Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ISP Operator Barry Shein Answers Spam Questions

Roblimo posted more than 11 years ago

Spam 373

Barry mentions his "sender pays" spamfighting plan more than once in his answers to your questions, and discuessed it at length in an InternetWeek.com article published on Feb. 20. Is Barry's plan workable? Do you have a better idea? Or should we all just get used to spam as part of the online experience, and learn to live with it and block it as best we can?

1) Back to the 90s
by gylz

If you had known back in the early 90s that spam was going to be the problem it is now, what steps would you have taken then to protect yourself and others from it?

For instance, what changes would you have advocated in the mail protocols and what standard procedures would you have told other ISPs to use to prevent spammers from getting a foothold in the first place?

Barry:

When The World began selling the first commercial dial-up internet accounts in 1989 one question we were frequently asked by the privileged few who had internet access was: How are you going to control them? To be honest, we never had a good answer other than developing what everyone thought was a pretty good AUP (Acceptable Use Policy) and promising to enforce it as best we could.

But even as the net developed, in the early-mid 90s, there were similar problems with system cracking and break-ins. Back then there were more open holes to just walk right through, get a privileged shell, or just cause mayhem. To a great extent spam can be viewed as a form of system compromise and similar to malicious cracking in many ways.

One of my pleas back then to other ISPs was to make some sincere effort to know to whom you were giving accounts. Many of the ISPs with big funding and marketing departments to match would just give out new accounts to anyone with a drink coaster and worry about it later, oftentimes much later only when the bill wasn't paid.

I think practices like these gave rise to the sense of anarchy and lawlessness on the net that came from the easy abuse of anonymity which persists today. At The World we were careful about not enabling new accounts until we were pretty sure we had valid information. Many ISPs did not do this and tracing problems back to an account on their service would lead to a dead end; the info they had on the account would turn out to be obviously fraudulent.

Also, and this isn't a regret but more of an observation, some early internet advocates wanted only end-to-end services which basically meant that every single computer on the net should be a mostly autonomous client and server. Dial-up made this impractical; you couldn't really run a web site or even a decent mail server over a part-time connection. But I think some of that ambivalence over goals contributed to inaction on issues which might have helped with problems we see today.

2) Acting Locally, Effecting Globally
by merlin_jim

Many posts talk about proposed changes to society, government, and technology to lessen the spam problem. However, an ISP has more insight into the problem than many others, and I thought I'd ask a question to tap that insight:

Given today's society, technology and infrastructure, what can an individual do that would be effective in reducing not only the personal strain of spam, but also lessen an ISP's burden.

What kind of strategies have you seen work. For instance, in particularly bad instances I'm prone to send an e-mail to spam@isp.net, abuse@isp.net, or admin@isp.net, but usually never even get a response. Is there a better thing to do? Are there things that are absolutely the wrong thing to do (such as replying to a spam)?

In short, what would you like to see users do in response to spam today?

Barry:

Pressure your legislators to enforce the laws already on the books! Hijacking others' systems, identity falsification, and fraud are already illegal. These aren't legitimate business people who send all this bulk mail, they're crooks.

Even if a spammer can sneak around the laws making it clear that the activity is illegal, this prevents a spammer from getting investors, incorporating, taking out bank loans, obtaining legal indemnification against liability, buying business insurance, registering with their state or owning intellectual property (e.g., trademarks), etc.

Something else everyone can do is install spam filters. And help others install spam filters. Ultimately, I believe it's an arms race between the filters and the spammers so other forces need to be put into play.

But my reasoning is that utilizing filters now will make the internet experience more pleasant and productive for many which is a good thing. Their wide-spread use will also serve as a wake-up call to those companies who are deluding themselves into thinking they're "white-hat" spammers so ought to be exempt. The filters throw their stuff away also.

The so-called legitimate advertisers need to get to the table with the ISPs and figure this thing out and stop thinking the status quo serves them.

At this point my thinking is that there isn't much difference, from the point of view of an ISP, between companies whose spam you don't hate and those whose spam you do hate.

When it's paper mail you have to put a stamp on a letter whether the intended recipient asked for the mail piece or not. I think we need to move in the same direction on the net with all bulk e-mailers. They need to start paying for the infrastructure they're exploiting.

The current situation is that people tend to define "spam" as e-mail which promotes products which they don't want others to think they want. We need to get beyond that because you're paying for any e-mail you receive, even if only indirectly.

3) why not whitelist?
by Aviancer

Why hasn't any large ISP or enterprise seriously considered whitelisting mail? The traditional blacklist idea -- when I see spammers I'll no longer accept their mail -- is so easily overcome that many spammers don't even wait one generation to change addresses. Instead, bounce all mail you don't recognize, with a note to the sender on how to inform the system that you are a real user. Nearly all spammers loose their incoming account immedately, so this seems the natural choice. There's some more detail on this method at the TMDA project.

Barry:

The easy answer is that the target moves too fast. How could we begin to keep up a whitelist at the ISP level on behalf of thousands or even millions of customers?

And how exactly do you propose to "inform the system that you are a real user"? Right there is the crux of the matter. What you're suggesting is one of those techniques which works pretty well for individuals but is unmanageable at the ISP level.

Something from the TMDA site I do agree with is:

Spam will not cease until it becomes prohibitively expensive for spammers to operate.
We just have slightly different approaches to making spam prohibitively expensive. Let a thousand flowers bloom!

4) Is there a reasonable solution?
by PincheGab

Given that junk mail in the regular mail is more acceptable (and I will mention that my wife (specially) does like to know when there's a sale on), and given that e-mail is the next big thing, what do you see as an acceptable solution/accord to spam?

I certainly am tired of deleting the penis enlargement and Nigerian bank deposit e-mails, but where is the balance and how do we attain it, if ever?

Barry:

I believe the only approach which will work is a "sender pays" model for bulk e-mail advertising. Such a model corrects the current situation on several levels:

a) Sender pays can provide an economy to enforce its own rules.

Most proposals I've seen to deal with spam are workable on paper but fail in this regard. If, when considering yet another spam proposal, you ask yourself who will pay for this or that solution, how will it be enforced (e.g., if it requires lawsuits who will pay the lawyers?) generally no answer comes to mind.

However, if we create a (bulk) sender pays model through some sort of trade association then that organization would have a revenue stream which can be tapped to enforce its revenue model, and a monied interest in defending that revenue model.

b) Sender pays creates a conduit of control between the sender and the ISPs.

Right now spammers can use an ISP's facilities to firehose any spam they want, to anyone and everyone they like, at almost zero cost. For example, kids' accounts are flooded with explicit pornographic come-ons. There's no ability to control that sort of thing.

What business allows its facilities to be used to offend its customers?

In a sender pays model one could also refuse to be paid and, hence, refuse the advertising. Spammers are trying to send their spam to the ISP's customers. I think the ISP has both a right and an interest in controlling that so as not to drive customers away. It's not reasonable that an ISP such as myself has no control over what sort of advertising is placed in my customers' mailboxes yet is left responsible for the quality of that experience.

c) Sender pays clarifies the legal situation without a need for new legislation.

Sending, and not paying, would become simple theft of service, wire fraud, etc.

5) ISP Tools
by feenberg

Do ISPs have the tools they need to prevent outgoing SPAM from their own customers? I look at Sendmail and don't see anything that would allow you to throttle mail volume, check outbound messages for SPAM, restrict new customers etc. There isn't even anything built in that would warn you about a customer sending a million messages. It would seem that a few tools like that would be a big help to an ISP too small to develop its own.

Barry:

I think the best tool is knowing who your customer is and having a clear and effective policy if a customer spams such as clean-up costs which should also include intangibles such as public relations costs.

But you're correct, better tools at that level might help if ISPs were inclined to use them. Many ISPs do use tools such as you describe, others obviously don't care.

6) RBL's
by sabri

One of the few measures that can be taken against spam is the use of blacklists (for instance via DNS). There are a lot of pro's and con's for the use of DNSBL's. How do you feel about these? Should DNSBL's be governmentally regulated? Do you use any DNSBL? Should an ISP enforce certain RBL's (let say, of open relay's) on its customers?

Barry:

I've always resisted using these blacklist services at the ISP level. There are several reasons why but the most important is control.

If the blacklist suddenly began blocking some site, such as a major university or corporation because it was the source of spam the night before, that might cause a big problem with our customers. Even if it could be worked around it'd be just another out of control detail which might send one into fire-fighting mode suddenly.

Another problem I've had with blacklists is that some have become rogue and gone power-mad, blacklisting addresses for reasons completely unrelated to their stated purpose such as personal politics.

