Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Public Email Needs a Police Force

Soulskill posted more than 3 years ago | from the quis-custodiet-ipsos-spamodes dept.

Communications 133

jfruhlinger writes "Those of us who had email addresses in the early days of the Internet age remember sending notes to webmaster email addresses to report malicious email behavior — and actually getting a response back. But today, a huge majority of mail comes from public services like Gmail or Yahoo mail, and getting anyone at those companies to take responsibility for abusive users is nearly impossible. 'If they could agree on a third-party service that could be the receptacle on a 24/7 basis for rapid account suspension, the 419 Fraud problem might dwindle down to a trickle quickly. It would take trust among the email providers to do this, but it would also alleviate big problems that law enforcement officials are usually unable to handle. Call them the email cops.'"

cancel ×

133 comments

Sorry! There are no comments related to the filter you selected.

Cyber police? (3, Funny)

Anonymous Coward | more than 3 years ago | (#36934028)

So now you can ACTUALLY report people to the cyber police?

Re:Cyber police? (1)

Dexter Herbivore (1322345) | more than 3 years ago | (#36934106)

Yes you can, and just like the IRL police... it doesn't mean that anything will happen.

Re:Cyber police? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36934240)

Unless the person who is looking for help is friends with the police, then something will happen even if the accused didn't even come close to doing anything wrong.

[2]Freedom of speech but only when I agree with it (1)

Hognoxious (631665) | more than 3 years ago | (#36934848)

Unless there's a serious sanction[1] for making false complaints it will be abused to enforce FOSBOWIAWI[2].

It should be the same for DMCA takedowns and some patent claims too.

[1] jail time, or a ban ten times as long as the falsely accused would have got.

If he gets his way, yes. (4, Insightful)

khasim (1285) | more than 3 years ago | (#36934374)

He's focusing on 419 scams. He wants an instant (or almost instant) way to shut down the accounts that the 419 scammers use.

Which means either an automated system (yeah, how'd you like your account killed because of something you posted on /. that someone took offense to)
or
A staff monitoring the abuse@ and postmaster@ accounts for the various email systems around the clock, every single day.

And what would this accomplish?
It would save the gullible people from themselves. Maybe. As long as the scammers didn't target their emails with enough different reply_to addresses to bypass this.

I'm not getting a very good feeling for this guy's technical credentials.

Re:If he gets his way, yes. (1)

plover (150551) | more than 3 years ago | (#36934494)

Because we know the government should be babysitting our email. They should protect us from having to click delete on advertising that might trick us. "Please, o benevolent governments of the world, save us from being stupid."

His technical credentials may be crap, but he'll have a hard time flushing those away as his morals have filled the septic tank.

Re:If he gets his way, yes. (1)

Doctor Morbius (1183601) | more than 3 years ago | (#36934756)

And when those idiots click on those links and get infected by a botnet virus they just add to the spam and other crap using up bandwidth on the internet and clogging up your mailbox.

Re:If he gets his way, yes. (1)

plover (150551) | more than 3 years ago | (#36935980)

So I'm supposed to give up my privacy because idiots get viruses? That's attacking the wrong problem.

Secure the failing systems, or if they can't be secured, the ISP's should isolate them until they stop emitting spam or other automated attacks. But the problem's not with my email.

Re:If he gets his way, yes. (1, Troll)

Doctor_Jest (688315) | more than 3 years ago | (#36935732)

I think we're getting entirely too concerned with protecting people from themselves. This is an innocuous method for protecting the morons, but there have been other proposals that are much more sinister (and not even remotely helpful to anyone but corporations and governments..)

The automated system sounds more palatable to people who hate the free speech that the internet gives certain demographics. :)

Re:Cyber police? (1)

MightyMartian (840721) | more than 3 years ago | (#36934480)

Who comes up with these stupid fucking ideas? How would these email police stop Russian or Chinese spammers? How would it prevent spam being spread by botnets? To put it bluntly the author is a fucking retard.

Retarded idea indeed. (1)

rduke15 (721841) | more than 3 years ago | (#36934774)

The spam I get uses forged headers anyway, and was sent from botnets.

So even if abuse@(yahoo|gmail|hotmail|whatever) would cooperate, there is nothing they can do about a bot sending directly to the recipient's server with a fake From: header.

All this plan could accomplish would be to suspend perfectly innocent email accounts from people who were unlucky that their address was used in spam headers.

Re:Retarded idea indeed. (1)

AliasMarlowe (1042386) | more than 3 years ago | (#36935072)

The spam I get uses forged headers anyway, and was sent from botnets.

So even if abuse@(yahoo|gmail|hotmail|whatever) would cooperate, there is nothing they can do about a bot sending directly to the recipient's server with a fake From: header.

Almost all the spam I receive (but there's damn little of it) also has forged headers, usually including the From:, Return-path: and Received: fields, and often an X-Originating-IP: field also. However, a perusal of the headers usually reveals the true origin of the spam, usually an IP address in China or the US, or some compromised mail server. If you learn to parse the headers, you can usually spot where the spam really originated, even if the header contains a number of forged fields...

