Suppose people stopped getting email accounts and stopped checking their email. Then you wouldn't see any spam.

Okay, so what's an alternative way to get and send messages without using email? You could join a few different bulletin boards, tell people what names you are using on which boards, and send and receive private messages.

If one bulletin board is down, then you will still be able to send and receive messages.

Would spammers then simply switch to sending PMs? A bulletin board could deal with that problem by limiting the number of PMs that a user can send in a given time period, by preventing a user from repeatedly sending PMs to people who have not responded, and by deleting the accounts of people who abuse the PM system.

Comments?

And if we all cut our heads off, we will have cured dandruff.

Seriously, the point is to prevent parasites freeloading to the extent that they damage a useful system. Doing away with the system is not an acceptable solution.

If people would just stop buying the crap the spammers are selling... :rolleyes:

Why can't ISPs limit the number of emails a person sends in a short period?

Because they're getting paid by the spammers, of course.

The solution to spam is to target the ISPs IMO.

Responsible ISPs should club together to cut out the rogue types.

Graham

Originally posted by Soapy Sam
And if we all cut our heads off, we will have cured dandruff.
[...]Doing away with the system is not an acceptable solution.
I didn't suggest that people stop sending and receiving messages over the internet. I suggested that people stop using email to send and receive messages over the internet.

I have to hand it to AOL, their spam filter works great. maybe one or two a day slip by but that's it. It's amazing how much you can reduce your spam when you can eliminate messages with penis, lengthen, viagra, paris hilton, mortgage and refinance in the subject line. My advice...just get a good spam filter.

as for my work e-mail, i've yet to get one piece of junk e-mail at that address. just because i only use it for work, never for shopping, registering for websites etc.

the bulletin board idea simply would not work in a work environment. what would you put on your business cards?

Originally posted by Graham
Responsible ISPs should club together to cut out the rogue types.
"Cut out" means what?

Have responsible ISPs just found out about the spam problem and not gotten around to implementing an obvious solution?

Originally posted by HarryKeogh
the bulletin board idea simply would not work in a work environment. what would you put on your business cards?
That's funny! If the mouse hadn't been invented, I suppose that businesses would never have been able to use microcomputers. After all, it's unbusinesslike to use a joystick and it's too difficult for employees to learn to do everything with keyboard commands.

Anyway, a business card could simply give the URL of a forum and the businessperson's username at that forum. Plus, there could be an alternate URL in case the first one is down.

Or maybe that too would be a breach of the businessperson's code of conduct. We can't admit that a system might sometimes be down, can we?

So you would have to be a member of the bb in order to send a message to someone.

Registation takes time and man power. If you automate it you can't moniter who is coming through and so spammer just register multiple accounts and send to the limity from each one. In order to be useful you are going to have to have message boards with massive memberships which are going to be a right pain to admister. You are also going to have the problem that some groups have a legit reason to send lagre numbers of emails.

Originally posted by geni
So you would have to be a member of the bb in order to send a message to someone.

Registration takes time and man power.

The current approach requires you to read an email address from a business card and type it in. The new approach requires you to also register where there are people with similar interests.

Suppose you want to send email to someone in the widget industry and you feel exhausted after having to first register on a widget-oriented bulletin board. Maybe, in addition to the one person you want to send a message to, there are other widget industry people on the board. You might be able to make useful contacts by being on the board.

Originally posted by geni
In order to be useful you are going to have to have message boards with massive memberships which are going to be a right pain to administer.
How many memberships must there be for it to be useful?

Originally posted by geni
You are also going to have the problem that some groups have a legit reason to send large numbers of emails.
If you want to send the same message to a large number of people, then the message information is unlikely to remain private. So the info can be made available by creating a publicly visible thread.

Originally posted by The idea

The current approach requires you to read an email address from a business card and type it in. The new approach requires you to also register where there are people with similar interests.

Suppose you want to send email to someone in the widget industry and you feel exhausted after having to first register on a widget-oriented bulletin board. Maybe, in addition to the one person you want to send a message to, there are other widget industry people on the board. You might be able to make useful contacts by being on the board.

Hey we have a name for that kind of direct marketing. It's called spam.


How many memberships must there be for it to be useful?

A couple of million (I am noing to register to several hundred boards just to email people)


If you want to send the same message to a large number of people, then the message information is unlikely to remain private. So the info can be made available by creating a publicly visible thread.

Did I say anything about the message being the same?