Also, the blacklists I've looked into were volunteer efforts which meant the people involved often felt they could paper over any mistake or oversight or staff unresponsiveness with the excuse that they were unpaid volunteers so what do you expect? You can't have your ISP be dependent on organizations with that attitude. And what if I don't like a blacklist's policies or implementation of their policies? If I'm not paying them I can't vote with my wallet.

I suspect that anyone attempting to run a blacklist in a professional, paid manner would go broke; the service isn't worth what it'd have to charge to stay in business. The legal costs alone can be daunting. With legal issues even if you're right it can be expensive getting there. And customers of any service don't want to pay for your legal bills as the major cost of such a service. So we're back to problems with the economic models.

I don't think government regulation would help with blacklists, per se, except in very general ways (they can run the courts for the lawsuits!) The only analogy I can think of are credit bureaus but most of the government regulation in that area is to protect consumers. I don't think we want the government stepping in to protect spammers!

Finally, yes, just about all ISPs blacklist (block) offending sites. Doing it in-house gives them the control they need. It's not great to have to take this on but it's the only choice right now. Unfortunately it's becoming a major burden, and the results are not altogether predictable.

7) What would be the minimum actual cost?
by jamie

What would be your actual dollar cost of spam, if you didn't spend much time and effort fighting it?

Let me explain...

I sometimes hear that spam has significant costs in bandwidth and storage but I don't believe it. As far as I can tell, SMTP traffic is at most 2-5% of net traffic. And a quick calculation shows that an ISP's costs for storing its users' spam are fractions of pennies on the dollar. (*)

You've likened spam to a DDoS attack on your mail servers. Stories about being flooded with traffic sound impressive but computers are so fast now, it's hard to put anecdotes into context. So I'm looking for dollar amounts. For a customers paying b dollars per unit time, an ISP like yours has to spend c dollars per unit time on servers that can handle those customers' incoming SMTP traffic. If this is significant, I'm looking for c over a times b :)

Obviously admins to run the servers are an important cost. But for purposes of this question, suppose you wanted to do the bare minimum. Say you set up the SMTP servers to use just a few of the less-intrusive DNSBL lists, like sbl.spamhaus, relays.ordb, or list.dsbl, and then ignored them as much as possible.

The next most common argument I hear is that customers will abandon ISPs that don't fight spam. But every ISP has the same problem, so this is really a competitive advantage issue except for the small percentage of users who are actually driven off the internet by spam.

Then there's outgoing spam but I don't imagine that's too hard to recognize and stop quickly.

Let me know what I'm missing...

(*) Thumbnail calculations of spam storage follow. Let's say J. Average ISP Customer gets 20 spams a day at 10K each, and deletes them only every 30 days. That's an average of 20*10K*15 = 3 MB of storage. If the ISP replaces hard drives every two years on average and its total storage costs are ten times the actual medium costs (for labor, backup, redundancy, downtime), then at today's hard drive prices, that spam storage will cost the ISP 0.003 * 10 / 2 dollars, or about a penny and a half. Over that same year, J. Customer pays the ISP $100+.

Barry:

Your figures for the percentage of bandwidth which is spam are far too low. Others have put the numbers much higher. NewsFactor cites studies putting the figure somewhere between 17 and 38%. See http://www.ecommercetimes.com/perl/story/19803.html.

As to computers getting faster, that's not a primary issue in my mind. But addressing even that point, how rapidly should I have to amortize and replace my equipment just to accommodate spammers?

And what about the intangibles? They're becoming the major factor in all this. E-mail is the "killer app" on the net. Yet spam is fouling that e-mail experience.

People reading Slashdot might be sufficiently committed to e-mail that they'll wade through all the spam and tweak spam filters even if it takes hours per day and a clothes pin on their collective noses. But what about the many millions of people who aren't so committed to this technology?

As an ISP I can tell you they're giving up on the internet, to them the cost/benefit is just not worthwhile. That's not a good trend.

Another cost is that spam is undermining the standardization of protocols on the net, and thus introducing a pervasive chaos. Every ISP and many other sites are scrambling around implementing mostly different "solutions" to the spam problem. Some of these in-house solutions might be ok, others can be pretty bad.

One result is that e-mail is becoming less reliable as a communications tool. Your mail might get through, it might be kicked out or filtered as spam, you might be able to figure out why and get the message through on a slightly changed subsequent attempt, or maybe not.

Who needs this kind of craziness? How can this situation possibly be productive?

How productive is it to have millions of people installing and customizing spam filters? Or having really bright people writing spam filtering programs? And where is this all going?

In my opinion, if unchecked, I think the current trend is very destructive to the entire idea of a public network.

P.S. I realize in another answer I recommend installing spam filters, but I see that only as a temporary measure.

8) Collateral Damage
by aridhol

One of the greatest problems with spam-prevention techniques has to do with collateral damage. Can you see any solution to spam that either prevents or minimizes the damage to innocent bystanders, such as other users of a spammer's ISP?

Barry:

Yes, the solution I favor is going to a sender pays model aimed at bulk e-mailers.

Other approaches, in particular technical solutions, are prone to causing collateral damage. Inevitably as the arms race heats up, and spam filters have to take bigger and bigger risks to have any effect, collateral damage will become more common.

And it's already worse than you might imagine. Spam and similar are causing severe operational problems on the net and undermining standards as ISPs and others invent new ways to avoid the spew.

As one concrete example, right this minute there's a network provider who was just assigned most of the 69.0.0.0/8 IP address space. Unfortunately, this was formerly a spam and DOS (denial-of-service) cesspool so many sites out there just block the whole 69.* address space.

So the new owners are making appeals to firewall managers asking them to please remove their blocks in the 69.* space on the NANOG (North American Network Operators Group) list.

But NANOG is not a particularly big or influential mailing list. At best it's only aimed at North America while the blocking exists world-wide. But how do you communicate with so many sites and undo the problem? In a nutshell, you can't. I suspect their customers who get space in 69.* are going to find themselves blocked by many sites for many years to come.

See what a mess spam is causing? It's like asking how much can such a little tiny termite eat? And then the house falls down.

9) Spam Lawsuits
by ca1v1n

Do you think new laws that allow ISPs and end-users to collect damages from spammers on a per-message basis can be effective tools to reduce spam?

Barry:

Although it should be part of the picture I think this sort of litigation would be ineffective as a primary attack on the problem.

What we need to do first is stop the insanity!

To do that I say introduce sensible economics into e-mail advertising. You may find network TV commercials annoying, but imagine if just anyone could break into a station's signal at any time and insert advertising! That's what we have right now, and it's crazy.

If we were subjected to a few, well-paid and placed ads it might be annoying to some but others might even find it beneficial like the person in the previous message whose wife likes to know about the good sales. Or we could just pay a premium and not see another ad, analogous to premium cable TV. Or find ways to block them via our personal mail clients, analogous to what people do with PVRs. It'd just be a matter of economics and marketing and taste.

But right now it's complete anarchy, only the introduction of a viable economic model can tame the situation.

Also, I'm not optimistic about any legalistic approach so long as there's no scalable revenue stream associated with e-mail or its abuse.

Currently the general consensus on the net is that we don't even want sales taxes on e-commerce, which might be a reasonable point of view, but then we're going to ask that billions should be spent on courts and enforcement of new spam laws? Where is that money supposed to come from? Cut the fire dept? The schools? Not-growing corn subsidies? Without additional revenue something has to give.

Given a sender pays model money could be earmarked for private enforcement, such as investigation and litigation. And the case could be more realistically made as to the exact economic cost of spam. If an ISP was supposed to get paid for ads going through their system then anyone evading that is simply guilty of good old fashioned theft of service, no new laws needed. And legislators, who presumably would be getting their usual business tax cut of such revenue, could begin to see the logic in returning some tax money to defend these revenue streams.

There would still be challenges to be worked out internationally but it wouldn't be the first time a revenue model had to work on a global scale. Obviously international telephony and postal mail works well enough to combat fraud. But only with some sort of concomitant revenue stream attached to the activity could you possibly begin to tackle the problem, domestically or internationally.

10) Kill 'em all
by Lord_Slepnir

If you could meet a spammer, what would you say? What would you do? What caliber would you use? Would you want someone to do it for you? Is $10,000 a head too much?

Barry:

I would tell the spammer in no uncertain terms that spammers' days are numbered, just like junk faxers and other scam artists who exploited a brief window of vulnerability.

Situations like this don't last long.

Of course, then the spammer would laugh in my face because that's what sociopaths like to do when confronted. But, as the expression goes, we'll see who laughs last.

One thing is clear, however, spammers will not listen to reason. So any change in their behavior will have to be the result of force.

Sorry! There are no comments related to the filter you selected.

First Post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425011)

"Of course, then the spammer would laugh in my face because that's what sociopaths like to do when confronted. But, as the expression goes, we'll see who laughs last. "

Isn't this a stereotype! For shame /.!

