up as senders...
Convert that .01! (Score:3, Interesting)
In *Britain* (Score:2)
Here's to the Scots! (Score:2)
Re:Here's to the Scots! (Score:2)
Had I said "penny" the point would have been confused (esp. for Americans).
Re:Here's to the Scots! (Score:2)
Who invented the term "penny" in the first place?
Ok, ok... (Score:2)
One of my friends is the Production Manager for a small touring theatre company. They had a tour in the Republic of Ireland just as the Euro was coming into use. So, some of the receipts for the tour were in Pounds sterling, some were in Punnts, and some were in Euros. The accountant just about shat himself when he was presented with them.
Re:Convert that .01! (Score:2)
People that poor don't have email. They don't even have a computer. They barely even have food, as you just illustrated.
Re:Convert that .01! (Score:2)
Re:Uh.... no! (Score:2)
Agree.
My pet idea is that the general principle is sound -
Re:Uh.... no! (Score:2)
But isn't that a necessity? If you can send messages while remaining completely anonymous, cheaply, and expect them to be seen, then you can send spam. I can't see any way around that. All the proposed solutions I've seen have involved breaking one of those parts: either the anonymity directly (e.g. authentication), the cheapness (e.g. charging, which breaks the anonymity indirectly), or the expectation of being seen (e.g. challenge/response, which needs a semi-p
Any generic word should work the same... (Score:3, Interesting)
Then you filter all e-mail not sent through that relay...i.e. e-mails not signed by them!
Here's a cheaper idea: I tell everyone I know to start the subject line with "goat" if they want to e-mail me. Then I filter all e-mail without "goat" as the first word in the subject...
Re:Any generic word should work the same... (Score:2)
Sure, sounds good, but you might want to pick a different word
Re:or better yet (Score:2)
Re:or better yet (Score:2)
A good enough idea, for those techie enough to comprehend the responsibility. The responsibility, of course, is that when you sign up for automated email of any sort you must whitelist the automated mail server yourself. Otherwise the yahoo group, or whatever, will quickly find itself faced with a barage of mail...
T
Few Flaws (Score:4, Informative)
On a personal note i just stop spam by removing all html mails, if my friends send me junk in html format i explain carefully and with a pointy stick that I dont want html emails.
Re:Few Flaws (Score:2)
Re:Few Flaws (Score:3, Insightful)
You're wrong. The only reason spam works is because it is free to send. If they send out 5,000,000 emails and get a 0.1% response rate, with a profit of $5 per sale, then they've just earned $25,000. Since it cost them nothing to send those emails, then that is $25,000 of pure profit. Hell, even if they only sold one product through those 5,000,000 emails, then the $5 profit is worth it, because it is more than their cost (which was nothing).
If the emails c
Re:Few Flaws (Score:2)
Except many spammers now routinely use fake credit card numbers to get the ISP throwaway accounts they use now. OK, $50,000 is a bit much to put on a credit card, but if the price were a bit lower, it wouldn't be much of a problem.
Re:Few Flaws (Score:2)
Re:Few Flaws (Score:3, Insightful)
Then learn to live with spam. The bottom line is, as long as it is free, spam will flourish. That's what it really comes down to. That's what every spam-attacking strategy must work with or against. It has to cost something, and these compromises are all about finding a "something" that is insignificant for normal users sending < 1000 emails a month, but prohibitive when it reaches up into the millions of emails per month.
If you are unwilling to comprom
Re:Few Flaws (Score:2)
Even if people pay a penny for each email spammers would still pay nothing for sending those millions of mails. The hacked and trojaned Johny Broadband would pay their bills.
Re:Few Flaws (Score:2)
Only if it's free AND anonymous.
There's two ways to fix it: Either make it non-anonymous, or non-free (at least if the recepient so indicates). Of course a combination is possible (I may want to spend $0.01 on an anonymous email once in a while).
If only everybody did something differently... (Score:3, Insightful)
You will not change every person's behavior. Especially if it changes from doing something for free to paying to do the same thing.
The spam problem will only be solved by changing the underlying technology that is invisible to end users.
That way, you only have to change the behavior of every postmaster. :)
What's the benefit? (Score:3, Insightful)
This seems to be an ISP solution, not a user-oriented solution. A user-oriented solution would be authentication based. Why not put a system in place to check the validity of the "real" sender and be done with it? What does the penny solution have over this? Both require all SMTP servers to be upgraded.