Re:Cyber police? (1)

Tanuki64 (989726) | more than 3 years ago | (#36934852)

Yep, most likely a retard who fell for some internet scam. :-)

Re:Cyber police? (1)

Anonymous Coward | more than 3 years ago | (#36934506)

PULL OVER POSTER

I am an IRC COP.

Do you know you were downloading at 5Mb/s in a 2 Mb/s zone?!

Also, your hard drive activity light is busted, son. *smash*

Please complete the form (5, Interesting)

symbolset (646467) | more than 3 years ago | (#36934030)

Your post advocates a

( ) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

craphound.com [craphound.com]

Re:Please complete the form (4, Funny)

1s44c (552956) | more than 3 years ago | (#36934082)

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

parents underrated (1)

Legal.Troll (2002574) | more than 3 years ago | (#36934266)

parents underrated

Honestly the first thing I thought after reading TFA was every public email provider responding in unison,

"Oh sure, we can do that for you, but please don't sue us into the ground and report us to the FBI, the FCC, the DOJ, the New York Times and your congressman for violating your free-speech/contractual/4th amendment/etc. rights"

postmaster@ (4, Informative)

1s44c (552956) | more than 3 years ago | (#36934042)

Those of us who had email addresses in the early days of the Internet age remember sending notes to webmaster email addresses to report malicious email behavior

Webmaster@ will get you the webmaster.
Postmaster@ will get you the postmaster.

They might be the same person but the RFC states these address have to resolve to a human. If they don't with gmail, yahoomail, or whatever they these sites should be listed on rfc-ignorant.

Email police? No, won't work. What happened to that standard spam solution form slashdot used to use?

Re:postmaster@ (-1)

Anonymous Coward | more than 3 years ago | (#36934118)

They might be the same person but the RFC states these address have to resolve to a human. If they don't with gmail, yahoomail, or whatever they these sites should be listed on rfc-ignorant.

So, let's say they do resolve to a human, does the RFC say they have to do anything about it?

Anyway, as a user of email - free email at that - please explain to me how I can be "abused"?

Spam? The little I get is no skin off my ass. Yahoo, Hotmail, Gmail, etc ... is paying for the bandwidth.

How else can one be "abused" by email?

Re:postmaster@ (1)

hedwards (940851) | more than 3 years ago | (#36934208)

If you don't receive a response the chances are good that you can just blacklist the domain. Legitimate domains typically have somebody that's going to respond to those sorts of emails, the exceptions being cases where it's a personal domain that got hijacked, in either case you can black list it and if they really need to get in touch they can get a free email address elsewhere until the black list is lifted.

Re:postmaster@ (2)

1s44c (552956) | more than 3 years ago | (#36935034)

They might be the same person but the RFC states these address have to resolve to a human. If they don't with gmail, yahoomail, or whatever they these sites should be listed on rfc-ignorant.

So, let's say they do resolve to a human, does the RFC say they have to do anything about it?

Anyway, as a user of email - free email at that - please explain to me how I can be "abused"?

Spam? The little I get is no skin off my ass. Yahoo, Hotmail, Gmail, etc ... is paying for the bandwidth.

How else can one be "abused" by email?

I believe the RFC says the mail has to be delivered to a human. It doesn't say the human has to read it, be capable of understanding it, or do anything with it. It might be worth reading the actual RFCs involved to check the details but that tends to be a huge time sink.

I consider spam an abusive waste of my time. Maybe you don't, that's up to you.

Re:postmaster@ (1)

Em Adespoton (792954) | more than 3 years ago | (#36935188)

Also, remember that RFC stands for "Request For Comment". I guess we could start some sort of RFC Police force, where people actually have to abide by RFC *proposals*, but then I wouldn't be able to use my non-compliant bats with RFC 1149. So much for internet usage after dark.

Re:postmaster@ (1)

Anonymous Coward | more than 3 years ago | (#36934338)

Neither of those are necessarily set up. It doesn't matter what RFCs state, the people responsible for servers don't have to bother handle email coming in, and many obviously don't. Try emailing them sometime, count the bounces.

Re:postmaster@ (1)

1s44c (552956) | more than 3 years ago | (#36935062)

Neither of those are necessarily set up. It doesn't matter what RFCs state, the people responsible for servers don't have to bother handle email coming in, and many obviously don't. Try emailing them sometime, count the bounces.

It matters for everyone who sets up mail servers correctly. If I find a big domain has a broken postmaster@ address I submit it to rfc-ignorant and mail whatever contact address I can find at that domain. You are right about them not caring, I rarely get a reply and when I do it's often from someone with no technical skills.

abuse@ (0)

Anonymous Coward | more than 3 years ago | (#36934456)

Good and necessary answer. Don't forget abuse@ for all kinds of bad behaviour, not just email.

Re:abuse@ (1)

1s44c (552956) | more than 3 years ago | (#36935038)

Good and necessary answer. Don't forget abuse@ for all kinds of bad behaviour, not just email.