Re:First Post (-1)

Anonymous Coward | more than 11 years ago | (#5425128)

Once again /. mods prove CRACK is their drug of choice. The above comment was NOT offtopic you morons.

To make things easy for you, this post has been brought to you by FLAIMBAIT!

Just remember... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425205)

"He who fucks last, fucks best!"

Or was that, "It's not the fuck you face, but the face you fuck!" ?

I always get those two confused.

Re:Just remember... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425215)

Also: picking up little girls [marhost.com]

first post?? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425012)

first post??

maybe...please???

Pirst Fost (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425022)

Action!!

FP? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425028)

Is this an FP?

w00t w00t! :)

Finally!

Did you help the U.S. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425030)

A little late, but did you take an active role in finding terrorists after 9/11? Specifically, helping the NSA bug NATO's email? [theregister.co.uk]

p00p! (-1)

buster hyman (256882) | more than 11 years ago | (#5425032)

Memorize these definitions, and pooping at work will become a pure pleasure.

ASTAIRE A subtle toe-tap that is used to alert potential TURD BURGLARS that you are occupying a stall. This will remove all doubt that the stall is occupied. If you hear an ASTAIRE, leave the bathroom immediately so the pooper can poop in peace.

CAMO-COUGH A phony cough which alerts all new entrants into the bathroom that you are in a stall. This can be used to cover-up a WATERMELON or to alert potential TURD BURGLARS. Very effective when used in conjunction with an ASTAIRE.

COURTESY FLUSH The act of flushing the toilet the instant the nose cone of the poop log hits the water and the poop is whisked away to an undisclosed location. This reduces the amount of air time the poop has to stink up the bathroom. This can help you avoid being caught doing the WALK OF SHAME.

CRACK WHORE A crapper that has seen more ass than a Greyhound Bus. Telltale signs of a CRACK WHORE include pubes, piss stains and shit streaks. Avoid a CRACK WHORE at all cost. Try finding out when the janitor cleans each particular bathroom. Don't forget with a good cleaning, a CRACK WHORE can become a SAFE HAVEN.

ESCAPEE A fart that slips out while taking a leak at the urinal or forcing poop in a stall. This is usually accompanied by a sudden wave of panic and embarrassment, similar to the hot flash you receive when passing an unseen police car and speeding. If you release an escapee, do not acknowledge it. Pretend it did not happen. If you are standing next to the farter at the urinal, pretend that you did not hear it. No one likes an escapee; it is uncomfortable for all involved. Making a joke or laughing makes both parties feel uneasy.

FLY BY The act of scouting out a bathroom before pooping. Walk in, check for other poopers. If there are others in the bathroom, leave and come back again. Be careful not to become a FREQUENT FLYER. People may become suspicious if they catch you constantly going into the bathroom.

HAVANA OMELET A load of diarrhea that creates a series of loud splashes in the toilet water. Often accompanied by an ESCAPEE. Try using a CAMO-COUGH with an ASTAIRE.

JAILBREAK (Used in conjunction with ESCAPEE) When forcing poop, several farts slip out at a machine-gun pace. This is usually a side effect of diarrhea or a hangover. If this should happen, do not panic; remain in the stall until everyone has left the bathroom so to spare everyone the awkwardness of what just occurred.

OUT-OF-THE-CLOSET POOPER A colleague who poops at work and is damn proud of it. You will often see an OUT OF THE CLOSET POOPER enter the bathroom with a newspaper or magazine under their arm. Always look around the office for the OUT OF THE CLOSET POOPER before entering the bathroom.

POOPING FRIENDS NETWORK (PFN) A group of coworkers who band together to ensure emergency pooping goes off without incident. This group can help you to monitor the whereabouts of OUT OF THE CLOSET POOPERS and identify SAFE HAVENS.

SAFE HAVEN A seldom used bathroom somewhere in the building where you can least expect visitors. Try floors that are predominantly of the opposite sex. This will reduce the odds of a pooper of your sex entering the bathroom.

TURD BURGLAR A pooper who does not realize that you are in the stall and tries to force the door open. This is one of the most shocking and vulnerable moments that occur when taking a dump at work. If this occurs, remain in the stall until the TURD BURGLAR leaves. This way you will avoid all uncomfortable eye contact.

UNCLE TED A bathroom user who seems to linger around forever. Could spend extended lengths of time in front of the mirror or sitting on the pot. An UNCLE TED makes it difficult to relax while on the crapper, as you should always wait to drop your load when the bathroom is empty. This benefits you as well as the other bathroom attendees.

WALK OF SHAME Walking from the stall, to the sink, to the door after you have just stunk-up the bathroom. This can be a very uncomfortable moment if someone walks in and busts you. As with all farts, it is best to pretend that the smell does not exist. Can be avoided with the use of a COURTESY FLUSH.

WATERMELON A turd that creates a loud splash when hitting the toilet water. This is also an embarrassing incident. If you feel a WAERMELON coming on, create a diversion. See CAMO-COUGH.

Sir (0)

Anonymous Coward | more than 11 years ago | (#5425091)

I wish to subscribe to your newsletter.

The dark side of the force... (4, Funny)

Noryungi (70322) | more than 11 years ago | (#5425049)

I have to say, this made me laugh:

One thing is clear, however, spammers will not listen to reason. So any change in their behavior will have to be the result of force.

Can I be the one who applies force? Pretty please?

(Just joking, as I only dream of applying force to the skull of the spammer after one spam too many...) =)

Re:The dark side of the force... (4, Funny)

Shadow Wrought (586631) | more than 11 years ago | (#5425117)

Maybe spammers should be forced to consume one can of Spam(TM) for each piece of spam that they e-mail.

But then again, I have always been partial to ironic punishments;-)

Re:The dark side of the force... (3, Funny)

$$$$$exyGal (638164) | more than 11 years ago | (#5425127)

I recommend forcing them to use all of their penis enlargement devices.

Re:The dark side of the force... (0)

Anonymous Coward | more than 11 years ago | (#5425191)

You'd have to give up all of yours, Gwen Stefani

What about them? (3, Funny)

Joe the Lesser (533425) | more than 11 years ago | (#5425057)

One thing is clear, however, spammers will not listen to reason.

Well, how can you refuse their great deals!?! They must think we're crazy.

Best "worst quote" (0, Offtopic)

(1337) God (653941) | more than 11 years ago | (#5425060)

As an ISP I can tell you they're giving up on the internet, to them the cost/benefit is just not worthwhile. That's not a good trend. -- Barry Shein

So now ESR's statement that Microsoft will be dead in 6 months, Slashdot trolls' idea that BSD is already dead, some nitwit journalist's belief that Apple Computers is nearly obsolete all get joined with Barry Shein's idea that THE INTERNET IS DYING.

Wow, what a way to start a Monday morning ;-)

Simple Solution (4, Interesting)

Anonymous Coward | more than 11 years ago | (#5425062)

There is a simple solution (or at least a starting point): Prosecute Forged Headers. If someone is going to send spam, sending it from someone elses account or server SHOULD BE illegal, and it should be prosecuted. This would cut down on large amounts of spam and make all other forms of combatting much easier.

Re:Simple Solution (1)

Xrikcus (207545) | more than 11 years ago | (#5425206)

The problem there of course is tracking down the original sender of the forged mail.

Re:Simple Solution (4, Interesting)

gilesjuk (604902) | more than 11 years ago | (#5425386)

Can't mail servers become more intelligent, after all who sends 100 emails a day in one big batch from a hotmail account?

If a hotmail server for example looked at the age of an email address/account when deciding to accept an email then it might prevent some spam. If an email account is minutes or hours old and the user attempts to send 1000 emails from it then you know you're dealing with a spammer. Also if you check for replies to that message you also can validate if the mail was potentially a valid one.

I personally receive very little spam since installing Popfile, in the the true tradition of networking and the internet it's free. Works hundreds of times better than any commercial tool I have used. Best thing is it's cross platform too, if you can run perl on an OS you can run popfile.

Sender pays is a bad idea (2, Insightful)

stratjakt (596332) | more than 11 years ago | (#5425069)

It wont stop spam. People are getting spam on their text based phones, I get full color spam in my mailbox. Bulk advertisers have no problem paying a few cents per spamee, when one gullible shmuck in 1000 orders the penis enlargement pills.

It'll just kill e-mail. People and corporations wont be so eager to use it when it costs them a dime (or even a cent) per pop.

Re:Sender pays is a bad idea (5, Interesting)

dattaway (3088) | more than 11 years ago | (#5425112)

I know a better idea. And the reason why I love local ISPs. One our LUG mailing list got spammed. Within the hour, I got an address and it was from someone here in the city. Let's say it was an interesting experience getting to know this spammer and observing her habitat. Yes, it was a internet luser wanting to exploit the masses.