It is easy to see that there are SOME spammers who would pay. Just like with telemarketing. It costs them. We would just end up with the problem all over again.
No thanks. I already pay for ISP service. Next, they'll want to charge Web hosts for every page they serve up in order to stop pop-up ads. Sounds like a vast left-wing conspiracy! We'll TAX the problem out of existance! Never works.
It's a matter of degree (Score:3, Insightful)
Okay, that works for you, fine. But I'm guessing you don't get very much spam. Imagine if you got over a thousand spam messages a day (as someone I know has been doing). That's an average of one every 86 seconds. Wouldn't you find it more of a nuisance then? Wouldn't you be considering drastic measures, or even payment, to avoid that?
I'm not saying that this proposed solution is a good one; I don't think that it is. But please d
Re:It's a matter of degree (Score:2)
If the ISPs don't like it, they can start banning these jerks instead of colluding with them by selling them services. Don't dra
What's so hard about authentication (Score:3, Interesting)
Take it a step further, and tie IP addresses to an organization or individual. Then if you never wanted another e-mail from ZD Net, you could block the organization and it wouldn't allow any mail from any of their IP addresses.
Re:What's so hard about authentication (Score:2)
Mebbe learn to write a bayesian filter? (Score:4, Interesting)
Re:Mebbe learn to write a bayesian filter? (Score:3, Insightful)
Re:Mebbe learn to write a bayesian filter? (Score:2)
Where do you see spam dying off? I see the two approaching a point in the future where I'll need to hire armed guards to open my inbox. The silly people who reply to and purchase these products (ie: the people who keep the spammers in business), what do you think the chances are they they are
Re:Mebbe learn to write a bayesian filter? (Score:3, Insightful)
Re:Mebbe learn to write a bayesian filter? (Score:2)
When you talk about succes in spam filtering, you need to talk about several statistics: 1) false positive rate 2) false negative rate 3) both initial and limit values for the above 4) function for rate of change.
That is, you have two (somewhat independant parameters) and they are going to start at a "less acceptable" rate (e.g. perhaps 5-10% false negative and 1-2% false positive) and there will be some function that describes
Re:Mebbe learn to write a bayesian filter? (Score:2)
Re:Mebbe learn to write a bayesian filter? (Score:2)
They are at the moment effective against most spam out there.
However, I still see stuff get through. I'm even starting to see spam get through at my work, where spam has to evade both spamassassin's (run on the mailservers) and mozilla's (run on my desktop) filters. (And yes, I tell mozilla to mark as spam everything that spamassassin flags, after manually reviewing the subject lines) Single word Bayesian filters are now being evaded by t
Re:Mebbe learn to write a bayesian filter? (Score:2)
Running Moz1.4. It's collecting from two accounts, one of which can easily hit 70 spam a day so it gets plenty of information to work from. I've got a bunch of keyword matches to catch anyone mentioning viagra, webcams and so on. _All_ misses are getting marked and deleted, all false positives are getting unmarked and dealt with as necessary.
To top it off, I've never been very good at remembering to empty trashcans so I trained it on that too
Re:Mebbe learn to write a bayesian filter? (Score:2)
Re:Mebbe learn to write a bayesian filter? (Score:2)
Screw payment options (Score:3, Interesting)
However, there is another solution that would work just as well.
Every email that is to be accepted by an SMTP server must include a digital signature of some root SMTP-signing servers of some kind, otherwise it's automatically rejected. This server will only allow, say, 10,000 signatures per IP address (or per registered user, whatever) per day, maximum. Additionally, it will only sign one message per second per IP addresss, no faster.
There are many variations on this, all of which would work great. For example, have the rate of signing be inversely proportional to the number of messages sent that day. Maybe also have "registered users", meaning people who have an actual credit card number or bank account linked to their name and will be charged $1,000,000 per message after 10,000 have been sent in a day (Sure, there will be spammers using fradulent cards, but in that case spamming has become a real, high-stakes felony).
The point is, as long as you have a few central authorities, just like DNS, where we can go to validate email, then we'll end spam.
Re:Screw payment options (Score:2)
Re:Screw payment options (Score:2)
So why post it? (Score:2)
So why'd you bother posting it? Too much free time?
