Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Military Looks For Massive Spam Solution

ScuttleMonkey posted more than 5 years ago | from the always-declaring-war-on-something dept.

The Military 228

Several users have pointed out a recent request to technology companies from the Defense Information System Agency for ideas on how to build an e-mail defense system to catch spam. The solution would have to scan about 50 million inbound messages a day across some 700 unclassified network domains. "Defense currently scans e-mails for viruses and spam coming into systems serving the military services, commands or units. DISA wants to extend the protection to the interface between the Internet and its unclassified network, the Non-classified Internet Protocol Router Network. The agency also wants the ability to scan all outbound e-mails from the 5 million users. [...] DISA's request ties in with recommendations that the Defense Science Board issued in April that said Defense is more vulnerable to cyberattacks because of its decentralized networks and systems. The board envisioned a major role for DISA in developing the architecture for enterprise-wide systems."

Sorry! There are no comments related to the filter you selected.

Only one way to be sure (5, Funny)

Archangel Michael (180766) | more than 5 years ago | (#27970781)

Nuke spammers from orbit.

Re:Only one way to be sure (4, Insightful)

Shakrai (717556) | more than 5 years ago | (#27970835)

Nuke spammers from orbit.

But then how will I be able to refinance my mortgage while getting that penis enlargement using the money I won in the British lottery?

I'm convinced that the only real solution to spam is to find the people who are stupid enough to buy the products offered via spam and beat the ever living shit out of them. The spammers wouldn't keep doing it if people didn't keep buying their shit.....

Re:Only one way to be sure (0)

Anonymous Coward | more than 5 years ago | (#27971223)

It is easy to believe that companies keep sending spam because there is a sufficiently large group of customers who order there product after they receive the spam. But it's not true. In most cases the resulting sales do not outweigh the cost of sending spam. For this reason most companies will only try this a couple of times and then realize that it does not result in the promised increase of sales.
The real reason you keep receiving spam is that there is a almost endless stream of new companies that can be tricked into believing that sending spam would be a cost effective way of advertising there product.

Re:Only one way to be sure (0)

zorro-z (1423959) | more than 5 years ago | (#27971281)

I agree that the only way to end spam would be to make sure that nobody ever responded to it. There's one problem w/this, though: mathematically, spammers already have a near 0% response rate.

Some basic math: any finite number divided by infinity is zero.
Spammers can send, literally, infinite numbers of spam messages for very little cost to themselves.
If they get *1* sale out of infinite spam messages, they make a profit.
1/infinity = 0.
Therefore, spammers make money if they get a 0% response rate. Perfect business plan.

Re:Only one way to be sure (0, Flamebait)

Anonymous Coward | more than 5 years ago | (#27971397)

Spammers can send, literally, infinite numbers of spam messages

You keep using that word. I do not think it means what you think it means.

Re:Only one way to be sure (1)

zorro-z (1423959) | more than 5 years ago | (#27971475)

I know *precisely* what it means. Do you?

Re:Only one way to be sure (4, Funny)

frosty_tsm (933163) | more than 5 years ago | (#27971859)

Spammers can send, literally, infinite numbers of spam messages

You keep using that word. I do not think it means what you think it means.

-1

In discussions about very large numbers, "infinite" can be applied to numbers so large they might as well be infinite.

Re:Only one way to be sure (1)

vertinox (846076) | more than 5 years ago | (#27971867)

You keep using that word. I do not think it means what you think it means.

I think he means long term. Assuming long as there is an internet, spam will still be sent infinitely.

Possibly long after the sun burns out and heath death starts to kick in.

Perhaps we will have spam filters large as Jupiter in the future to deal with the intergalactic spammers trying to sell hapless aliens anti-black hole kits.

Re:Only one way to be sure (1)

Hurricane78 (562437) | more than 5 years ago | (#27971785)

I say spammers are natural selection at work. Let them be. As long as it takes power away from the retards, it's a good thing. ^^

Re:Only one way to be sure (1)

beadfulthings (975812) | more than 5 years ago | (#27971587)

I've experienced a recent oddity. My public gmail account still traps and disposes of the usual range of adverts for pilules, fortunes from various dubious sources, and enlargement schemes. My business address has been suddenly deluged with adverts for otherwise-legitimate products; for example, garden plants and seedlings from known nurseries; "art" tchochkes from various "limited edition" emporiums, and golf and fishing equipment, and camping gear from known sporting-goods outlets. My server traps and black-holes enormous amounts of spam. This stuff is sneaking through.

Re:Only one way to be sure (1)

Hurricane78 (562437) | more than 5 years ago | (#27971831)

This one's simple: They are sufficiently new and different enough for the bayesian filter no not declare them spammy* enough.

* Yes, I just made that word up, and I'll sue you if you do *not* use it. ^^

Re:Only one way to be sure (1)

luigi517 (1169353) | more than 5 years ago | (#27971625)

make them come pick up the prize or whatever they've won and beat the hell out of them there

Re:Only one way to be sure (1)

linzeal (197905) | more than 5 years ago | (#27970913)

Nuke people who respond to spam too. That way places with lots of old people like Florida would be glowing like the surface of the sun.

revelation 12:7-12... apk (0)

Anonymous Coward | more than 5 years ago | (#27971103)

"Nuke spammers from orbit." - by Archangel Michael (180766) on Friday May 15, @02:48PM (#27970781)

Revelation 12:7-12

Archanbel Michael (patron of policemen, iirc) Defeats the Dragon

And war broke out in heaven; Michael and his angels fought against the dragon. The dragon and his angels fought back, but they were defeated, and there was no longer any place for them in heaven. The great dragon was thrown down, that ancient serpent, who is called the Devil and Satan, the deceiver of the whole world; he was thrown down to the earth, and his angels were thrown down with him.