Get to know your spammer. Field trips are more entertaining than sitting on the couch watching television.

Re:Sender pays is a bad idea (1)

orkysoft (93727) | more than 11 years ago | (#5425232)

So, how did you LART her?

Hash Cash! (0)

Anonymous Coward | more than 11 years ago | (#5425224)

Then use this instead.
http://www.cypherspace.org/~adam/hashcas h/

Re:Sender pays is a bad idea (4, Interesting)

conner_bw (120497) | more than 11 years ago | (#5425295)

Here is what i think the ultimate solution.

Reciever has the "right" to bill sender for unsolicited email - a processing fee as seen in many a sig.

If the sender can't be found, then they have the right to bill the ISP. Which will get the lax ones off their ass and implement some actual policies and the spam house ones eliminated.

International law in the way? No problem! The "Right to bill sender for processing fee" law has diplomatic status, and it clearly states that mobs, minimum of 10 people, have the right to use all means necessary to extract the fine either as money, property, or pain.

Where anonymity fails, application of brutal force, stalking, and humilation by an organized group of angry citizens doesn't.

Fight spammers with fire! Burn them to the ground.

White list problem (1)

MrFredBloggs (529276) | more than 11 years ago | (#5425070)

Thousands or millions of customers? That's it? That's the problem? You can't keep a local copy of all the ISPs on the white list and check email addresses off it? You can't make an email take a few seconds longer to turn up, with the benefit of no more spam, ever?

Why?

Re:White list problem (2, Interesting)

mark_lybarger (199098) | more than 11 years ago | (#5425129)

why? because it would mean the mr. ISP would have to get up and provide a competitive, usefull proudct to consumers.

i believe the first few ISP's that step into this space will pave the way for the rest.

throttle an smtp server (5, Interesting)

tinla (120858) | more than 11 years ago | (#5425072)

"I look at Sendmail and don't see anything that would allow you to throttle mail volume"

ISP's offering dialup services generally know the CLID and maybe the name & address of a caller.. but its too much hassle to do anything about bulk mailers that use the service. If I go and sign up with a free isp I can send a huge volume of spam before I get banned and there is a very low chance of any comeback.

What tools are available for SMTP gateways (such as sendmail, exim etc) that let you trottle mail based on the sending address / user (maybe tied into radius)? So i can allow normall users to send thier 20 messages per connection by automatically make it unattractive to people sending 1000's. If each subsequent message from a user has a longer and longer transmission time (insert some arbitary delays etc) then they won't relay through the isp server.

Any ideas? I was talking to a friend recently that works at a small isp and he has the exact problem above. They give out "free" accounts (earning off the call revenue) and spammers clog up the smtp server with really vast volumes of junk in the mail queues... after all - most addresses on spam lists are duds.

Re:throttle an smtp server (1, Interesting)

Anonymous Coward | more than 11 years ago | (#5425123)

postfix has this built in.

Re:throttle an smtp server (1)

dhunley (16816) | more than 11 years ago | (#5425204)

you can define 'confBAD_RCPT_THROTTLE' in your config.mc file when {re}building sendmail. this won't get you 100% to where you want to be, but it gets you mostly there

are they leaving the net, or just leaving you? (1, Offtopic)

AssFace (118098) | more than 11 years ago | (#5425073)

As an ISP I can tell you they're giving up on the internet, to them the cost/benefit is just not worthwhile. That's not a good trend.

This statement seems odd to me - how can you determine that they are leaving the net for good because of spam, or if they are just leaving your service because they found a better/cheaper service to use instead?

I used to get over 500 spams a day, and now am down to avg about 100 spams a day. I filter them all out and I really don't see what the big deal is at all.
That said, I only pay for my own hardware and not for all the hardware at an ISP (at least not directly - I am aware that in the end I pay some part of it). So I can understand that it is hard for me to bear the same hatered that others do - but I really just don't get why the spammers are so hated.
They are annoying as hell, but I just don't get the hatred.

thinking about sender pays (3, Interesting)

j0nb0y (107699) | more than 11 years ago | (#5425077)

The problem this has is that people don't want to pay to send email. I think the solution to this may be for each account to get so many free emails a day. For example, you can send ten free emails a day, but after that you pay 10c each. No spammer would get an account at such an ISP.


Another solution may be to have a ten cent "deposit" every time you send an email. If it's legit, you get it back. If the end user rejects it, you lose your ten cents.


The problem with the first approach is that it wouldn't work unless every ISP did it. It would make more sense to charge at the incoming mail server.

Re:thinking about sender pays (1)

stratjakt (596332) | more than 11 years ago | (#5425133)

With his suggestion, every ISP wont do it, and it does nothing to stop insecured SMTP routers and whatnot.

While charging at the incoming server is a little better an idea, it's worthless if you cant collect (invoicing a hacked server in China?).

And none of it would stop spam. If they'll pay for glossy mass mailings at $0.37 per stamp, they'll pay a dime to email.

It would stop e-mail. I roughly estimate that the small company I work for would have about 10,000 a year in e-mail charges. We'd find another way to communicate with clients (like the phone).

CAPTCHA'a (2, Informative)

slug359 (533109) | more than 11 years ago | (#5425079)

Unfortunately I didn't see the Q&A, else I would of asked something about CAPTCHA's [captcha.net] , I believe these systems, implemented properly could have a real dent to spammers wallets, there was a website that used this system to allow legitimate mail through, I've lost the URL however (damned K-Meleon bookmark support!), but it's a really good idea.

It worked something like this, legitimate sender sends mail, autoresponder sends back mail with 'Visit this URL, to confirm your address'. The legitimate sender visited the address, entered the obfuscated word and their mail was delivered (and address added to a white list for future correspondance).

I wrote a simple CAPTCHA in PHP (yey gd!) in about 30 minutes, so why legitimise spam when this ideal solution has emerged? :)

Re:CAPTCHA'a (1)

slug359 (533109) | more than 11 years ago | (#5425271)

Hate to respond to myself, but found the uri:
SpamArrest [spamarrest.com]

Arf, it says 'patent pending' at the bottom of the site, hope their patent application fails...

ISP's don't care... (3, Insightful)

$$$$$exyGal (638164) | more than 11 years ago | (#5425080)

That was an excellent interview! Here's a nitpick:

But you're correct, better tools at that level might help if ISPs were inclined to use them. Many ISPs do use tools such as you describe, others obviously don't care.

I would guess that the majority of these ISP's do care. The problem is that spamming issues are such a low priority for them when they are just trying to keep their heads above water (financially speaking).

Another issue is that the ISP's will almost always be perceived as not caring, because there is no way they can possibly respond to every single person that claims to be spammed from such and such ISP.

overrated (0)

Anonymous Coward | more than 11 years ago | (#5425311)

Looks like you've got some enemies there, sexy.

Ah, the vindictive mod. From my parents' basement in Wyoming, I stab at thee!

Spam is only a problem for perverts (-1, Troll)

(1337) God (653941) | more than 11 years ago | (#5425082)

Spam is only a problem for perverts, and hear me out on this please.

Listen, the only way in hell that you'll get a piece of spam mail is if you register or use your email address at pornography sites. Any credible Web site does not disclose or sell email addresses.

I mean come on, if spam is a big enough problem that people form consortiums and companies on fighting spam, I think they need to re-think the cause of the effect -- pornography-seeking Web surfers.

Without trying to deligate this discussion to silly potty jokes, I'd say that if you keep both hands on the keyboard at all times and don't spend hours upon hours browsing for porn, you'll be spam-free.

Re:Spam is only a problem for perverts (0)

Anonymous Coward | more than 11 years ago | (#5425109)

You are completely wrong!!! I am a programmer for a large company who frequently posts to news groups and discussion boards for answers to technical problems. These places are prime targets for spammers to grab email addresses. I get spam all of the time as a result.

Re:Spam is only a problem for perverts (0)

Anonymous Coward | more than 11 years ago | (#5425157)

Then I must be a pervert by your definition...

I get plenty of spam and I've never visited any sites that you mention. Be careful of your rather narrow minded views and acusations as posted.

Rev Daniel Spinner, Jr.
Christian Southern Baptist Center
Birmingham, AL

Re:Spam is only a problem for perverts (1)

jhunsake (81920) | more than 11 years ago | (#5425358)

Yeah right! I run a porn site, and I see your name in our subscriber lists all the time!

Re:Spam is only a problem for perverts (1)

M-2 (41459) | more than 11 years ago | (#5425165)

Listen, the only way in hell that you'll get a piece of spam mail is if you register or use your email address at pornography sites.

Considering that I've gotten spam in an email account mere hours after posting something in Usenet with it, I think you're wrong.