Daniel
Email Classification (Score:2, Insightful)
Another option... (Score:2, Interesting)
I've got the solution... (Score:2, Funny)
Capital punishment.
Simply kill the spammers. Send spam? Instant death. No jury. No judge. Maybe the spammers can be the first to appreciate the benefits of "Real Cheap Life Insurance" when they're frying on the electric chair.
Don't moderate me funny. I'm not joking.
right on (Score:2)
go after the people whose products they're advertising. with a big stick.
oh great, junk mail, here we come! (Score:3, Insightful)
If I get this right, the idea is to lose the one clear advantage email has over regular mail, namely no cost (let's ignore actual ISP costs, those are together paid by the sum total of all internet subscribers in the world).
By artificially making each email cost something, the economics of the email system become identical to the economics of postal email, except it's faster. That's the idea, unless I'm missing something.
Now in the real world, we already have an example of a system with such economic properties, namely the postal system. Unfortunately, in the real world, we also have an example of the way spammers have adapted to that economic system. It's called junk mail, and I get tons of it in the physical mailbox.
So maybe the companies pay for their junk mail to be delivered to my physical mailbox. Guess what? I still don't want it. But they paid for it, so I guess it'ts allright....not.
Thanks but no thanks. I'll take my chances with a personal junk filter.
p.s. I accept that ISPs have a huge problem, but this way is only going to legitimize spammers who are willing to pay.
Re:oh great, junk mail, here we come! (Score:2)
Again: The sender is only billed $0.01 if the receipient so chooses.
They'd get shut down pretty quickly (Score:2)
Micropayments Still Suck (Score:2)
Micropayments still suck [openp2p.com].
Why the hell should I trust this company, particularly when Verisign buy all successful competitors - as they did for digital certificates?
Most importantly: there is no natural reason for the cost.
Now, if there was an easy way to pay me one penny to receive each email, with free channels set up on a case-by-case basis ... that would work wonderfully. All we need then is a workable mechanism for single-penny transactions to be workable for a
Mailing lists (Score:2, Insightful)
I'm on quite a few mailing lists, due to my wide range of interests. I can receive 400-600 messages a day from these lists. So I should spend $4-$6 a day to fight spam, eh? The largest estimate of the cost to ISPs for dealing with spam has me paying about $8 a month.
Its a nice idea, but it just won't fly. Try again.
This [habeas.com] sounds like it might actually work.
Just won't work (Score:2)
Rus
nailing the bastards (Score:2, Insightful)
This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what
Re:nailing the bastards (Score:2)
Re:nailing the bastards (Score:2)
>to get his hosting and DNS cut off at the knees.
Yeah right, for all of half a day while he sets up a new one.
>This means getting hold of a real person...
>If more people would do this...
Unfortunately, these two statements are contradictory. Most people can't be bothered.
Hey I'm not knocking you, just being realistic. It was great what your friend did, but it sounds like he must have been fairly co
Fake costs won't work (Score:2)
In the article Tim Bray says the problem with the current email system i
Re:Fake costs won't work (Score:2)
downside (Score:3, Interesting)
* Grandma has a box that got hax0red
* box is used to send 100.000 emails
Who is going to pay?
* Grandma?
* OS manufacturer for making lousy OS
* Spamming company
I'd prefer the latter but it required having to trace the company through complicated follow-the-money-go-overseas-FBI-CIA type of actions. So in reality they'll make grandma pay
No thanks
Re:downside (Score:2)
Tim Bray is proposing people would prepay say, $10, ahead of time. At 1 cent per email, the relay would cut off after 1000 emails.
So, yeah, Grandma would lose $10, but that's a good thing; it'll teach her to switch to Linux :-).
Right now, hacked systems just keep sending and send
Re:downside (Score:2)
If you try to force Grandma into paying the $10, she will just get the AARP to lobby for a law that protects people from paying in cases of "fraud". (For a template, see the rules on credit card purchases.) The ISPs will raise the rates from 1 cent to 2 or 3 or 4 cents to cover th
Re:downside (Score:2)
* Grandma has a box that got hax0red
* box is used to send 100.000 emails
Again: If the sender only pays $0.01 when the recepient indicates they should, $1 will probably last people a year, so there's no point ever having more than $5 in your email deposit. If somebody hacks into Grandma's box, they can send 500 emails, or $5 worth of emails. Hardly seems worth it.