Then I heard a loud voice in heaven, proclaiming, Now have come the salvation and the power and the kingdom of our God and the authority of his Messiah,* for the accuser of our comrades* has been thrown down, who accuses them day and night before our God. But they have conquered him by the blood of the Lamb and by the word of their testimony, for they did not cling to life even in the face of death. Rejoice then, you heavens and those who dwell in them! But woe to the earth and the sea, for the devil has come down to you with great wrath, because he knows that his time is short!;

----

Doing MY part, here ->

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA + make it 'fun-to-do', via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=05af24090957cd14494a83460b92e853&showtopic=2662 [tcmagazine.com]

----

"Nuff said..."

APK

P.S.=> No, I am not some "Holy Roller", I just saw the user's name & the topic @ hand, & felt it fit (in a way)... apk

Re:Only one way to be sure (0)

Anonymous Coward | more than 5 years ago | (#27971293)

Alternatively, they could autogenerate a reply for say, 1 month saying "Your Spam has been received by a US DOD computer. This is a courtesy warning. Further spam attempts will be met with unfortunate consequences. You have been warned.". After a month, choose several random spammers as targets to "test the efficacity of our cyberwarfare teams", a perfectly valid military excercise. I think the message would then be received, as computer networks go down and lose the spammers a fair bit of money because the nations top hackers are being encouraged to play with them....

Re:Only one way to be sure (2, Insightful)

AKAImBatman (238306) | more than 5 years ago | (#27971761)

After a month, choose several random spammers as targets to "test the efficacity of our cyberwarfare teams"

You assume that spammers have a network to attack. I assure you, they do not. All this spam is coming from large networks of zombie machines. To launch a cyberattack on the source of the spam would effectively be a scorched Earth tactic. It might get rid of your spam, but it will also get rid of the architecture you're defending...

Re:Only one way to be sure (1)

Zantetsuken (935350) | more than 5 years ago | (#27971623)

Even cooler, use kinetic bombardment weapons [wikipedia.org]

The most described system is 'an orbiting tungsten telephone pole with small fins and a computer in the back for guidance.' The weapon can be down-scaled as small as several meters long, an orbiting "crowbar" rather than a pole.

The time between deorbiting and impact would only be a few minutes, and depending on the orbits and positions in the orbits, the system would have a world-wide range. There is no requirement to deploy missiles, aircraft or other vehicles. Although the SALT II (1979) prohibited the deployment of orbital weapons of mass destruction, it did not prohibit the deployment of conventional weapons.

The weapon inflicts damage because it moves at orbital velocities, at least 9 kilometers per second. The amount of energy released by the largest version when it hits the ground is roughly comparable to a small nuclear weapon or very large conventional bomb. Smaller weapons can deliver measured amounts of energy as small as a 500 lb conventional bomb.

The "pole" shape is optimal because it enhances reentry and maximizes the device's ability to penetrate hard or buried targets. The larger device is expected to be quite good at penetrating deeply buried bunkers and other command and control targets. The smaller "crowbar" size might be employed for anti-armor, anti-aircraft, anti-satellite and possibly anti-personnel use.

The weapon would be very hard to defend against. It has a very high closing velocity and a small radar cross-section. Launch is difficult to detect. Any infra-red launch signature occurs in orbit, at no fixed position. The infra-red launch signature also has a small magnitude compared to a ballistic missile launch. One drawback of the system is that the weapon's sensors would almost certainly be blind during reentry due to the plasma sheath that would develop ahead of it, so a mobile target could be difficult to hit if it performed any unexpected maneuvering.

Also, I'd imagine that would be less expensive than actual nukes, since while you still need the rockets and cost of fuel might rise since launch mass increases, at least you don't have to spend money on making and maintaining nuclear warheads with such weapons...

Not big... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27970797)

There are plenty of solutions out there that work on this scale. I worked at a company that did roughly double that, and now I work at a company that does well over 50 times that.

Off the top of my head, Ironport is probably their best choice.

its pretty simple (2, Interesting)

goffster (1104287) | more than 5 years ago | (#27970803)

Establish a "fine" network.
Another mail network sends you spam?
You fine them.
They in turn fine whoever sent them spam.
Whoever does not pay then fine, gets turned off.

Re:its pretty simple (0)

Anonymous Coward | more than 5 years ago | (#27971555)

Establish a "fine" network.
Another mail network sends you spam?
You fine them.
They in turn fine whoever sent them spam.
Whoever does not pay then fine, gets turned off.


Your post advocates a

( ) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Nope, try again. (2, Insightful)

professorguy (1108737) | more than 5 years ago | (#27971669)

Let's say we each run ISPs. You send me spam. I charge you. You charge the spammer. The spammer doesn't pay. You cut off the spammer.

Then I cut off you. After all, you didn't pay. Now no one on my network can email anyone on yours.

Back to the old drawing board.

Ten dollar tent (2, Funny)

oldhack (1037484) | more than 5 years ago | (#27970807)

I hope they don't shoot $10M cruiser missile to take out $10 tent housing Packard Bell botnet control center.

Re:Ten dollar tent (1)

Seakip18 (1106315) | more than 5 years ago | (#27970919)

You're right. We need to use a MIRV ICBM [wikipedia.org] . We'd nuke multiple sites from orbit. It's the only way to be sure.

Re:Ten dollar tent (1)

K. S. Kyosuke (729550) | more than 5 years ago | (#27971093)

Multipath antispam? I like that.

AIM-54C (1)

jra (5600) | more than 5 years ago | (#27971811)

Phoenix means you never had to say you're sorry.