And the time in IRC when a bot bounced in then out of the channel, and I started getting spam to an account.

(Full Disclosure: this was my old Hotmail account, which amused me, as it showed me both the speed some of these lusers harvest addresses and the sheer lack of spam protection at Hotmail.)

Well if that's the case... (0)

Anonymous Coward | more than 11 years ago | (#5425177)

Why isn't your email address on this site?

Privacy you say? Okay, sign up another account somewhere and place the account address in a comment here, post to several mailing lists and see what happens.

Guess you're a pervert now.

Re:Spam is only a problem for perverts (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5425196)

What a load of shit! Do someone transplant you asshole onto your face during the night at not tell you?

Re:Spam is only a problem for perverts (2, Insightful)

gregm (61553) | more than 11 years ago | (#5425210)

Oh sheesh.. you live in what world? I create temporary email addresses for myself, use one to buy a book from Amazon and within two months that account is hammered with spam. Much of which comes directly from Amazon. Go dowload Diskeeper Lite and see what I mean. Ive had my email address since before most of you ever heard of the Internet and I can tell you if I weren't whitelisting I'd be so flooded with spam. Why don't you use your email address to register a domain sometime.. You must be trolling.

Re:Spam is only a problem for perverts (1)

Jeff Fohl (597433) | more than 11 years ago | (#5425249)

Sorry, but this simply is not true. Spammers send out bots to surf the web and collect email addresses off of websites. That is only just one of the ways that they collect email addresses. Sometimes they use software to guess an address. Databases can get hacked. There are a host of other ways to get emails illicitly. Once your email address is compromised to the Dark Side, it will very quickly proliferate into all of the unwanted spam databases, since spammers will sell their databases to each other.

Re:Spam is only a problem for perverts (1)

peptidbond (189705) | more than 11 years ago | (#5425251)

Yea...right. I have had one email address since May and I already get 50+ spams per day. I have never given out the address in a web form, replied to spam, entered a contest, or anything else with it. However, the one thing that I did do was place it on a community page (go team lamb chop! [teamlambchop.com] ) since I was acting as a web master for a short time. Guess what, two weeks later I was getting nailed with spam.

Does you pr0n theory hold? No.

Re:Spam is only a problem for perverts (0)

Anonymous Coward | more than 11 years ago | (#5425307)

Well, you are somewhat correct. I'm sure if you give your address to a porn site you'll get spammed. Of course if you men didn't love porn surfing so much, I'd probably wouldn't get so many shots of a womans crotch in my Hotmail. :(
However, you're forgetting web crawlers, address guessing and everything else.
You have to never ever post your email address anywhere. You have to enter a bogus address anytime you're forced to register to download software etc. You have to carefully unsubscribe from everything when you register to buy something from Yahoo, Amazon, etc. You have to enter a bogus address anytime you're forced to register to download software etc. You have to keep another disposable account when these things want an address confirmed. (And trust me, that Hotmail account will be full of spam even if you NEVER use it.)
This is what I do and I've been 99% spam free for years. At both my own domain and my cable modem company address.
Of course if you have a dumbass computer illiterate friend when enters your address to "send this to a friend" in the wrong site, you're still gonna get spammed.

Re:Spam is only a problem for perverts (1)

kryptkpr (180196) | more than 11 years ago | (#5425346)

You're an idiot.

If your e-mail is anywhere on any webpage in any corner of the web where you think nobody goes, the spammers will find it.

Speaking as someone who's e-mail address is associated with multiple projects (all of which have webpages), and who has never given his real e-mail address to any pr0n site, I can safely say your theory is bullshit.

Sure (2, Insightful)

Junky191 (549088) | more than 11 years ago | (#5425084)

God forbid we just stop buying the crap they are hocking in spam. If everyone just stopped giving spammers their money then the problem would be solved overnight. The simple fact of the matter is that enough people are interested in penis enlargements to keep spammers in business. Stop buying and they will stop selling.

No new unenforcable laws or new bloated government agencies required.

Money talks (4, Insightful)

saphena (322272) | more than 11 years ago | (#5425087)

As with any other commercial enterprise, the one thing guaranteed to stop it is that it just doesn't pay.

If no-one ever responded to SPAM, it would die out pretty rapidly.

If it's still with us it means one of two things:-

1) It pays to send SPAM.
2) There is an endless supply of spammers who have yet to realise that it doesn't pay.

Re:Money talks (3, Insightful)

Detritus (11846) | more than 11 years ago | (#5425234)

It doesn't matter if noone responds to the spam. Many spammers get paid for spamming on the behalf of others. As long as there are suckers who believe that you can "get rich quick" by advertising on the Internet, there will be spammers willing to take their money. Just think of all the money making scams that are advertised on late-night television. Those crooks have been selling the same snake-oil for years.

Re:Money talks (1)

rkhalloran (136467) | more than 11 years ago | (#5425355)

Look, go back to the original Green Card spam across Usenet. The lawyer scum (sorry, that was redundant) involved figured even if they only got a handful of hits, the cost was so low it was a profitable deal. Same for the current crop - they bear none of the costs of delivery, so they can get by if they get a vanishingly small hitrate.

The problem with Barry's plan is it requires co-operation across all the ISPs to chargeback. Lots of spammers are already using Third World ISPs that could care less about the headaches they're causing as long as they get their billing.

User Authentification (4, Insightful)

mitherial (554418) | more than 11 years ago | (#5425089)

He says: "To a great extent spam can be viewed as a form of system compromise and similar to malicious cracking in many ways. One of my pleas back then to other ISPs was to make some sincere effort to know to whom you were giving accounts. Many of the ISPs with big funding and marketing departments to match would just give out new accounts to anyone with a drink coaster and worry about it later, oftentimes much later only when the bill wasn't paid." Am I the only person the finds problems with this mentality? I mean, isn't anonimity (sp?) a huge part of what drives the internet? I mean this strikes me as comparable to the whole DRM approach. Spam is just one of the intractible problems of the modern world. Getting rid of "hotmail" style accounts and comparatively anonymous ISP's *isn't* the answer.

Re:User Authentification (1)

T-Ranger (10520) | more than 11 years ago | (#5425221)

Interesting that he should use that line about drink coasters.

A guy who Ive done some sysadmin and programing work for proudly clames to be personaly responsible for causing all of the ISPs in town to stop accepting cash for accounts. Every couple of weeks he would send down a different friend with $40 to signup for a new account, which he quickly spammed out. Rinse, lather, repeat.

There is a difference beteween being anonymous on the internet and being anonymous getting connected to the internet. As for freedom of speech arguments; spam is like yelling fire in a crowded theather.

Re:User Authentification (1)

Elbereth (58257) | more than 11 years ago | (#5425265)

I think it is.

Why do you want to be anonymous? What are you hiding?

Back when I first got on the internet, there was relatively no anonymity. When you fucked up and did something obnoxious, you lost your internet account. It was virtually impossible to get back on the internet after that, unless you found some way to convince your network administrator that you had learned your lesson. Of course, there were always some jokers who could hack into whichever server they wanted, but those were rather rare.

Anonymity changes the face of communications. When you can act as antisocial as you please, with no repurcussions, your behavior changes. This is basic psychology.

I have nothing to hide; neither does anyone else I know. I'm suspicious of anyone who doesn't want any way for his actions to be traceable. When you fuck up, you deserve to lose your access to the internet... plus have everyone else know that YOU were the one who fucked up. Public humiliation works wonders.

Re:User Authentification (1)

PhxBlue (562201) | more than 11 years ago | (#5425273)

I think that's something we've brought along with us from the BBSing days. I can't see the university professors and military personnel that used the 'Net before commercial usage came along as the type of folks who would have needed any sort of anynomity.

Good Idea but.. (1)

SeXy_Red (550409) | more than 11 years ago | (#5425098)

the difficulty of orginizing this sort of thing IMHO would be astronomical, so although I think it would be a great thing, I fear that this is a mere pipe dream due the the fact that it isnt very likely that the WHOLE world would agree on anything at all, more or less how to control SPAM or if spam is a problem at all.

spam (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5425103)

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/Insert\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__Spam__|__(___>___/__\____s _ _
e_____|___(____C_____)\_Here_/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.


push the responsibility from providers to abusers (2, Insightful)

mark_lybarger (199098) | more than 11 years ago | (#5425105)

it's interesting how in barry's answers he tries to push the responsibility of providing an effective communication mechanism from the provider (ISP) on to the spammer or system abuser.

whitelisting, as many mailing lists use are an effective way to combat spam. i've subscribed to many mailing lists, and haven't seem much spam come through those channels. if whitelisting could be implemented by the ISP's (which I really think it could and barry does a bad job of skirting around the question), are there ways around the whitelisting? it would seem like too much work on the spammers behalf to circumvent that type of a system. have any ISP's tried this type of service?

in short. barry, your idea of "making the bad guy pay for the spam" is a really crowd cheering idea and i'm sure there will be tons of supporters here from the /. crowd. but, if you taks a step back and look at it, there's no real solution proposed. are you suggesting all our SMTP traffic contains a valid CC number in the headers so all the servers that bounce the message can collect their toll for the message i send?

would you pay an extra 1$ per month for an ISP that alows whitelisting email? if my spam were uncontrolable, i sure as hell would.