Re:downside (Score:2)
Too late now.... (Score:2)
A bit crude; here's a variation I prefer (Score:2)
I prefer a system of micropostage, in which there is no single postage-issuing authority, but the mail receiver maintains a whitelist of acceptable ones. (If one becomes compromised by spammers, then it gets deleted from the whitelist, a quick anc clean form of RBL.) Microposta
Pay to send works (sort-of) (Score:2)
There are a number of Get Paid To Read email programs which use e-gold for small efficient payments to lots of individuals (*willing* individuals!) all over the world. These explain the huge number of tiny spends at http://stats.e-gold.com and a few of them are quite popular it seems.
It's not a perfe
Bonded Senders (Score:2)
http://www.bondedsender.com/ [bondedsender.com]
Essentially a whitelist of senders, rather than a blacklist. There's been lots of whitelist talk, but I don't think anyone's taking it seriously because it would be difficult to get everyone to fall into line with this concept. Imagine how much mail your clients -wouldn't- get if it was to be implement
Re:Bonded Senders (Score:2)
If it was $20 it might be worth it. At $1000 maybe big ISPs might bother (but they're the source of most of the spam anyway... I get shedloads from rr.com, btw.).
Drugs and Spam (Score:2)
Unlike Spammers who try to hide, the business/con artist has to have a means of contact for the
Spam.. it's just like junk mail (physical) (Score:2)
I think one of the biggest things we can do is to cut down the number of open relays (this will help) also have a global ban list of ISP's that allow large scale spammers. I have pretty much banned entire contry codes and class A networks because all that comes out of them is spam. But also all the ISP (in the wor
Re:Spam.. it's just like junk mail (physical) (Score:2)
right now i'm pretty sure one of the reasons i DON'T get any spam(to any measurable degree, that means that i get maybe 3 'spam'category mails per month that i actually had somehow managed to subscribe) is that my mail address(that's on clear text on my homepage, linked from my sig, with all kinds of crawlers coming through it) has ".adsl." in it.
eh.. so, i guess my point is that dialup and dsl' lines that change their ip addresses should be banned(but not perm. ip).
What might work is (Score:2)
Re:What might work is (Score:2)
ISPs should charge each other for email delivery (Score:2)
email. AOL provides Earthlink a service by
delivering Earthlink customer's emails to the
recipient using AOL's equipment. So they are
justified in charging Earthlink for that service.
Now if traffic flow is balanced, no actual money
is exchanged. How you affect spammers is when
traffic flow is imbalanced. An Isp sending more
email than it receives ends up paying the other
Isps. Then the spammer who creates the excess
email will be billed by his Isp, and the Isp
on t
I cringe every time I hear this (Score:2)
Here are my thoughts:
1) If you're willing to pay a penny a message to send, wouldn't you be willing to pay a little for filtering that kept your spam lev
Realistic look at the problem (Score:2)
Imagine if you picked up your telephone and 70 percent of the time it was already in use?
Imagine if 70% of the time on the DVD you just purchased was filled with commercials?
Imagine if you had
Same idea, different day, same results (Score:2)
Now, what might work is to criminalize the use of spam as an advertising medium, assign responsibility to the party who profits (that being the party on whose behalf the spam is advertising) and assign half the penalties back
Re:possible to forge? (Score:2)
Xentax
An honest one (Score:2)
Thanks to the spammers, the term "opt-in" has no meaning at all: I've gotten hundreds of spams claiming that I opted in and never did at all.
This whole idea is a joke. It would be treated as something to be worked around.
Re:It will never work (Score:2)
As an example to the contrary, I use a Bigfoot email address. It was free for about the first five years, then they started charging for it. I paid up, because it had become too useful to me.
I think people *will* pay for something they previously had for free if one of the following is true:
The service they now have would no longer be available otherwise (
The service would improve considerably (There are probably more cases t
Re:Not addressing the problem... (Score:2)
But, perhaps it would be a new revenue stream for law enforcement. They could also charge $50 to those that are mugged on the street, and $1000 to those who's car is stolen. Yeah, that's the ticket! Charge the victim!
I wish I had some mod points... (Score:2)
1-800-Caning-For-Spam (Score:2)
Promoting violence? It sounded like he was trying to buy the Spammer's service, assuming the spammer operates some sort of dungeon facility..
Re:better: let recipient choose when to charge (Score:2)
Nice little 'earner