Re:Ten dollar tent-Reconsider (1)

Nom du Keyboard (633989) | more than 5 years ago | (#27971647)

I hope they don't shoot $10M cruiser missile to take out $10 tent housing Packard Bell botnet control center.

If it actually is the botnet control center then it's probably worth taking out. And maybe you'll get the operator with it!

The military?! (3, Funny)

osgeek (239988) | more than 5 years ago | (#27970829)

Great, and then there will be secret abductions of spammers who are sent to Guantanamo without trial or hope of quick appeal. There will be water boarding and sleep deprivation and acts of humiliation.

Really, I think that my point is that it's not severe enough.

Router level solution (1)

ArcherB (796902) | more than 5 years ago | (#27970845)

I don't understand why routers can not be programed to limit the number of emails it receives from a single source. For example, if a router detects that 10,000 emails are coming from a particular host, treat that host as if it's perpetrating a DOS attack. Routers can be programmed to ignore DOS attacks, why not use the same tech to block massive spamming?

Re:Router level solution (3, Informative)

Jah-Wren Ryel (80510) | more than 5 years ago | (#27970893)

Because spam doesn't work that way anymore. It comes from botnets where each individual zombie only sends one or less messages to the target and need only send out 20 or 30 each day total to still be effective.

Re:Router level solution (2, Interesting)

ArcherB (796902) | more than 5 years ago | (#27971121)

Because spam doesn't work that way anymore. It comes from botnets where each individual zombie only sends one or less messages to the target and need only send out 20 or 30 each day total to still be effective.

First, I wonder about the 20-30 messages a day bit. There are roughly 150 billion [mywot.com] spam messages sent daily. There are 6 billion people on the planet. In order for your 20-30 messages a day number to be correct, that would every man, woman, and child on the earth would need a computer and every single one of them would be part of a botnet.

Next, if we are assuming that your 20-30 number is correct, I assume many of these messages are identical or similar enough to be identified. I know I get several repeat messages in my GMail spam box every day. There are only so many routers that lead into the US. Set these up to monitor email traffic (is it port 22? 25? I don't remember)... and look for patterns. If the same email is being sent 20 billion times, you can bet it's spam, block those hosts until they can show they are not longer spamming, even if it's a million machines that are part of the bot-net.

As for domestically generated spam, track them and let local law enforcement hand them.

This will require funding, of course, but if you tax the companies that would benefit from this, they will end up spending less in the long run.

Re:Router level solution (2, Insightful)

i.r.id10t (595143) | more than 5 years ago | (#27971245)

Whats the difference between legitimate listserv messages and spam in your scenario?

Re:Router level solution (2, Interesting)

ArcherB (796902) | more than 5 years ago | (#27971341)

Whats the difference between legitimate listserv messages and spam in your scenario?

Excellent question. Companies that send out legitimate mass emails would need to be added to an "allow-list".

I know, it sux, but the benefit of no spam outweighs the pain of asking legit listserv's to register.

Re:Router level solution (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#27971429)

First, I wonder about the 20-30 messages a day bit. There are roughly 150 billion spam messages sent daily. There are 6 billion people on the planet. In order for your 20-30 messages a day number to be correct, that would every man, woman, and child on the earth would need a computer and every single one of them would be part of a botnet.

You make the error of assuming spam sending is distributed evenly. Compromised systems at large corps and government offices can easily send many orders of magnitude more spam and still get lost in the noise of legit email from their sites.

There are only so many routers that lead into the US, set these up to monitor email traffic (is it port 22? 25? I don't remember)... and look for patterns.

That's an increase in workload that is many orders of magnitude larger than what even the largest routers do now. Furthermore, the US has the second highest zombie infection rate in the world, so border routers aren't all that useful and sending the cops after people with zombied computers is impractical. They are millions and they aren't standouts.

(a) Hard to detect a lot of sources because they are lost in the noise
(b) Extremely expensive to do pattern matching on all mail traffic
(c) Cops don't have the resources

If the problem were easy, it would have been solved.

Re:Router level solution (4, Informative)

epiphani (254981) | more than 5 years ago | (#27970903)

That's because you want a router to do something it doesn't care about. That would require full layer 7 visibility on the router - then it wouldn't be nearly as good at doing what its supposed to: routing.

Most routers rarely look above layer 3. Occasionally they'll do some layer 4 stuff, but that is best left to firewalls or load balancers.

Also, routers aren't programmed to ignore DOS attacks. They're programmed to ignore very specific types of DOS attacks, sometimes.

Re:Router level solution (2, Interesting)

ArcherB (796902) | more than 5 years ago | (#27971283)

Would it really require "full layer 7 visibility on the router" to count the number of port 25 messages coming from each host? I would assume the biggest problem would be the memory involved in counting the messages and keeping that count in RAM for each and every host, keeping track of which hosts are blocked by each router and every other router (national database) and securing the system so that some hacker can't get in there and put every Microsoft IP into the black-list.

Still, I don't see these problems as being insurmountable. It also doesn't have to be the routers that do the packet inspection. We could set up machines at various choke-points on the web to take care of this. If we can route every phone conversation through a closet at AT&T for a government spy program, surely we can work this out.

SPAM solution = more BOFH (0)

Anonymous Coward | more than 5 years ago | (#27971799)

The answer to stopping spam is to simply stop making excuses for badly set up and administered legitimate mail systems. If standards are set up and enforced for simple things like reverse-lookup or SPF records most spam would be easily identified amongst the ham. If your business partners REALLY want to do business with you then they'll set up their mail servers and DNS correctly. When companies start losing money because they can't get their mail delivered, maybe they would start to care. We need more Bastard Operators out there to clean things up.