Whitelist, Blacklist, Pay per Play (1)

Anonymous Coward | more than 11 years ago | (#5425106)

These all completely miss the point. The Internet has amazing potential as a free communications medium. Once you start banning people based on absurd grounds like one person claims they spammed someone or charging people before they can send email you completely destroy its potential.

Now you need to make sure you don't annoy anyone in even the slightest, you have to have a method of payment and sufficient funds to even email someone a question. This isn't how it should be.

Get over it! (-1, Troll)

BlkPanther (515751) | more than 11 years ago | (#5425107)

I know I'm going to suffer a karma hit, but someone has to say it!

<Begin Rant>
I don't know about the rest of you but, I'm getting sick and tired about hearing of people complaining about spam!!! It is fucking stupid! Get over it! Spam is not that inconvienient! I get 50 - 100 spam a day on my email account, and I'm not complaining and demanding that it be stopped, or that laws be enacted to stop it (spam).

I also have a corporate email account that has been active for 2 years, and I don't get more than a couple spam emails a month! You know why? Because I'm selective about who I give it out to!!! Only clients and real people, not web forms, unless they are reputable! Its just part of being online and using email. Just like your phone number! You don't give your phone number unless you know what its being used for.

And you know what else? Spam is functioning on the same principal as junk mail (physical), except I have to do a lot more to get rid of my junk mail because I actually have to walk to my mailbox and pick it up first. You don't hear many people complaining about this!! With email (spam) at least all I have to do is press the FUCKING DELETE KEY!!!! All of you anti-spam zelots need to devote your time and engery to a better cause!
</End Rant>

Re:Get over it! (0)

Anonymous Coward | more than 11 years ago | (#5425230)

Gosh, how smart of you to assume everybody is just like you and has had all the same experiences.

Re:Get over it! (1)

xyzzy (10685) | more than 11 years ago | (#5425276)

Well, you've been marked "insightful", so you clearly aren't taking the karma hit you should :-)

Saying "get over it", however, is an interesting form of denial. I get 20-30 spams/day at my corporate address, despite the fact that I've been careful about using it (but hey, I have published papers out there with my email address, and they are available in electronic form).

Probably 30% or more of the spams I receive are completely vile pornographic spam. I don't have any kids, but I don't want my son or daughter getting a spam with a picture of a woman with a $$*&&@ shoved in her #*&$&. No one should have to put up with this, regardless of their stance on pornography! It's just wrong.

Re:Get over it! How, exactly? (2)

gosand (234100) | more than 11 years ago | (#5425286)

I don't know about the rest of you but, I'm getting sick and tired about hearing of people complaining about spam!!! It is fucking stupid! Get over it! Spam is not that inconvienient! I get 50 - 100 spam a day on my email account, and I'm not complaining and demanding that it be stopped, or that laws be enacted to stop it (spam).

I don't hate spam because of personal inconvenience. I hate it because of the fact that it uses up massive resources on the net, and wastes a lot of people's time for no good reason. Remember, these were questions to someone at an ISP, where spam costs them time and money.

Actually, if I ever do have to check my email via webmail, it does bother me. On my normal account, I don't get that much spam, but on my webmail account? Holy crap. 99% of it is spam. I don't give it out to anyone either, I use it when I need to provide an email for purchasing things online. Yet, I get tons of spam on it. I only check it once a week for that reason alone.

Spam is hated for the same reason telemarketers are hated. I don't mind that people complain about them, because if nobody complains, then nothing will be done to stop them.

Re:Get over it! (2)

Elbereth (58257) | more than 11 years ago | (#5425368)

I applaud your ability to keep a level head (except, apparently, when you write messages on Slashdot), but some of us actually have to pay money for all the spam we receive. Actually, you do, too, indirectly. Imagine how much cheaper your internet access would be if you didn't have to subsidize your ISP's hardware and bandwidth upgrades due to spam.

Also, I don't know about you, but my time is worth money. Every time I have to delete spam that escapes my filters, that's time that I could have been productive. Deleting a hundred spam e-mails is annoying and time consuming. It takes more time than just hitting the delete key. Some e-mail programs have a really sucky user interface, and in a corporate environment, you don't get to choose which e-mail program you use. Sucks to be you, in that circumstance.

Yeah, yeah, I know... YHBT... but I'm bored and feel like posting.

Spammers with slashdot accounts (mod down parent) (2, Interesting)

ergo98 (9391) | more than 11 years ago | (#5425372)

I am absolutely, positively convinced that spammers hold Slashdot accounts and come here to try to convince us all that it's no big deal, and we should all just live in peace with messages with forged headers, fraudulent subject lines, web bug images intentionally intending to circumvent processes to avoid them, criminal "removal" processes and activities, often pornographic content that could get one fired or put under surveillance (nothing like a big set of tits appearing on your screen when you open the "FW: Budget proposal" message. This ignores that these are sent out to anyone and everyone, including minors), a business that is almost entirely supported by pump-and-dump schemes, bogus snake oils, and outright illegal pyramid (or similar schemes), and a illegal use of other people's hardware and bandwidth resources. How else could someone be so unbelievably stupid to go running around ranting about how it's no big deal? No big deal indeed. Shall I bend over?

Hilarious "irony" alert: Isn't it funny when people specifically go into discussions ABOUT SPAM to complain about how they're sick of "hearing people complain about spam": Hell, you don't even have to "hit the delete key"-DON'T COME INTO THE BLOODY DISCUSSION. Unbelievable. Then again, I'm just sick of reading messages complaining about spam in discussions about spam...

My Spam solution - worth thinking about? (2, Interesting)

MrFredBloggs (529276) | more than 11 years ago | (#5425113)

How about if people had 256 character email addresses? Or 512 bytes? Or 1k? You wouldn't care, as you`d be using your address book. A spammer can use a dictionary to create email addresses and spam them, and be sure a lot exist. But not this way - chances are it would be a non-existant one.

Re:My Spam solution - worth thinking about? (1)

sqlrob (173498) | more than 11 years ago | (#5425304)

So how do you distribute that address to people that need it? A spammer can simply take advantage of that mechanism.

Re:My Spam solution - worth thinking about? (1)

jetmarc (592741) | more than 11 years ago | (#5425359)

Better make it 100K, so the spammer experiences a significant bandwidth problem when he's supplying the Bcc: list to the server..

"Sender pays" should be universal or it won't work (5, Insightful)

analog_line (465182) | more than 11 years ago | (#5425115)

Limiting the "sender pays" model to only bulk e-mail will not work, plain and simple. The spammers will find a way to automate a way to utilize multiple individual free e-mail accounts to get their bulk mail out past any ISP installed trigger. Also, mailing lists would be affected by this as well, as they can easily have thousands of recipients, and they'd be flagged as bulk mail. I imagine this would put the kaibosh on all free internet mailing lists, because if you make an exception for them, spammers will start "subscribing" people to their "free informational mailing list" that they'll claim they asked for, like they already do.

Unless everyone must pay for every e-mail sent, the letter of the law will be exploited to the spammers continued benefit. I don't necessarily advocate moving to a pay system, but if you're going to make anyone pay, you damned well better make everyone pay.

Re:"Sender pays" should be universal... (2, Interesting)

rgmoore (133276) | more than 11 years ago | (#5425289)

Of course it should be universal. But the brilliant part of sender pays is that you can set the payment low enough that it won't be much of a factor for ordinary users, but will be terrible for spammers. For instance, $0.01 per message is unlikely to break the bank for any ordinary net user, but it's enough to significantly raise costs for somebody who's depending on sending out millions of emails for results. An interesting twist on the basic concept that I've considered is the logical conclusion of the sender pays argument: sender pays and recipient gets paid. That way you'd be fine as long as you receive more emails than you send. As a practical matter, most ISPs would probably implement a policy that you wouldn't get a rebate if you received more mail than you sent, and they'd only pay you if they got payment from the original sender, but it would let the process trickle down to ordinary users without greatly inflating their monthly ISP charges.

This would also potentially be able to save mailing lists. One obvious problem with sender pays is that it would make it prohibitively expensive to run an ordinary mailing list. By giving the money to the recipient, though, you could let the lists recoup most of their sending expenses; users would just return a blank message (or a return receipt) every time they got a message on the mailing list, which would send the penny that it cost the list to mail them back to the person running the list.