And hostmaster@ for host related matters. I was trying to correct the summary not provide a full list of RFC mandated email addresses.

Re:postmaster@ (0)

Anonymous Coward | more than 3 years ago | (#36935364)

In the early days of the Internet, there was no web, never mind webmasters.

Re:postmaster@ (0)

Anonymous Coward | more than 3 years ago | (#36935478)

"the RFC states these address have to resolve to a human."

Yes, and the appropriate response if they don't respond to spam / abuse complaints is to address the same complaint upstream of them, to THEIR ISP / host.

Re:postmaster@ (0)

Anonymous Coward | more than 3 years ago | (#36936500)

Yeah, I remember those days.

I also remember seeing U2 perform at a venue of maybe 1000 people, and tickets were under $10.

Re:postmaster@ (1)

tverbeek (457094) | more than 3 years ago | (#36936474)

If I had a dollar for every item of spam sent to postmaster, webmaster, and yes even abuse @ every domain for which I host e-mail, I probably could buy a seat in the US Senate. At least in the House. Sorry, but those addresses go to /dev/null; I am humanly unable to comply.

I wish it were still the 1980s, when "the RFC states" meant something, a mostly-benign cabal held sway over the backbone, and a person or company could conceivably get kicked off the internet (and make it stick for a while) if it was clear enough that they were Evil. Plus, I still looked hot in tight leather pants and could get into a U2 concert for the price of a couple of their LPs. Those days are gone.

Human societies do not scale well. Athenian democracy worked with voters measured in the thousands. The internet worked well with nodes on the same order of magnitude. (And both had enforceable standards to be in that number.) But expecting democracies (or even republics) with populations in the hundreds of millions, and an Internet where the IPv4 address space is not enough, to continue to function the way those systems were intended to work, is naive.

no it dont (3, Insightful)

JonySuede (1908576) | more than 3 years ago | (#36934048)

enough with the voluntary fascism.

Re:no it dont (0)

Anonymous Coward | more than 3 years ago | (#36934228)

Seconded!
These are freaking computers and we are freaking computer experts. Why the hell would we use a human solution that is guaranteed to fail (see below), when we can have a software solution that we can guarantee to follow our rules to the tiniest detail with no self-interest at all??

Authority always abuses. That is a well-known psychological fact, that any one who studies psychology can tell you. Because the only people becoming authorities, are egomaniacs who are the best of all in fighting for themselves above all other. And then when they are in power, you expect them so suddenly turn their personality around 180 degrees, and follow the interests of others? Are you kidding me?
(And this is also, why democracy and communism never works as fantasized. You either have a leader because his interests are your interests, or you don't have a leader. A "representative leader" is one hell of an oxymoron.)

Re:no it dont (0)

Anonymous Coward | more than 3 years ago | (#36934596)

and up with voluntary peaceful solutions.

Figures (0)

Anonymous Coward | more than 3 years ago | (#36934056)

Yet another itworld/computerworld shit-stirring post. Seems like over 50% of the front page posts on Slashdot are from them.

In nazi germany they where called the SS (0)

Anonymous Coward | more than 3 years ago | (#36934058)

In nazi germany they where called the SS

Re:In nazi germany they where called the SS (-1)

Anonymous Coward | more than 3 years ago | (#36934502)

In nazi germany they where called the SS

Learn the difference between "were" and "where" before you start Godwinning the thread. There is probably a good case to be made against this proposal, but sure as hell not by you.

Re:In nazi germany they where called the SS (1)

aix tom (902140) | more than 3 years ago | (#36934788)

Actually, it would be more like the Gestapo. Hugely overblown reputation, any only so "successful" because people fell over each other reporting on other people they wanted out of their way.

No (0, Insightful)

Anonymous Coward | more than 3 years ago | (#36934076)

No it doesn't. That is why you have an ignore feature. Grow up and stop trying to cry to mommy and daddy when you feel the slightest bit offended.

Re:No (-1)

Stupid McStupidson (1660141) | more than 3 years ago | (#36934110)

As a <insert identifying interest group>-American, I have a RIGHT to be not offended! I also have the right to punish and/or silence you when you crush my self-esteem by hurting my feelings!

Re:No (0)

Anonymous Coward | more than 3 years ago | (#36934872)

Get out of my country!

-- Another American

And why should they? (1)

Anonymous Coward | more than 3 years ago | (#36934088)

Do police actively monitor normal mail? No? Well why the hell would they bother with email. There are already solutions in the market for things such as spam and fraud. Having an "email police" won't change anything considering how friggin easy it is to spoof emails as well as zombie networks (why do people bother trying to propose "solutions" when they don't even fully understand the technical problems). If anything, this would only increase abuse as well as reduce privacy.

Hmm, maybe that is the point of this "solution"....

This will not work until... (1)

Anonymous Coward | more than 3 years ago | (#36934104)

...we get email tazers, email guns and email beatdowns.

And how did I manage to get through the BBS days through today without being bothered by spam. In fact, my only interaction with a spammer lead to a happy transaction to get some nice valium. I would settle for bring those days back.

waste of bandwidth/time/characters/electrons (1)

Anonymous Coward | more than 3 years ago | (#36934126)

Without doubt the most stupid thing on slashdot today. So far.