Re:Router level solution (2, Insightful)

SBrach (1073190) | more than 5 years ago | (#27970943)

If only it were as simple as "Host X sends spam -> block Host X." The problem is n clients of host X are zombies sending spam while the other y clients are legitimate users. So, sure, you can block my ISP because of the clients that are sending you spam, but then I couldn't send you an E-Mail either, and I actually DO know the secret to penis enlargement.

Re:Router level solution (3, Interesting)

jgardia (985157) | more than 5 years ago | (#27971209)

i think it would be easier if the ISPs start blocking any email coming from non-corporate users. If you want to have an email server at home, ask your ISP to unblock the port. Then, all the grandma-zombie-computers will be unable to send spam.

Re:Router level solution (3, Insightful)

A beautiful mind (821714) | more than 5 years ago | (#27970975)

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Infrastructure costs that are involved in deep packet inspection on the core routers
(X) Privacy concerns in letting ISPs perform deep packet inspection on the core routers
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Router level solution (1)

ionix5891 (1228718) | more than 5 years ago | (#27971487)

I know, they can pipe their email thru' Gmail ....

  oh wait, nvm :P

Re:Router level solution (0)

Anonymous Coward | more than 5 years ago | (#27971581)

Best post ever.

You are a God among men.

Go ahead and mod me down, it was worth the read.

Re:Router level solution (1)

ArcherB (796902) | more than 5 years ago | (#27971621)

(X) Mailing lists and other legitimate email uses would be affected

Legitimate mass mailers would require a registration to be placed on an allow list. Of course, spammers need not apply. Licensing fees could even be charged for this list to pay for the program, but that may not be fair.

(X) Many email users cannot afford to lose business or alienate potential employers

Like who? Spammers? If you send less than, say, 10,000 emails a day, you shouldn't have to worry about anything. If you do legitimately send that many emails, see my response to your previous complaint.

(X) Open relays in foreign countries

How many "pipes" are there at US borders? Put filters on all of these.

(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes

Machines that have been zombiefied would be cut off from the web at the router level. They will be allowed back on once their ISP can verify they have been de-zombied.

(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam

That's why this is based on the number of emails sent from a particular host. The profitability of spam comes from the raw numbers of emails sent per host. Cut that number to a relatively insignificant amount and the numbers of successfully received spam emails drops significantly, making it much less profitable.
The only way around this would be to zombie so many machines that the spammer could spread the number of hosts emailing so that no single host will raise alarms. With 150 billion spam emails sent daily, there is no way that spammers could spread this out far enough without taking a severe hit in the number of messages sent. Which leads to lower profits... wash, rinse, repeat.

(X) Infrastructure costs that are involved in deep packet inspection on the core routers
(X) Privacy concerns in letting ISPs perform deep packet inspection on the core routers

Why not just use the same setup the previous administration did to monitor phone calls? If we can pipe all of America's phone calls through a closet at an AT&T building, surely we can set up a few monitoring stations to look for traffic on port 25.
Cost could be paid for by the companies that pay so much to fight spam today. With the reduction in web traffic and email data storage, the system would pay for itself many times over.

(X) I don't want the government reading my email

Since the emails are counted instead of read, there would be no privacy concerns.

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical

Examples?

(X) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually

???

(X) Sorry dude, but I don't think it would work.

Not with that attitude!

Seriously though... I'm a geek, but by no means a networking expert. Most of my "solutions" to the problems you've brought up may not work at all, however, if I a mental midget like myself can at least dream up feasible solutions, then surely big boys at Cisco, Time Warner, AT&T, Sun, IBM and the rest backed with government stimulus dollars can surely find a way to secure our networks from within the networks themselves as opposed to the end point. This security by end user crap ain't cutting it.

Re:Router level solution (1)

value_added (719364) | more than 5 years ago | (#27971525)

I don't understand why routers can not be programed to limit the number of emails it receives from a single source.

If you're asking whether a router can can impose limits such as the number of simultaneous connections allowed from a given host, or the rate at which new connections are established, then yes, that's perfectly do-able and good sense for not just SMTP traffic. Restricting the receipt of email messages, however, is a very different problem as has already been pointed out. That's not to say that email servers are completely lacking features that can help (Sendmail's ratecontrol, for example).

My own observation, however, is that spammers tend to be more well-behaved these days so these kinds of solutions, while helpful, aren't the solutions you're looking for. ;-)

Why bother with an IT solution? (5, Informative)

A beautiful mind (821714) | more than 5 years ago | (#27970849)

Seriously, it's less than two dozen guys pumping out 90% of the spam in the world. I would guess that the law enforcements and militaries of the world should just do their jobs and apprehend these criminals.

I'd certainly appreciate real action like getting rid of spam than for the CIA/US Military to spend time chasing down far fetched terrorist plots. I'm constantly stunned that given the damage spam creates, special branches aren't more active in tracking and _eliminating_ the sources of these things.

Re:Why bother with an IT solution? (1)

TerranFury (726743) | more than 5 years ago | (#27971033)

Seriously, it's less than two dozen guys pumping out 90% of the spam in the world.

Do you have a source for this? It's interesting...

Re:Why bother with an IT solution? (1, Funny)

MyLongNickName (822545) | more than 5 years ago | (#27971099)

Since you cannot be bothered to look it up yourself, here is the source [wikipedia.org] .

Re:Why bother with an IT solution? (5, Informative)

A beautiful mind (821714) | more than 5 years ago | (#27971393)

I was a bit off by saying less than two dozen, but I wasn't off by that much. Spamhaus [spamhaus.org] says 200 heavyduty spammers are generating 80% of the spam in the world.