So lets see so far we have a situation where things are made easyer for spamers since they no longer have to work out people web address and a suggestion that you use threads instead of websites.

Originally posted by geni
Hey we have a name for that kind of direct marketing. It's called spam.
I don't follow you. You are saying that if someone may be interested in communicating with more than one person who is interested in some particular topic, then the email is spam?

Originally posted by geni
So lets see so far we have a situation where things are made easier for spammers since they no longer have to work out peoples' web addresses
There are already people who send and receive private messages on bulletin boards. Have you been receiving a lot of private messages that are spam?

Originally posted by geni
so far we have [...] a suggestion that you use threads instead of websites.
I don't follow you. A thread is an alternative to a private message, but a thread and a private message both exist on a bulletin board. A bulletin board is a kind of website. So how is a thread an alternative to a website?

actually I'm going to give this idea a shot.

any idea how I can configure my cell phone (which I currently use to occassionally check on e-mail) to log on and view any bulletin board?

Originally posted by HarryKeogh
actually I'm going to give this idea a shot.

Really? I was thinking that it was basically a half-baked idea that might improve with a little bit of baking. I didn't think it was ready for implementation.

Originally posted by HarryKeogh
any idea how I can configure my cell phone (which I currently use to occassionally check on e-mail) to log on and view any bulletin board?
Sorry, I don't know anything about cell phones. Does your cell phone have some kind of operating system or instruction set? How do you currently configure it to check on e-mail? Maybe a lot of the work required to allow interaction between your cell phone and your email accounts was programmed into the email servers. If that is true, then presumably bulletin boards would have to upgrade their private messaging systems to allow for interaction with cell phones.

Originally posted by Graham
Why can't ISPs limit the number of emails a person sends in a short period?

Because they're getting paid by the spammers, of course.

The solution to spam is to target the ISPs IMO.

Responsible ISPs should club together to cut out the rogue types.


Although some ISPs are 'spammer friendly', most are not, and will immediately cancel the account of anyone found spamming. There are a number of other issues involved:

- Much spam comes from 'open' relays; in other words, its not the ISP that's responsible for transmitting the mail. The spammer simply finds an open mail relay somewhere in the world and sends through that
- Targetting rogue ISPs can also harm innocent ISPs and/or innocent clients. If I'm an ISP that gets 'blacklisted' by mistake, all my valid (i.e. non-spammer) customers will also be unable to communicate with the rest of the world.

There is a very good solution to the problem of spam, put forward by CAUCE. (See: http://www.cauce.org). Many years ago, when fax machines were new, people would often find their machines were 'spammed' with junk faxes. So, they passed a law that gave the right to sue for each junk fax to the person who receives the fax. The law worked very well. All they have to do is take that law and extend it to e-mail. The advantages of the approach:
- The police/government doesn't have to get involved, since its the person who receives the junk mail who decides to sue or not
- Just the threat of being sued will stop the vast majority of spammers
- The law would give the right to sue the persion on who's behalf the fax was sent. Many spammers are off-shore (or use off-shore services), and can't be touched directly. But, somewhere along the line, they have to be selling a product, and usually that 'product' is sold right from the U.S.
If you ever look at spam, you may notice some spam has a note about not being for people in Washington State. Well, Washington passed a law similar to the one I described above; spammers have to be careful not to send spam to anyone who lives there (and can't send spam from there either.)

The only possible problem is if someone decides to cause problems by sending bogus spam on behalf of someone who didn't request it. I would consider that a case of computer fraud, and once the majority of spam is removed, the cases of fraud should be much easier to track down.

Originally posted by The idea

Really? I was thinking that it was basically a half-baked idea that might improve with a little bit of baking. I didn't think it was ready for implementation.


Sorry, I don't know anything about cell phones. Does your cell phone have some kind of operating system or instruction set? How do you currently configure it to check on e-mail? Maybe a lot of the work required to allow interaction between your cell phone and your email accounts was programmed into the email servers. If that is true, then presumably bulletin boards would have to upgrade their private messaging systems to allow for interaction with cell phones.

as long as I'm clear...we were both being sarcastic right?

Why can't ISPs limit the number of emails a person sends in a short period?

It's really quite trivial to set up a machine as an MTA (mail transport agent). You don't have to send mail through your ISPs MTA. Unfortunately the payload on some recent virusses were actually MTAs that could be exploited by spammers. Some ISPs and users have their MTA improperly configured in a way that a spammer can use it as a relay.