Re:waste of bandwidth/time/characters/electrons (2)

plover (150551) | more than 3 years ago | (#36934682)

Without doubt the most stupid thing on slashdot today. So far.

"Day ain't over yet."

policing won't work. (2)

sneakyimp (1161443) | more than 3 years ago | (#36934142)

It's a lot easier to put giant IP blocks on your ban list for countries like China, Cyprus, and any country at all in Africa. Of course I realize that's fairly racist and geo-centric, but the "policing" alternative just isn't feasible because it's a slippery process which would require enormous volumes of man power. There needs to be an automated mechanism. I was thinking that gmail/hotmail/yahoo/whoever could auto-append a "flag this as spam" link to all emails which users could click. This would allow email providers to know exactly which user sent it and which message it was and dramatically streamline the process or complaint rather than forcing someone to parse email headers and sort it all out. Additionally it would offer very structured data for spam complaints that would facilitate algorithmic analysis to determine whether a ban (or just throttling) might mitigate and/or outright solve the problem.

But then again, this system could also be abused.

I think what the author of the article intended was not necessarily to improve spam control but actually to being law enforcement into the issue. Unfortunately, the article is rather poorly written and seems vague and diffused. I tend to concur that more legal punishment should be involved in the realm of scams and spamming.

Re:policing won't work. (1)

omglolbah (731566) | more than 3 years ago | (#36934244)

Banning all of Latvian and Russian ips have reduced the number of random exploit hammerings on my servers by 99%

Sad but true... and I dont have any users (and dont plan on getting any) from those countries anyway so why not :p

Re:policing won't work. (1)

JWSmythe (446288) | more than 3 years ago | (#36935006)

    I just had the luxury of doing that on one of the networks I run. We block all countries but the handful that are the customers. The product is very US-centric, and has some pretty serious security concerns. It's not TS/SCI level, but it's higher than a bank.

    When we blocked all but a dozen "good" countries (countries where customers have been known to access from legitimately and/or have branch offices), brute force attempts dropped down to almost nothing. Spam dropped down to minimal levels. Attempted attacks became just about non-existent. It sucks that we had to do it, but it really solved a lot of problems.
   

Re:policing won't work. (1)

omglolbah (731566) | more than 3 years ago | (#36935998)

Yeah, this kind of blocking is causing those countries to become "outcasts" on the net.

Quite unfortunate, but that is how it goes. Hopefully the amount of crap coming out of those countries will drop as they become more stable.

Re:policing won't work. (0)

Anonymous Coward | more than 3 years ago | (#36934560)

Gmail and i assume yahoo as well, already have a "flag this as spam" system.

Re:policing won't work. (0)

couchslug (175151) | more than 3 years ago | (#36935108)

"Of course I realize that's fairly racist and geo-centric,"

It's not racist. Only idiots would perceive it that way.

It IS geocentric, but who gives a fuck? I don't owe ANYONE permission to send me unsolicited email. It's all about me and fuck you, end of story.

You can already flag webmails as Spam. I'd like a "blacklist IP block" option so I never see most of them in the first place.

right... more bribable organisations (1)

polle404 (727386) | more than 3 years ago | (#36934144)

yeah... no.
We don't need an internet police, another organisation susceptible to politic bickering, bribes, ect.
What we need is a better, more secure way of handling certain types of traffic.

Postmaster and Abuse (0)

Anonymous Coward | more than 3 years ago | (#36934148)

This is a job for the postmaster.

Those are not public services (0)

todrules (882424) | more than 3 years ago | (#36934182)

Yahoo and Gmail are NOT public services! They are services that are owned and operated by corporations, not the government. Public services mean services provided by the government, like the postal service. Don't try and make it seem like email is a public service. It's not.

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36934204)

Then let's kill two birds with one stone. Since the USPS is running out of things to do, let's give them a government back monopoly on email for Americans. Then we can have the Postmaster General's people investigate fraudulent email.

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36934296)

Postal Inspector's already do, they just don't care that much unless it's involving Child Porn or something.

Re:Those are not public services (1)

Belial6 (794905) | more than 3 years ago | (#36934638)

Honestly, there is a place for them when it comes to email. They SHOULD offer a 'certified email'. Sell 'eStamps' as a revenue source. Don't receive any email from other servers. Only allow emails that are submitted by a logged in user, and charge a nominal fee for those emails. Then forward the mails to regular email addresses as well as keep a local copy for users who want to log in and get the email from the trusted source. It would look like a corporate email server that does not recieve email from the internet, but has mail forwarding turned on by default.

This wouldn't stop all spam but it would solve a lot of problems:

It doesn't create a new email standard.
It would add enough cost to discourage massive auto generated spam without incurring a massive cost to legitimate users.
It would not require a separate or new application on the users end
It could be bypassed for any email that did not need 'certification'
It would put a postmark on emailed documents from a trusted third party
It would give end to end authentication when both the sender and receiver are signed up
It doesn't require the receive to sign up it they don't want to
It can track delivery timestamps of email
It could be used as a second channel for regular email white listing requests.