The numbers I had in my mind are an outdated estimate I've heard a couple of years back. It's good to remember to question information and it looks like I forgot about keeping my assumptions up to date...

Mafia approach (0)

Anonymous Coward | more than 5 years ago | (#27971089)

Seriously, it's less than two dozen guys pumping out 90% of the spam in the world. I would guess that the law enforcements and militaries of the world should just do their jobs and apprehend these criminals.

If it's really less than a couple dozen guys doing this, surely putting out contracts on their heads would cost substantially LESS than all the technical solutions combined to date?

Re:Why bother with an IT solution? (0)

Anonymous Coward | more than 5 years ago | (#27971299)

It is a dozen ppl using millions of Windows box that have been cracked. Do you plan to murder all the window lusers?

Re:Why bother with an IT solution? (3, Insightful)

Culture20 (968837) | more than 5 years ago | (#27971357)

I'm constantly stunned that given the damage spam creates, special branches aren't more active in tracking and _eliminating_ the sources of these things.

But no one yet understands the damage spam creates except for those of us with an IT bent. Back in WWII days and directly after, Radiation was your friend. It could do everything for the man of tomorrow! The first people to learn how dangerous it really was were the scientists getting really bad radiation poisoning and cancer. Even after that, it took a while for the public to switch from Radiation==Good to Radiation==NotGood, and even then, they over-simplified to the point that people still fear irradiated foods (which are not radioactive).

What we need are some public service announcements: "Unrequested mass mailings use our nation's internet bandwidth, reducing our GDP, making it easier for the terrorists to win, and have a carbon footprint equal to 5,000,000 cattle, a Rush Limbaugh, and a Michael Moore. You can do your part to help! Change your email default viewing to 'text only' so you don't load their images. Stop clicking on their links. Send them to your junk folder. Report them if your email system has a spam-reporting function. Like Spamsy the Cat says: 'I may be lazy, but even I can stop spam just by doing nothing!'"

Re:Why bother with an IT solution? (1)

Terrasque (796014) | more than 5 years ago | (#27971627)

I can see it now.. An email to the people's private email address :

"Hello $full_name, $address.

This is a friendly warning from the new joint NSA/US Military anti spam campain.
We know where you live. We know what you look like. And now, we also got nukes.

Love, NSA/USMil"

I think that might be pretty effective, actually.

Re:Why bother with an IT solution? (2, Funny)

Shadow Wrought (586631) | more than 5 years ago | (#27971695)

I would guess that the law enforcements and militaries of the world should just do their jobs and apprehend these criminals.

To go a step further, what happens if it can be determined that the spammers are enemy combatants waging war against the United States infrastructure?
In other news today, US Military Drones attacked 200 hundred spam headquarters in coordinated action last night. Anti-war protestors took the streets by the thousands to show their support...

Unclassified? (2, Funny)

Culture20 (968837) | more than 5 years ago | (#27970917)

If it's not classified, hire a few companies in India or China to do non-artificial intelligence spam filtering. Problem solved.

Re:Unclassified? (1)

L3370 (1421413) | more than 5 years ago | (#27971135)

because they need to maintain ultimate control of who has access to the info. Imagine if someone had accidentally slipped classified material onto an unclass system. Now that material would be filtered through numerous companies outside of the U.S?

Isn't this a solved problem? (0)

russotto (537200) | more than 5 years ago | (#27970921)

There's already spam-blocking and virus-scanning firewalls out there. This seems like the perfect problem for a COTS (Commercial-off-the-shelf) solution.

Although I do agree with earlier posters that it would be infinitely more satisfying if they sent the military after the spammers instead... they could take a middle ground between arresting them and torturing them, and just shoot them.

Re:Isn't this a solved problem? (1)

fishbowl (7759) | more than 5 years ago | (#27971743)

>There's already spam-blocking and virus-scanning firewalls out there

I never got more spam than when I was behind a "Barracuda".

I never saw less spam than when I started using Gmail.

I persuaded my company to move our mail (@ourdomain) to gmail. It doesn't seem to be well known that you can use Gmail with your domain name, and they provide imap access for clients.
It's a very cost-effective solution.

should be a simple enough solution (0)

jollyreaper (513215) | more than 5 years ago | (#27970923)

They have lots of men with thick necks and big guns. Buy some plane tickets and pay a visit. Make 'em an offer they can't refuse.

The US Military already has a solution. (3, Funny)

Lilith's Heart-shape (1224784) | more than 5 years ago | (#27970941)

In fact, they have several: the Green Berets, the SEALS, and (depending on whom you ask) the whole fucking United States Marine Corps. Turn 'em loose on the spammers.

Bounce confirmation whitelist (3, Interesting)

Co0Ps (1539395) | more than 5 years ago | (#27970969)

I know a workplace where they set up a bounce-and-confirmation system, so that mail from non-confirmed e-mail addresses was bounced, asking to reply if this was a real human. When it got the reply, the address was added to a whitelist. The person working there said to me that he got zero spam after the implementation. Probably becouse almost all spam has a forged from header and/or is not able to receive and reply to incoming mail.

Re:Bounce confirmation whitelist (2, Informative)

Culture20 (968837) | more than 5 years ago | (#27971529)

The only military email system that I've sent mail to used this, and some sort of system similar to /.'s Lameness filter. It took me three emails to get one message to one recipient. Annoying as Hell, and I almost gave up. Did the person you talked to give numbers on how much real messages were reduced?