Re:"Sender pays" should be universal or it won't w (3, Insightful)

Zathrus (232140) | more than 11 years ago | (#5425364)

I haven't read any of his pontifications on sender-pays, but when has that stopped anyone from posting on /. ?

It probably is a everyone pays system - although I suspect that ISPs will then say "x messages per y time period included!" - and either eat the cost or raise their rates to compensate.

The real problem will be the same as it is for any microbilling setup - the overhead is a killer. It all looks well and good to stop the spammer that's hitting you with 100,000 emails, but when you realize that you also have to deal with the 10,000 accounts that are sending 10 emails each, the overhead eats you for lunch. Maybe he's proposed a solution for this - if so, then there's a whole lot of VC's that would like to talk to him.

Re:"Sender pays" should be universal or it won't w (1)

hoggoth (414195) | more than 11 years ago | (#5425369)

The solution to this is simple.
Each email has a "potential" cost. The person receiving the email decides if it's worth a "click" to collect the money.
Most of us wouldn't click on mail from our family or friends and their accounts would not be debited. Many people would gladly run through their spam-filter folder clicking on all of them to collect the money. Even if it isn't much money (a cent or less) I would click on them just for the principle of it.

So don't think of it as "sender pays", think of it as "sender offers to pay".

Ahhh, diddums... (1, Offtopic)

FyRE666 (263011) | more than 11 years ago | (#5425118)

As one concrete example, right this minute there's a network provider who was just assigned most of the 69.0.0.0/8 IP address space. Unfortunately, this was formerly a spam and DOS (denial-of-service) cesspool so many sites out there just block the whole 69.* address space.

So the new owners are making appeals to firewall managers asking them to please remove their blocks in the 69.* space on the NANOG (North American Network Operators Group) list.

So what? An ISP has bought a netblock that they obviously knew was blocked by virtually everybody (or at least they should have), and now they're having to plead with everyone to unblock them. Call me cynical if you like, but I'm guessing they were fully aware of the problems, and this was a major factor in negatiating the price to buy this particular net block. It's like a real-estate firm paying bottom dollar for some slum neighbourhood, since they expect it to turn a tidy profit once they've cleaned it up.

Re:Ahhh, diddums... (0)

Anonymous Coward | more than 11 years ago | (#5425149)

You don't buy it, you get assigned it. Dumbass!

Re:Ahhh, diddums... (0)

Anonymous Coward | more than 11 years ago | (#5425223)

Another problem I've had with blacklists is that some have become rogue and gone power-mad, blacklisting addresses for reasons completely unrelated to their stated purpose such as personal politics.

This is exactly what Alan Brown (MIS) did with ORBS. If there was someone or some competition that he didnt like, they ended up on his list. Lists need to be controlled so that people like Alan Brown (by the way, he fled NZ without paying the money ordered by the court in his defamation case) dont start a power crazied frenzy.

Re:Ahhh, diddums... (4, Informative)

paitre (32242) | more than 11 years ago | (#5425351)

You can't exactly request that you be given a given netblock.
Seriously.
ARIN probably came back and told them "This is the only /8 currently available for assignment right now. take it or leave it and come back in 6 months.

This is why large ISPs and hosting companies (with multiple /16s or larger) tend to have IP addresses all over the place. YOu get what you can get, and you deal with it.

Problem with sender pays (4, Interesting)

leviramsey (248057) | more than 11 years ago | (#5425139)

Is how sender is defined. Is any mail of a commerical nature the definition? Would an email from my stockbroker (ie one I hire) suggesting that I sell MSFT qualify? If it's limited strictly to bulk, where is "bulk" defined.

Yes, certain varieties of spam may be eradicated, but the spammers will simply move on to other varieties that aren't covered.

Gee, what are the odds (0)

Anonymous Coward | more than 11 years ago | (#5425140)

that Slashdot Editor Jamie got his question on the list???? Hrmmm?????

Re:Gee, what are the odds (0)

Anonymous Coward | more than 11 years ago | (#5425172)

All those blowjobs must have paid off.

White list white list white list! (2, Interesting)

jonniesmokes (323978) | more than 11 years ago | (#5425145)

Putting a price on sending mail will make it difficult to get email from peoples who don't have similiar economies. It'll stratify the net based on the dollar value of the people. That's not a good thing.

White lists would require a spammer to spend a small amount of his or her time to get a valid send-to address. But it wouldn't cost a penny. Just time. And if you don't send spam on that valid email, it'll be good for a long long time.

Come on - Isn't this a good solution?

Re:White list white list white list! (1)

DirkDaring (91233) | more than 11 years ago | (#5425309)

I think you are right on the money. It's the best solution I have read about to date.

Spammers are getting even smarter. (4, Informative)

Anonymous Coward | more than 11 years ago | (#5425173)

Modern spambots can recognise and avoid honeypots, they also use advanced regular expressions to decode addresses like yourname [at] domain dot com into yourname@domain.com, Even addresses encoded in javascript can be converted into regular addresses, because spammers know that the harder you try to hide your address, the more likely it is valid. There are viruses going around to create open relays for spammers too. They use special syntax checkers to make sure their spam dosen't get *** tagged *** spam by balayesian classification. Their dirty tricks are always getting smarter, so prepare for it to get worse!

If you are stupid enough to buy software from a spammer, beware it might contain a virus to turn your computer into an open relay, so be smart and install Linux.

What caliber (2, Funny)

peptidbond (189705) | more than 11 years ago | (#5425180)

If you could meet a spammer, what would you say? What would you do? What caliber would you use? Would you want someone to do it for you? Is $10,000 a head too much?

Caliber? Why use a weapon when you can use your HANDS! Or even better, use the spammers hands against them. There is nothing better than beating a spammer to death that to do it with their own arms*.

*NOTE: a spammer with broken arms would have trouble typing ;-)

Education would definately help... (5, Insightful)

RabidMonkey (30447) | more than 11 years ago | (#5425194)

Even at 'our' level of knowledge, we all give out our email addresses every day. And we're not neophytes by any stretch.

Every day thousands of people sign into various sites, drop their email addresses here and there, never thinking of the consequence of where thats going to go, and not seeing the connection to the increased levels of spam. I have one spam account that I use for any site I think is going to sell/lease/rent/whatever my email and I watch it to see when increases begin. I don't ever give out a regular account, because I KNOW I'm going to get spam.

If we could educate the 'regular' masses of internet users that send emails to their family and friends, and surf for news, we'd be ahead already. If we could show them that by giving away your email address you ARE going to get spam, they might stop. The example that works for me is 'do you stop and give out your address to every single store you walk into? to the guys trying to 'give away' free newspapers?' If people learn to control their email address as they do the rest of their personal/private information, there will be less targets for spam.

My 'theory' works in practice. I get about 5 spams a day on my main account, which I use for various mailing lists, websites etc. I selectively give out my 'good' account, and what crap I do get Cloudmark [cloudmark.com] gets rid of for me.

So if we could educate our friends/family not to just give up their email address to every site that wants it, every program they install, every popup that comes up, they'd get a lot less immediately.

This is my last goodbye to the community (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5425199)

Due to increasing dissatisfaction with the internal relations and working practices of the hacker community, it is with some sadness that I have decided to part company from Slashdot community. My decision to leave the community was not an easy one particularly as the last few years were an indication of the full potential that the community was realising.

Since joining in 1982, I have continually striven to give total energy, enthusiasm and commitment to the furthering of the free software's success and in spite of a consistent imbalance in the distribution of the workload, willingly offered this. Unfortunately, within the community, this level of input never received the respect and acknowledgement that it warrants.

Whilst I believe that the calibre of our programming has improved, the quality of our association has deteriorated to the point where I no longer feel that the end justifies the means. I have no wish to cast aspersions on any individual; suffice to say that relations have become seriously strained, increasingly frustrating and, ultimately, in certain situations, intolerable.

Given these circumstances, I have no option but to leave the Slashdot community. It seems preferable therefore, to leave on a relative high, and as I still retain a great enthusiasm and passion for programming, I am excited by the prospect of pursuing new projects.

The remaining Slashdot community members have my support and best wishes for anything they may pursue in the future, be it collectively or individually.

Goodbye!

Also check ... (0)

Anonymous Coward | more than 11 years ago | (#5425202)

I don't think that the idea is practical, and even if it would be possible I would rather use a "nonfungible payment" or "client puzzle" !

one problem (4, Insightful)

cr@ckwhore (165454) | more than 11 years ago | (#5425203)

Good idea, but there is at least one fundamental problem with this proposal: (I'm not pro-spam or anything, just catching the obvious)

From the horse's mouth himself when asked "If the ISPs were to band together to control spam, why shouldn't they just block it entirely?" - his answer: "it's too hard to identify."