As I said, it wouldn't stop spam entirely, but if spammers flooded the system, we could still filter, while allowing them to fund the USPS. So, even if it failed to slow down spam, it would have a huge benefit.

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36934298)

They MIGHT offer those services for those PAYING customers. Are you one of them or are you just asking for free stuff?

The governmental services like police, postal etc, are paid for with your tax money, Google and Yahoo are paid by advertisers, not you.

As for fraud, well, you have to educate consumers, otherwise any available solution means dumping loads of money to clean up after the un-educated masses.

So, here's a helpful suggestion, instead of posting an idiotic proposal on Slashdot, where 99.99% recognize cons like these at the first glance, (the 0.01% probably follow the links for fun, or are the ones sending them), you could write an article for the general populace about the dangers of internet surfing.

Or you could send a letter to an interested NGO with a similar proposal, or your senator/governmental representative, etc. What everyone here will tell you, is that it's very hard or impossible, or possible in a fascist/communist/dictatorship state, and will cost shit-loads of money. Money that could be used for really important stuff instead of saving the money of a handfull of people. Oh, and you know what? Con artists are much more dangerous than the petty internet types. Because the contact is personal, the trauma is much greater. Also, there was a statistic years ago, showing internet scams pinch off small amounts instead of the up and close cons that usually break their victims.

Re:Those are not public services (1)

todrules (882424) | more than 3 years ago | (#36934510)

The governmental services like police, postal etc, are paid for with your tax money

Exactly! Those are public services. They are paid for by my tax dollars. The OP said that "a huge majority of mail comes from public services like Gmail or Yahoo mail." Again, they are not public services. They are run by corporations and not by the government. And, WTF are you talking about an "idiotic proposal" for? I didn't propose anything and didn't have any links in my post. All I said was email is not a public service. Did somebody forget their meds this morning?

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36934314)

So they don't want to be responsible...

Next step is to open up their data for federal datamining.

Proactively I predict even stricter robots shutting down accounts on unlucky wording and google opening up a customer reception. (in person one hour per week)

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36934780)

And even the postal service doesn't give a sh*t about what ends up in your mailbox. If it has your address on it, you are going to get it. In fact, I think Gmail is doing way better than the postal service in this regard.
In The Netherlands we had a few cases of a postman trashing fake bills form a scam company, instead of delivering them to the often elderly people they where addressed to, but this is an exception rather than the rule.

Re:Those are not public services (0)

Anonymous Coward | more than 3 years ago | (#36935964)

You identified the problem perfectly. As a majority of slashdotters would agree, it's a lack of government ownership of things that are our problems. Given that we're such a highly intelligent bunch, the rest of you ignorant rednecks should just go along with whatever we say.

A price to pay (1)

Teun (17872) | more than 3 years ago | (#36934242)

Whoever runs this 'service' needs to be paid.

So just keep it where it belongs, with the postmaster@*, that way the better policed operation will eventually be the most economical and successful.

just use a properiaty managed messaging system (1)

gl4ss (559668) | more than 3 years ago | (#36934254)

like facebook, g+ or whatever.

you obviously don't want email protocol but a closed garden, maybe you'd like people to submit passport photos for access too along with proof of their career, housing, address and sexuality.

419 fraud or personalised nigeria letters would still happen in that closed garden of yours.

Re:just use a properiaty managed messaging system (0)

Anonymous Coward | more than 3 years ago | (#36934642)

you obviously don't want email protocol but a closed garden, maybe you'd like people to submit passport photos for access too along with proof of their career, housing, address and sexuality.

Hey, that's a pretty good summary of social networking, facebook and Google+

Problem solved.

Re:just use a properiaty managed messaging system (1)

Trilkin (2042026) | more than 3 years ago | (#36934984)

That's what he just said.

Centralized reporting (1)

Beryllium Sphere(tm) (193358) | more than 3 years ago | (#36934274)

Abuse.net seems to be trying to move away from it, but they still offer a single-point reporting service where you can forward spam from $DOMAIN to $DOMAIN@abuse.net and they'll forward to whatever the best contact is that they know of at $DOMAIN.
"Once you've registered, when you send a message to domain-name@abuse.net, where domain-name is the name of the domain that was the source of junk e-mail or another abusive practice, the system here automatically re-mails your message to the best reporting address(es) we know for that domain. For example, if you wanted to send a message to example.com you'd send it to example.com@abuse.net. "

Re:Centralized reporting (1)

azoblue (842509) | more than 3 years ago | (#36935684)

spamcop.net does much the same thing, and offers several other services as well.

Re:Centralized reporting (1)

EkriirkE (1075937) | more than 3 years ago | (#36936028)

I've been using spamcop for almost 10 years now. I only ever get a response from a postmaster/admin maybe once every few months (with ~20 reports/day sent) though I do it with hopes to have a spam-free day someday. Maybe it's just spam networks cycling like the seasons. Lately a great number of them seem to be coming from some indian company tatacommunications, It would appear that they don't care that they are a large proponent of my spam.