Re:Bounce confirmation whitelist (1, Funny)

Anonymous Coward | more than 5 years ago | (#27971591)

What you're referring to is called [a href=http://www.greylisting.org/]greylisting[/a]

Re:Bounce confirmation whitelist (2, Informative)

RazzleDazzle (442937) | more than 5 years ago | (#27971823)

Oh, so you are now a source of spam and back scatter since every single email address that sends a message to you (forged or otherwise) you reply to it as it were a legitimate message. Thanks for contributing to the problem and making it more likely I will not ever contact you via email. One of the reasons e-mail became so heavily used and therefore depended upon is the ease of communication. If you require a manual or auto (like yourse) moderated permission to communicate I guess I will just have to go to your competitor with whom I more easily communicate with.

Re:Bounce confirmation whitelist (1)

timeOday (582209) | more than 5 years ago | (#27971835)

One of the parents on a soccer team I was coaching had that. There was some glitch, and I started trying to work through their crappy system until I thought, "why should I go to this extra effort for somebody else's convenience?" So I didn't.

Also, a friend's yahoo account was compromised, so I started getting email "from him" (except not really). Not even whitelisting protects you then. (But the worst part was, my "real" email address was in his contacts list, so after 7 solid years, it was compromised. Game over!)

Wouldn't it be nice? (4, Funny)

erroneus (253617) | more than 5 years ago | (#27970985)

For this rare instance I would certainly condone a few black ops. Find the people who are responsible, capture them, torture them and if they are bad enough, kill them. When there is money involved, it should be trivial to follow that money back to the people who collect it.

This also gives me a great idea for a movie sequel to "Taken." '...I have a very special set of skills... I will find you and I will kill you.' '//good luck//'

Yeah, I would totally watch that...

Re:Wouldn't it be nice? (1)

TheCarp (96830) | more than 5 years ago | (#27971507)

The responsible part of me wants to say this isn't an appropriate use of the military.

The email user in me wants to make sure this "black op" sends them some place where torture is legal.

-Steve

In other words ... (3, Insightful)

phoxix (161744) | more than 5 years ago | (#27971047)

The military will spend a few hundred million with clearly efficient and excellent vendors like Lockheed Martin, and all of their spam problems will be fixed!!

NOT!

Here goes another few hundred million .... *sigh*

If we really believe in taxation without representation then my unborn baby should be able to vote already ...

Re:In other words ... (0)

Anonymous Coward | more than 5 years ago | (#27971367)

The military will spend a few hundred million with clearly efficient and excellent vendors like Lockheed Martin, and all of their spam problems will be fixed!!

So you've worked with them too, huh?

Re:In other words ... (1)

L3370 (1421413) | more than 5 years ago | (#27971583)

You have representation, so any taxation is just and in accordance to representation. Just because policy doesn't reflect YOUR opinion it doesn't mean that your opinion hasn't been given representation. If you didn't like your representation them you should have voted harder. :)

Simple Solution (0)

Anonymous Coward | more than 5 years ago | (#27971057)

Just use gmail. gmail.mil

Re:Simple Solution (1)

fishbowl (7759) | more than 5 years ago | (#27971779)

>Just use gmail. gmail.mil

You joke, but they do have a service where your domain's mx can be setup to use Gmail both for mx and for imap. I'm sure for a high-profile client, they could completely hide the fact that it's gmail. We have users who don't know they are on gmail. It's imap.ourdomain.com and smtp.ourdomain.com to them, and their users are name@ourdomain.com, not gmail.com.

Obligatory checklist (5, Funny)

dkleinsc (563838) | more than 5 years ago | (#27971069)

The Defense Information Systems Agency advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. The idea will not work. Here is why it won't work. (One or more of the following may apply to this particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to this are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatibility with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about them:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and they're stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Obligatory checklist (0)

Anonymous Coward | more than 5 years ago | (#27971733)

Oh it's been at least few days since I last saw the Cynical Spam Solution Checklist here on Slashdot! Thank you!

Easy enough to do (1)

Groo Wanderer (180806) | more than 5 years ago | (#27971145)

The thing that most people don't get is that the spammers are known. We know where they are, we know who they are, and how they work. Cash does get traced, and it can't be hidden all that well.

The problem is that most of these cretins are either in countries that have governments that don't care, have no laws against this, or have better things to do. In some cases, they are, or have purchased the government.

So, since we know who they are, where they are, and many of the details, the solution is simple.

The US military has lots of guns and people trained to use them. If these people start showing up somewhat decomposed with a can of Spam (the meat-like product) in their mouths, people will get the message. Toss complicit ISPs in there, and viola, for the cost of a few bullets, spam goes away.

The only reason it is prevalent is that there is no down side to it. If people who advertised on it, stuffed it out there, or facilitated it's transfer start tipping up dead, well, things change quick.

Until then, basically they are smarter than you, have more time than you, and will beat any filter you put into place.

Any other questions?

        -Charlie

Give way to an open source solution... Untangle! (0, Flamebait)

Swampcritter (1165207) | more than 5 years ago | (#27971207)

Untangle (www.untangle.com) -- Free Spam Blocker enables administrators to block spam at the gateway before it ever reaches the users.

* Leverage the best spam filtering techniques including Bayesian Filters, Razor, realtime block lists (RBLs), OCR for image spam and tarpitting

More Info: http://www.untangle.com/Spam-Blocker [untangle.com]

OMG (1)

hesaigo999ca (786966) | more than 5 years ago | (#27971211)

How many more times can i explain this, the ONLY foolproof model, is to charge per email sent, even if it is .01 of a cent, this will force not only the bad guys to spend money, and leave a paper trail for those using their own servers..which will then tend to up the bids and make alot less sense to use spam to send advertising per capital.