Its no secret that spam is hard to identify. If it were easy to identify, we wouldn't even have this duscussion. BUT, if you can't identify it well enough to filter effectively, HOW THE FUCK DO YOU EXPECT TO REGULATE IT?? You think the spammers are going to roll over and suddenly agree to play by the rules, especially since you're going to ask them to start paying $$? I don't think so!!

Go ahead with your system and try to regulate the spammers. In order to do that, you'll have to license each bulk emailer and probably force them to comply with the system by putting a unique identifier in their spam so it can be properly "regulated". Go head... do it! That way, we can grab to licensee list and filter by that... in essence, you'll probably be making spam easier to identify and kill. Where's the economy in that?

setup a trap open relay?? (4, Interesting)

AwesomeJT (525759) | more than 11 years ago | (#5425227)

Well, could someone open a modified sendmail relay that only logs connections and attempts to send spam -- that way you'll have a good idea who is sending the spam (at least the ones dumb enough not cover their tracks before it gets relayed). Then you could DOS or hack that system and disable it. Or at least find the owner or ISP of the IP address. Could be a fun experiment.

Sender pays (2, Interesting)

DonkeyJimmy (599788) | more than 11 years ago | (#5425228)

I'm not so sure I trust this idea. Who are we paying? If the sender pays, then I want the receiver to get paid. Either by everyone getting reduced ISP rates, or just getting to send a free email for each one they receive.

Then, for someone to spam 50,000 people, they'll want to find away to get 50,000 e-mails sent to them, probably from other spammers, and spammer will be fighting spammer in the arena of the web, while us "innocent bystandards" will be making money. More likely, spam will just stop and everyone will send about as many emails as they receive.

need more details on how this would work (3, Insightful)

brkello (642429) | more than 11 years ago | (#5425239)

Having the sender pay for bulk e-mail to stop spam is a nice idea, but I don't see how it can work. First, this will just encourage spammer to hack in to others accounts and e-mail from there. So poor grand ma is stuck with a bill for mail she didn't send (even if she gets her money back because it was hacked in to, it would take a lot of time and money for the ISP to actually investigate that). Second, how do you define bulk? Mail that goes out to more than 20 recipients? If that were the case, they would just generate messages that had 19 recipients and move on to the next chunk. Maybe it can be done by the number of messages per hour. In any case, this would need to be defined, and I am sure wherever that bar is set, the spammers will go right under it. Last, how do your protect legitimate bulk mailers. My mother runs a non-profit dance club with 800 or so members. Everyone on her list has requested to be sent the mail, would she still have to pay the bill?

Overall interesting, I just would like more info on the details...or if the details can't answer those questions, start thinking now.

Sender pays won't work (3, Insightful)

MCZapf (218870) | more than 11 years ago | (#5425240)

This guy talks about how great a "sender pays" scheme would be because it creates revenue and "clarifies the legal situation." But he doesn't give any details as to how it would be implimented. I don't think it can be implimented. You'd have to set up Email2, with authenticated users, payment methods, billing, accounts, etc. AT ALL ISPs. It seems to me that it would be easier to try to get people to stop spamming voluntarily. That is, I don't think it'd be very easy!

Sender pays: ISPs charge for net email traffic (4, Insightful)

DanielRavenNest (107550) | more than 11 years ago | (#5425253)

A simple way to handle spammers and rogue ISPs
is for reputable ISPs to start charging for
net email traffic. Thus if a peering ISP is
sending you more email than you are sending them,
you charge them for the service of transporting
their mail to your users.

ISPs that provide service to spammers will then
be paying for their outgoing email, and will have
every reason to charge the spammers for the
extra traffic.

ISPs on the receiving end of excess traffic
will either have a new revenue stream, or will
have a legitimate reason to blacklist an ISP:
they haven't paid for the service they are
getting.

Daniel

Solutions already exist - for example... (2, Informative)

SpyderFan (654349) | more than 11 years ago | (#5425259)

There has been much discussion of white lists, spammer list, RBLs, simulated 550 bounces, bayesian analysis, etc.

On Linux, these solutions either exist, or are being built, and on Windows there is Spam Sleuth [bluesquirrel.com] for individuals with ISP accounts, or an Enterprise version for companies, ISPs and schools.

The proposed solutions are not mutually exclusive. Most proponents of Bayesian analysis recommend also using a white list. Add RBLs, Profanity Filter, Bad Word Filter, Valid Sender tests, etc. and it really works great. Keep the spam for a "short time" to train the Bayesian Analyzer, and just-in-case an important message slips through.

These are not solutions where everyone has to comply, or it doesn't work. These tools will stop the spam immediately for those who use them. They instantly have an effect, although probably minor, on the spammers.

No need to byzantine systems (3, Insightful)

WNight (23683) | more than 11 years ago | (#5425285)

I advocate simple responsibility and ostrasizing offenders.

We need to sign backbone providers up for a blackhole systems. Then blackhole open relays and spam-friendly ISPs.

If an ISP's client's email doesn't reach 5% of the net, the client's going to blame the target systems. If that client can't email anyone who isn't on his ISP, he's going to blame his ISP. This is why we need a large percentage of backbone providers signed up. We need to make it look like a serious problem, not a normal glitch.

ISPs would probably want to have an account type of people who send more than 100 messages per day, or more than ten copies (non-CCs) of a single message. People with these accounts can be more closely monitored and if someone with a regular account sends out a few hundred spam before being caught, it's not that big of a deal.

We've shown that companies won't disconnect a paying customer until everyone else complains. We need a way to make complaints heard, and an above-reproach spam-listing service to direct the complaints. The service needs to be run by a wide sampling of people and all spam submitted needs to be publicly visible. Anything less opens it up to charges of discrimination. Also, having a strictly documented procedure helps if they're sued by a spammer for defamation.

It needs to be established that while you paid for the pipe for the ability to send data, I am free to choose if I want to listen to you. It's not censorship if everyone decides to ignore you.

How is e-mail different then snail mail? (2, Interesting)

xtheunknown (174416) | more than 11 years ago | (#5425293)

I am not one to take sides with the spammers, but I have one question? How is e-mail different then snail mail?

Recently I moved to a town where there is no home mail delivery. I had to get a PO box. After a few weeks, I found that I was getting more direct mail then mail addressed to me. I asked the post office not to deliver this mail, but they refused saying that those companies paid to have mail delivered to me and therefore they couldn't stop delivery of junk mail. The only way I could get them to stop was to write each junk mailer and request them to stop sending me unsolicited mail.

Well, I don't think I am going to send each one a letter so I just put up with it. How is this any different than spam?

Power-mad RBLS = SPEWS (4, Insightful)

ashitaka (27544) | more than 11 years ago | (#5425298)

Another problem I've had with blacklists is that some have become rogue and gone power-mad, blacklisting addresses for reasons completely unrelated to their stated purpose such as personal politics.

Check out the answers to requests to SPEWS for delisting in news.admin.net-abuse.email. They tend to be along the lines of:

"What? You actually purchased a netblock from that evil, scum-sucking ISP who hosted a website that pointed to another website that somehow gathered email addresses that found their way into some spammers list?" We don't think they'll stop having something to do with spam so forget about them ever being de-listed!!! Serves you right you moronic spam supporting fool for not checking first!! MUWAHAHAHAHAHAHA!!"

I think he's describing SPEWS quite well.

ISP Control? (2, Insightful)

n-baxley (103975) | more than 11 years ago | (#5425324)

In question 4, Mr. Shein says: ...It's not reasonable that an ISP such as myself has no control over what sort of advertising is placed in my customers' mailboxes yet is left responsible for the quality of that experience. ...

I think that's kind of a slippery slope. When the ISP begins deciding what email you get and don't get, where do you draw the line. I would certainly want a system like this to be opt-in so that I can deal with all the email I get (good and bad) and not have that decision made for me by someone else.

Mailing lists? (2, Interesting)

pdawson (89236) | more than 11 years ago | (#5425333)

Here's one I didn't see an answer to: How would a sended-pays system handle mailing lists such as majordomo or yahoo/egroups setups? Any ideas?

I don't get it... (1)

inertia@yahoo.com (156602) | more than 11 years ago | (#5425336)

Replying to the question about whitelists, Barry says:

What you're suggesting is one of those techniques which works pretty well for individuals but is unmanageable at the ISP level.

Meaning, keeping a whitelist isn't a good solution because it's a big task for the ISP. He's an avocate of sender pays. I'd imagine the ISP would have to be involved in this, so how is this more manageable than a whitelist?

I got bored a few questions later, so I stopped reading the interview, so maybe this was already addressed, but if the ISP charges for sent email, what prevents a spammer from starting an ISP?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?