The problem with that is... (1)

geekprime (969454) | more than 3 years ago | (#36934284)

If that gets implemented anyone can pretty much get anyone they want banned from email.

a single email from 200 or 300 of the machines in a botnet could get you banned in an instant and the mail-cops would never figure it out.

And before you say it will stop the botnets, they would just get bigger and post fewer emails per zombie so it wouldn't affect them either.

Your post advocates a (0, Redundant)

characterZer0 (138196) | more than 3 years ago | (#36934294)

Your post advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Your post advocates a (0)

Anonymous Coward | more than 3 years ago | (#36934746)

Mod parent up.

Maybe these should be checked too:
( ) Requires immediate total cooperation from everybody at once
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) I don't want the government reading my email

And I'm not sure if these apply:

(X) Blacklists suck
(X) Why should we have to trust you and your servers?

But I agree with the last paragraph.

gaming the abuse-reporting system (0)

Anonymous Coward | more than 3 years ago | (#36934316)

But who do we report the abuse-reporting system abusers to?

Who would pay them? (1)

HangingChad (677530) | more than 3 years ago | (#36934326)

It's an interesting idea, but how would it be funded? Almost like a postal service for the internet. I'm trying to think of a value added service that would make users and ISPs want to sign up with the internet post office and can't think of one. There would have to some kind of fee to fund the agency and I'm not sure a reduction in spam would be enough incentive.

If the major service providers told people they had to register with the internet post office before they could send mail, how do you enforce that?

Internet protocols were designed to thwart central control and a single point of failure.

The Standard Form (0)

Anonymous Coward | more than 3 years ago | (#36934342)

(The post and linked article are so very vague, that filling this out was a bit of a challenge, but here goes:)

Your post advocates a

[ ] technical [X] legislative [X] market-based [ ] vigilante [X] vague

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

[ ] Spammers can easily use it to harvest email addresses
[ ] Mailing lists and other legitimate email uses would be affected
[ ] No one will be able to find the guy or collect the money
[X] It is defenseless against brute force attacks
[X] It will stop spam for two weeks and then we'll be stuck with it
[ ] Users of email will not put up with it
[ ] Microsoft will not put up with it
[ ] The police will not put up with it
[X] Requires too much cooperation from spammers
[ ] Requires immediate total cooperation from everybody at once
[ ] Many email users cannot afford to lose business or alienate potential employers
[ ] Spammers don't care about invalid addresses in their lists
[ ] Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

[ ] Laws expressly prohibiting it
[X] Lack of centrally controlling authority for email
[X] Open relays in foreign countries
[ ] Ease of searching tiny alphanumeric address space of all email addresses
[ ] Asshats
[X] Jurisdictional problems
[ ] Unpopularity of weird new taxes
[ ] Public reluctance to accept weird new forms of money
[ ] Huge existing software investment in SMTP
[ ] Susceptibility of protocols other than SMTP to attack
[ ] Willingness of users to install OS patches received by email
[X] Armies of worm riddled broadband-connected Windows boxes
[ ] Eternal arms race involved in all filtering approaches
[ ] Extreme profitability of spam
[X] Joe jobs and/or identity theft
[ ] Technically illiterate politicians
[ ] Extreme stupidity on the part of people who do business with spammers
[X] Dishonesty on the part of spammers themselves
[ ] Bandwidth costs that are unaffected by client filtering
[ ] Outlook

and the following philosophical objections may also apply:

[X] Ideas similar to yours are easy to come up with, yet none have ever
        been shown practical
[ ] Any scheme based on opt-out is unacceptable
[ ] SMTP headers should not be the subject of legislation
[ ] Blacklists suck
[ ] Whitelists suck
[ ] We should be able to talk about Viagra without being censored
[ ] Countermeasures should not involve wire fraud or credit card fraud
[ ] Countermeasures should not involve sabotage of public networks
[ ] Countermeasures must work if phased in gradually
[ ] Sending email should be free
[X] Why should we have to trust you and your servers?
[ ] Incompatiblity with open source or open source licenses
[X] Feel-good measures do nothing to solve the problem
[ ] Temporary/one-time email addresses are cumbersome
[ ] I don't want the government reading my email
[ ] Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

[X] Sorry dude, but I don't think it would work.
[ ] This is a stupid idea, and you're a stupid person for suggesting it.
[ ] Nice try, assh0le! I'm going to find out where you live and burn your
        house down!

(Specifically, it looks like the plan is "I got an email claiming to be from joe@hotmail.com! Hotmail, delete that account!", when 1. It's trivial for a spammer to make more accounts, and 2. The address joe@hotmail.com is probably faked, so the account had nothing to do with it.)

Account suspension (3, Interesting)

Adrian Lopez (2615) | more than 3 years ago | (#36934356)

"Rapid account suspension" as opposed to more deliberative approaches to account suspension? What could possibly go wrong?