This would also be a quick sure way to let someone know they have been compromised, they could have
a first offense 100$ cap for emails sent from their PCs, then 500$ cap for second offense (for those that are too cheap to fix their virus ridden computers) and then 3rd strike full price.

This would also allow ISPs to track see who sends millions of email from their home PCs,
as a home profit scam. This send an email..pay to send it...system, can and will be
a great way to generate even more money, because who will reinstall windows for those people who have been badly overrun with malware, bestbuy computer guy that's who....

Re:OMG-Second This (1)

Nom du Keyboard (633989) | more than 5 years ago | (#27971763)

How many more times can i explain this, the ONLY foolproof model, is to charge per email sent, even if it is .01 of a cent,

I'll second you on this. As much as I love Free - and Free really is and always has been one of my most favorite things - an economic solution to this is by far the best approach to this. Give the money to the person receiving the e-mail - e.g. you pay me to receive your message - and I can use that as credit against e-mails I send myself. Then I might even accept that crap - before deleting it.

Letters of Marque (2, Interesting)

dazedNconfuzed (154242) | more than 5 years ago | (#27971251)

Yeah there's a solution, it's cheap, and it's even explicitly in the Constitution: get Congress to issue Letters of Marque.
I'm sure there are plenty of people who would take care of the problem for free, if only they got suitable permission.

Good idea. (0)

Anonymous Coward | more than 5 years ago | (#27971489)

Too bad these haven't been used since WWII

Dunno if it's been said, yet, but... (1)

Khyber (864651) | more than 5 years ago | (#27971271)

Simply make an e-mail whitelist for that network. It's not that hard. Deny all external emails except for external authorized users (IE They're logged into the network thru a VPN or something) and basically deny any email outside of defined IP addresses. That should cut about 90% of your problem.

Wanna kill the other 10%? Get your network offline and keep it to internal usage only.

Massive spam or massive solution...? (1)

macraig (621737) | more than 5 years ago | (#27971291)

I'm confused!

Server side or DNS signatures (1)

tacarat (696339) | more than 5 years ago | (#27971307)

Of all the organizations on the planet, the military should be the first to do something like this. All "real" emails from their servers should get a digital signature that their other servers will use for validations. If a .mil email doesn't have it, then it needs to be dropped immediately.

It certainly won't stop every spam, but it's a good first layer of protection. It will should help with spoofed military email addresses that get harvested. I personally think the emails should be fully encrypted before leaving the servers, but that's more for proper security, not just validation purposes.

Partner with Google (1)

ironicsky (569792) | more than 5 years ago | (#27971383)

As evil as it sounds for a big evil organization to partner with another, Google's spam filtering technology on gmail is pretty damn impressive,. I get about 2000 spam messages in 30 days on one of my multiple gmail accounts. I rarely have a false positive or false negative. I'm sure Google's mail filter is just an over glorified Bayesian filter, but with over 100 Million users contributing to the "This message is spam" list to help build the filter you couldn't go wrong. Hell, if Google gave me the option of running all my personal mail servers messages through their spam filter before it hits my mailbox I'd pay for it.

Re:Partner with Google (1)

fishbowl (7759) | more than 5 years ago | (#27971705)

>Hell, if Google gave me the option of running all my personal mail servers messages through their spam filter before it hits my mailbox I'd pay for it.

They do, sort of. We did something similar, before we fully migrated to gmail (our domain, not gmail.com). We had a local mail server that would transfer via imap after messages were delivered to gmail, until all users were migrated and we shutdown our local mail server.

Echelon (4, Funny)

DarthVain (724186) | more than 5 years ago | (#27971399)

Change the word table from:

"Bomb", "Terrorist", etc...

to

"Penis", "Pen1s", etc...

then

Give Chuck Norris a call.

It's not rocket science (0)

Anonymous Coward | more than 5 years ago | (#27971413)

The spammers get paid well from the companies that they spam for. Why not fine the companies that the spam advertises for? Spamming is not an easy thing to do with a high enough success rate to actually get money for. Hell at *least* they'll stop the spammers from spamming the government.

We need a whitelist that doesn't suck (5, Interesting)

steveha (103154) | more than 5 years ago | (#27971491)

The only solution is to make a system that uses a whitelist. But whitelists suck. So we need a whitelist that doesn't suck.

The first step is to have all the email clients start digitally signing emails. It is trivially easy to forge the headers on an email, so it would be stupid to trust them for identity information.

The second step is to have email servers check the identity against the whitelist. If the digital signature is invalid, or the credentials are forged (message was digitally signed, but the announced public key of the sender doesn't match) the message is trashed, with no error message sent. If the signature checks out, but the sender was not on the whitelist, the message bounces back to the sender, with an explanation ("you weren't on the whitelist, sorry").

Okay, but whitelists suck. If my best friend from college wants to track me down and send me an email, I want him to be able to do that; but I don't know his email so he's not on my whitelist. So, we need a solution to this problem.

My proposed solution is that your email server should advertise a list of ways that you will accept to bypass your whitelist for a message. One possible way: attach a micropayment of five cents. Another way: attach a certificate showing that your computer worked for an hour on some worthy problem like protein folding at home or something. Another way: here's a URL of a web page; it contains some riddle... attach the answer to your email. I'm sure you can think of other schemes to make it possible for a friend to bypass your whitelist while not enabling zombie Windows clusters to spray spam into your inbox.

There are other refinements possible. Your whitelist can accept, not just individual signatures, but "badges" from some organization. So, anyone from Mozilla.org can attach a Mozilla.org badge to their emails, and I can allow all Mozilla.org emails through. IEEE member badge, SourceForge.net badge, Apple.com badge, go nuts. Even an organization of "I Swear I Will Never Send Out Spam". The key with the badges is that, if you get kicked out of an organization, you have to lose access to the badge. One simple way would be for the check to be live: if you attach a Mozilla.org badge, the Mozilla.org server had better agree that your identity is one known to it.