More than you wanted (or needed) to know about e-mail. (http://www.linux.org/docs/ldp/howto/Mail-Administrator-HOWTO.html#toc3)


Your computer could be sending out spam right now.

Originally posted by Skeptoid
If people would just stop buying the crap the spammers are selling... :rolleyes:
I'm glad you brought this up, because I have become totally skeptical of the idea of spam as a viable marketing tool. Most of the spam I get is unintelligible and incomprehensible. Even of the spam that is readable, there is often no way to contact the would-be vendor even if you were crazy enough to want what they are selling. And how many of those are scams? A lot of spam has subject lines like "You are an idiot" and "I hate you." If one were to open these and see that it's an ad for something, who in the world would buy anything through such a process? I am skeptical that anything is ever sold through spam. I am skeptical that spam is a serious marketing tool. I have seen no evidence that spammers sell anything other than mailing lists or click-throughs. There is no way to do any kind of research into the effectiveness of spam as a marketing tool, since only spammers would have access to the necessary data, and they are untrustworthy. Spammers are increasingly employing virus-like techniques. Virus spreaders are using spamming techniques to spread their viruses. The line between the two is rapidly blurring. All evidence suggests that, like viruses, spam is nothing more than a malicious vandalism and spammers should be dealt with accordingly. Personally, I favor life-imprisonment, at the very least. Sooner or later someone is going to go postal on one those high-profile spammers who occasionally get interviewed by Wired or something.

Originally posted by HarryKeogh
actually I'm going to give this idea a shot.

any idea how I can configure my cell phone (which I currently use to occassionally check on e-mail) to log on and view any bulletin board?

For MY cel phone, there is information on using its internal modem with a cable.
http://www.rogerbinns.com/vx4400/vx4400faq.html

Search for "(your cel phone's model number) FAQ", and see if anyone's been as busy tinkering with it as my phone.

I don't use a cellphone. My thumbs are opposed to the idea.

Speaking of The Idea- I appreciate that you did not mean stop using the Internet for mail. My point is this: What we need to do is stop the spammers abusing the system, not move to an alternative and less convenient system to avoid them.

They would follow. Also, this would unfairly load down BBS systems with traffic irrelevant to their operations. JREF can barely handle it's own legit load for example. I wonder how many other boards are supported by solitary volunteers? It would be wrong to abuse their labour like this.

In any case, the situation does seem to be improving. I rarely see any spam now on Hotmail and have seen none at all since I started using my ISP supplied system. (A decent router modem/ Firewall / Spam filter system may be the reason for that.)

Microsoft has come up with a reasonably good way of dealing with spam. You must establish a trust relationship with the recipient by means of paying with computer time.

When a connection is established with the recipients email server there is some exchange of information that requires the sender to do some work taking a few seconds (calculating the answer to some algorithm or the like). Once a trust is established, presumably by user choice, all arriving email from that source passes freely. This method is to be built into future versions of Microsoft email programs. Patches will no doubt follow in the weeks there after.

I have a good way of avoiding spam. It involves not giving my address to anyone who asks. Mail me at example@example.nildram.co.uk and it goes straight into the crap folder. The crap folder is quickly examined and emptied now and then. Unless you know the real myaddress@example.nildram.co.uk address, your mail will not get through.

Obviously, my website only lists web@example.nildram.co.uk as an address, and that goes into another folder.

I enter competitions with the address competitions@example.nildram.co.uk and all the spam goes there.

If my real address (within that subdomain) goes pear-shaped, I'll just use a different one; it's not difficult.

Cheeers,
Rat.

It would be neat if you could bounce unwanted e-mail with a "return to sender, address unknown" message attached, just as if the e-mail wasn't valid. Then your e-mail would register as invalid with the spammer and you would be removed from his list.
Or maybe that wouldn't work?

bangdazap, so if I chose to put your mail address into the mail headers from: field, you'd get a million answers per hour, telling you that the recipient was unavailable.

Forging the header is standard procedure, that's why this won't work.

Oh, and:

If people would just stop buying the crap the spammers are selling...


THAT'S IT!

Yeah, well if "people"* were that smart, we'd have been colonizing space centuries ago.

Unfortunately, "people"* are stupid, and it only takes that 5% described in the Dilbert Principle to make it all worth it for the spammers.

Average intelligence isn't very bright, and placing "average" almost anywhere reasonably valid for an "average", more people will be AT or BELOW average than above it.

A strong argument for better AI: Naturally occurring intelligence is too rare.