It's actually far easier (1)

Opportunist (166417) | more than 3 years ago | (#36934364)

Let the market sort it out. People who are stupid enough to get swindled out of their money will soon not be able to afford internet anymore, reducing the number of people too stupid to use it. Ahh, ain't darwinism a great thing?

No, seriously. I don't quite get it why people who combine the insanely useful traits of greed and stupidity in one person should get any protection from having both exploited. Sorry, but my pity with people who turn off their brain when facing a computer is very, very limited.

This solution is perfect! (1)

rochberg (1444791) | more than 3 years ago | (#36934384)

This will clearly work, because we know that no one would ever make accusations in bad [wikipedia.org] faith [wikipedia.org] .

OK idea but it would be abused (0)

Anonymous Coward | more than 3 years ago | (#36934408)

A fast track to account suspension is a nice dream but it would end up being a quick way to shut up comments people don't like. As the traffic amounts are massive reading and vetting all complaints would not get done. And (just like DMCA take down notices) the "email police" would err on the side of caution and block by default.

No thanks (1)

nurb432 (527695) | more than 3 years ago | (#36934412)

I would rather not have my email under the control of a 3rd party.

if i'm stupid enough to fall for a 419, then i deserve it.

Re:No thanks (1)

Anonymous Coward | more than 3 years ago | (#36934726)

The key to a 419 scam is that you trust when someone tells you something that is supposed to make your life a lot better, but it's not true.

This email plan is supposed to make our lives a lot better, and for it to work we just have to trust the authors or the owners of some central email servers...

gmail and yahoo have procedures for reporting spam (4, Interesting)

bcrowell (177657) | more than 3 years ago | (#36934500)

Gmail and yahoo both sign all outgoing messages cryptographically using dkim. That means that if you get a spam claiming to be from one of their accounts, you can verify that it really is from such an account. Once you've done that, you can report it: gmail [google.com] , yahoo [yahoo.com] . So if the author of TFA is complaining that this can't be accomplished by sending email to abuse@gmail.com or postmaster@gmail.com, then I suppose he has a valid complaint that they're not complying with RFCs...but...that's the way it is. It's not the end of the world. Gotta use a web interface instead. Boo hoo.

The author of TFA is upset that he can't get spamming accounts shut down instantly, 24/7. I actually don't really want an internet where any random person can get my ability to send email shut down instantly. What if it's a joe-job? What if the complaint is from one of these people who just clicks on "spam" when they don't want the mail, even when it's not spam? A much better way to handle this is to limit the number of messages per hour that can be sent from a newly created account. Then if it takes a day, or three days, to shut down a spam account, the consequences aren't that bad; the spammer can't use the account to send a million emails in 24 hours. I assume that gmail and yahoo already do this kind of rate-limiting.

What would be a huge improvement would be if the remaining big email providers other than gmail and yahoo would start using dkim. Once dkim becomes universal, we can establish actual reputations for people as spammers or non-spammers.

Virtually all the spam I get these days is from small domains. Recent examples include education-portal.com, spacesaver.com, and mg-style.net. The solution proposed by the author of TFA is to bug education-portal.com to respond to email sent to abuse@education-portal.com by deactivating jones@education-portal.com. Um, that isn't going to work, because jones works for education-portal.com, and they want him to spam me. The solution is to make dkim universal enough that people can stop accepting mail from domains that don't dkim-sign. Then education-portal.com can get an online reputation as a spammer, and everyone can start blocking them in their spam filters.

And down the slippery slope we go... (1)

inAbsurdum (1028514) | more than 3 years ago | (#36934562)

And after some time, who would stop this 3rd party "police" from buckling under pressure from governments/corporations and start scanning all email accounts for other "unfit", "inappropriate" and "potentially harmful" content and banning accounts on a whim? Thanks, but no thanks.

I will do it! (1)

Grand Facade (35180) | more than 3 years ago | (#36934646)

Just give me the top authority and immunity from any civil or criminal litigation!

No problem

Hotmail, Yahoo, Gmail, AIM (amongst others) are all going to get real mad when their mail all goes in the scrapper.

Then users will be mad that their mail gets dumped because their service is lame.

Then I will be out of a job.

ENFORCE the laws and regs in place, that's not going to happen either, as there is no money to be made (or tangibly saved) by doing so.

Useless laws and regs with no teeth and too many wormy lawyers hired by lying spammers.

Please fill out form as necessary......

after the fbi outsourcing hacks NO (0)

Anonymous Coward | more than 3 years ago | (#36934650)

after the fbi outsourcing hacks NO . THIS is just about as foolish , stupid and assinine as it gets seriously EMAIL cops whats next HTTP cops and TCP/IP cops , i know facebook cops oh wait...OH and how about World of warcraft cops and ...WHERE DOES IT END AND COST......

419 (0)

Anonymous Coward | more than 3 years ago | (#36934668)

The 419 problem will be around as long as there are idiots who fall for them.

Uhlinger, you are way off base. (0)

Anonymous Coward | more than 3 years ago | (#36934794)

This email police is not necessary, and YOU are a control freak, that's obvious enough from the summary.