The current email system is a "Default Permit" system (the #1 dumbest idea on this list [ranum.com] ). It has to change.

This system would run on the infrastructure we already have, with a few additions. You could have one account with the whitelist, and another account without... but the one with the whitelist is the only one that pages you, or whatever. The important thing is that this doesn't require everyone in the whole world to adopt it before it starts to become useful. Mailing lists would still work, because when you sign up for a mailing list you would add that mailing list identity to your whitelist (probably a badge, such that members of the mailing list are then cleared to email you directly, through the badge).

Someone may claim that validating public key signatures is computationally expensive. No, not compared to running complicated heuristics over the content of a message, trying to guess whether it's spam or not (SpamAssassin and other systems). With this system, the server doesn't attempt to classify a message. Either it passes the whitelist, it's bounced back to the sender, or it's deleted. Done.

Now, if you have found a hole in this idea, you will score bonus points by explaining how to fix it, not merely pointing out that I am an idiot.

steveha

Contact Messaging Architects. (0)

Anonymous Coward | more than 5 years ago | (#27971497)

I'd recommend that they contact Messaging Architects. I think that they'll find that they have a solution that can be scaled to handle that amount of traffic.

Surge or "Operation Flytrap" Respond 2 spam x5 (1)

retroworks (652802) | more than 5 years ago | (#27971501)

Surge the spammers. It must take them some time to enter credit card information from the gullible people who actually respond to the spam. NATO should capitalize on that, and employ the armed forces to answer every spam solicitation with a "flytrap" credit card number. The spammers would see their responses spike but would be tied up wasting their time on non-productive responses. If the NATO guys from Germany are just sitting around in Afghanistan playing on their laptops and drinking beer, they could be multitasking and responding to spam with fake credit card numbers.

i propose that... (1)

krystar (608153) | more than 5 years ago | (#27971521)

it be a massive computer program seeded into the internet with no central core. its purpose to seek out assigned targets and deal with them. and we'll put AI algorithms into it. and call it skynet

I thought the already had a solution! (0)

Anonymous Coward | more than 5 years ago | (#27971531)

Operation Unsubscribe [trailervision.com]

Uh, we scan about 50 million messages a week. (4, Insightful)

jonpublic (676412) | more than 5 years ago | (#27971549)

9 servers. 50 million messages a week. Those 9 servers cost maybe $3,000 each. We have 9 servers because we want some redundancy. So let say you multiply that by 7. So you get ~50 machines to handle the army's volume. $150,000. Plus all the extras, so multiply that by 6. That's about a million dollars.

Seriously? From the article they say it would cost $100 million. Do you really think that is going to cost $100 million dollars? Seriously?

WTF. I need to become a DoD contractor.

Re:Uh, we scan about 50 million messages a week. (1)

cenc (1310167) | more than 5 years ago | (#27971759)

You for got to then times that by 100 that is required for the DOD to write any check. The extra zeros are simply printed on the checks to save time.

Kill The Spammers (2, Insightful)

Nom du Keyboard (633989) | more than 5 years ago | (#27971619)

Unless you use your new system to hunt down and kill the spammers, you will never win. You will only spend an ever increasing amount of money fighting a losing holding action.

Technologically easy (socially impossible) (0)

Anonymous Coward | more than 5 years ago | (#27971657)

Wanna talk to someone at DoD? You have to sign your email. Not signed? Automatic bitbucket. Signed? Look the keyid up in the spammer-versus-not-spammer database. Not in the database? Greylist the fuck out of it and make sure that whatever human ends up looking at it, has an easy way to mark it as spam/notspam.

They want to scan outbounds? Stupid, stupid, stupid. You are preventing people from encrypting. (Yes, I know we're talking about the unclassified network. Doesn't matter; an email to your sweetie saying what time you'll be home, is worthy of encryption.)

For *once*, "world police" sounds good to everyone (1)

Hurricane78 (562437) | more than 5 years ago | (#27971755)

Seriously. You have troops, agents and all. Just shoot them. And if they are in another country, and that country refuses to extradite them, invade 'em. It's what you do best, and for once, everybody on the whole world could agree. Even North Korea and the Taliban. ^^

Hold telecoms accountable (0)

Anonymous Coward | more than 5 years ago | (#27971813)

How about we hold the telecoms accountable for allowing these people to use their networks to send unsolicited e-mails?

We are always playing cat and mouse with spam filters etc but never get ahead of the criminals. Telecoms know or should know the traffic patterns of who is sending and receiving. Hold them accountable for shutting down IP's, servers in their data centers etc. Cut it at the source.

You seriously think they're just asking about spam (1)

desinc (788828) | more than 5 years ago | (#27971841)

Immediately I thought this was just a clever front for the military's plans to monitor ALL email.

It's simple, really.... (3, Interesting)

Hasai (131313) | more than 5 years ago | (#27971855)

....You hunt them down and kick their asses.

Cops and prisons exist for a set of very real reasons. Applying technical 'fixes' to what is a criminal enterprise is like busting your ass building ever higher and ever thicker walls around your house: If you don't deal with the root of the problem, the criminals themselves, all you're doing is delaying the inevitable.

Everybody up to this point has been engrossed in spending all this time and money building ever higher and ever futile walls, ceding the world of the Internet to the criminals while we try to make our tiny little pieces of turf 'safe.'

Personally, I think it's time we took the Internet back.

'Nuff said.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?