If you are not smart enough to set up your email client with rules which toss email from specific
addresses into the trash immediately, then just use your delete button. If you cannot or will not use either of
these solutions, maybe you don't need to be using a computer at all. Your mindset reminds me of the lowest
of all forms of internet users, the AOL moron.

Little fascists like you drag the human race down with your paranoid need for more and more rules. Mind your own
business, and leave the rest of us alone. That's not a request, that's an order, bitch.

A job for the USPS! (0)

Anonymous Coward | more than 3 years ago | (#36934950)

I think this would be a perfect way for the USPS to renew their relevance in the digital age. They'd need to invent a more secure form of email, where the sender is not so easily spoofed; but getting it accepted as a standard should be easy for an organization with their credibility. Then they could accept micropayments for sending authenticated email. The average person could pay for the service by cleaning under their sofa cushions, but it would be cost-prohibitive for spammers to send millions of messages. (They might try to use stolen accounts, but since the messages would be authenticated by one agency, spikes in traffic originating from a single account would be easy to detect and block.)

I would gladly pay for a USPS "email" address that could never receive spam.

Email just needs replacing... (1)

rathaven (1253420) | more than 3 years ago | (#36934988)

Sorry but the protocol was never built for this and whilst it has had people add protocols for securing and signing data and verifying identity only limited people really use them.

If you can't prove an identity then the emails are just bits on the wire. You might as well take people to court for the dust they create.

SMTP police? (1)

NWprobe (28716) | more than 3 years ago | (#36935144)

Email is SMTP. There is no practically way to police it like the article describes. The author simply doesn't know how email works. What we need is a new message standard. An Advanced Mail Transfer Protocol. It should include:
1. Encryption system where mail server publish the public keys. Mail server can also hold the recipient private key. This way an email can easily be signed. My server can check signature to see if the mail really comes from whoever says is the sender.

2. Approved senders AKA friends request. On many social media sites you have the option to only get contacted by those in your contact list. Email should work like this to. I should be able to lock my email account from getting mail from anyone I haven't approved.

This could be implemented with backward compatibility with regular SMTP. All regular unsigned SMTP mail will just be marked as just that. Simple and untrusted. As the net upgrades to AMTP2 there will be a point where the majority is over on the new protocol and spam as we know it will die.

Re:SMTP police? (0)

Anonymous Coward | more than 3 years ago | (#36935514)

Start writing an RFC.

Re:SMTP police? (1)

NWprobe (28716) | more than 3 years ago | (#36935734)

Stopped working with IT years ago. No time to write RFC's. Always wondered why nobody fixes email instead of creating more and more advanced filters. Fix the problem, not the symptom.
The basic layout is simple. Maybe so obvious that someone has a patent on it....

This is an amazingly stupid idea, even for ITworld (1)

Arrogant-Bastard (141720) | more than 3 years ago | (#36935174)

You know, anyone who hasn't been around long enough to have an email address ending in .ARPA really should just STFU and stop proposing ridiculous nonsense like this. Not only is it highly annoying to be exposed to idiocy of this magnitude, but it distracts from measures that have actually been proven -- repeatedly -- to work.

darwin (0)

Anonymous Coward | more than 3 years ago | (#36935480)

or let people learn the lessons?

1. If a deal is too good to be true, it is.
2. People lie on the internets.
3. A fool and his money are soon parted.

There is no way to patch dumb. You cannot have a free society that is free from personal responsibility.
Choose. Freedom or nanny-state.

Or you could just... (1)

SilverJets (131916) | more than 3 years ago | (#36935640)

Setup your spam filters and not worry about it.

Public? (0)

Anonymous Coward | more than 3 years ago | (#36936006)

Erm, Yahoo and Google are PRIVATE. Nice try to blame the government, though. Back to your free market!

I'm my own police. (0)

Anonymous Coward | more than 3 years ago | (#36936078)

Ain't nothing a baseball bat to the face can't fix.

Who watches the watchmen? (1)

Marrow (195242) | more than 3 years ago | (#36936080)

How long would it before people use the service to get emails banned from people they don't like??

A Recipe for Denial of Service (1)

DERoss (1919496) | more than 3 years ago | (#36936112)

This suggestion -- promptly killing someone's E-mail account without giving them time to defend themselves -- is a recipe for denial of service. All I have to do is file a complaint against someone I don't like. Zap. They have no E-mail. I don't have to prove my complaint is valid.

Hmm. Someone running a botnet could quickly eliminate all E-mail for a nation. Cyberwar!!

Give jfruhlinger the Finger (0)

Anonymous Coward | more than 3 years ago | (#36936178)

This is exactly what the internet nor any country needs!

jfruhlinger is a coward and idiot extrodinare.

jfruhlinger should be banned from /. for "its" brazzen attempts at sexual contact through social networking.

jfruhlinger, go to Facebook and Suck It UP, then swallow.

--//++

I'd like a job ... (1)

PPH (736903) | more than 3 years ago | (#36936514)

... with the grammar division, on their SWAT team.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>