Duh!! We are all trying to fix the symptoms, NOT the problem.

The symptoms are well-known: clogged networks and ISP servers, unwitting drones launching tonnes of junk, nights slaving over hot servers fixing stuff, yadda yadda yadda, all the stuff we know and hate. And this is an economic issue too - all this junk consumes real network time, real ISP power, real software development effort to combat, real wasted work time. And that means $$$. BIG $$$, going down the tubes.

The REAL PROBLEM is that emails are running over protocols that have no security capabilities at all, or so few that they are totally inadequate for the job. Remember, email was originally designed to be running on a closed network between trusted clients, so security was a non-issue. Now it's on a wide-open network...but it still has no real security worth spitting on. In effect, we will always be behind the 8-ball because the lifeboat is leaking faster than we can plug the holes (it's nearly been swamped a few times already).

So the solution is obvious: Change the email protocol(s) to be properly secure. Ensure it has those features we know will cut off all avenues for unsolicited emails. Make sure it cannot be circumvented, no code hacks, etc, etc. We are smart enough to do this, so let's do it. Make it pay for ISPs to make the change and simply block-and-drop the old, unsecure email protocols, so they die a quick death.

And I understand this is already in the pipeline anyway. Anyone care to enlighten us on this?

Originally posted by Zep
Duh!! We are all trying to fix the symptoms, NOT the problem.

/snip/


It drives me insane that I can't use my host's mail server but rather only my ISP's mailserver. Maybe I trust one and not the other. Maybe slag off, Cox Communications . . .
But once I'm on the Cox SMTP server, everything's gravy. Hey, now I'm LFTKBS@whitehouse.gov! Or bobsucks@dude.we.scammed.you.bob.net! SMTP is just way too S.

The spam solution?

A spam filter that relies on the principles of Bayesian statistics.

It is reliable, accurate, and trainable.

I've seen this used with amazing success: http://spambayes.sourceforge.net/background.html.

Originally posted by FXT
bangdazap, so if I chose to put your mail address into the mail headers from: field, you'd get a million answers per hour, telling you that the recipient was unavailable.

Forging the header is standard procedure, that's why this won't work.
What? I don't understand. If the spammer gets a message that my e-mail is invalid, why would he keep sending me messages? With this idea the spammer would get the same response as if he was trying to send an e-mail to a genuinly non-existent e-mail address. Not that I know that much about how these things works..

Originally posted by ratcomp1974
I have a good way of avoiding spam. It involves not giving my address to anyone who asks. Mail me at example@example.nildram.co.uk and it goes straight into the crap folder. The crap folder is quickly examined and emptied now and then. Unless you know the real myaddress@example.nildram.co.uk address, your mail will not get through.


Yeah, i use this method as well, but you still get some spam as people get through somehow.

Another method would be to only read emails from people you know (that are in your adress book). The only problem i can see is if you want to contact people for the first time you have to talk to them first.

Any solutions?

The only way to stop spam, and telemarketing, is for enough recipients not to respond that the spammers find their activity totally unprofitable. Unfortunately, spam is like a desert flower -- it exists with apparently no nourishment. I don't want to see many if any restrictions placed on internet communications. So at this point, I'm willing to simply dump the 50 or so spam items a get each day. The few spam-blockers I've looked at seem to require my identifying all those from whom I want to get e-mail, or don't want to. This seems impractical, since I don't recall or know all those I may want to hear from or the thousand or so I don't want to.

I don't like the way the idea of us all having to pay to send emails keeps getting put forward.

If that has to happen then I much perfer a kind of paypal kind of system. I propose that if i send my friend an email i attach a tenth of a penny (or something like that) to that email, which he gets to keep. When he replies I affectively get my money back.

Then every spam email yu get would give you a little money and would bankcrupt then.

Just an idea, I haven't thought it through ...

There are several available solutions to spam, if your in charge of the mailserver

One is whitelists; if someone sends you an email the address is checked; if it isn't in your whitelist a message is sent back to the person requesting the reason they need to speak with you. If they don't give a response you never see the email.

Blacklists are the opposite; your email is checked & if the address appears on a blacklist, you never see the email.

Reverse-DNS lookups can be helpful in combating spam as well.

If you're jsut a common person looking for a decent solution check out http://www.mailwasher.net ; it's a free spam fighter that allows you to bounce messages if you like. Though, honestly, that rarely makes a difference since the header is forged anyway...but it comes with several filters already set up and you can make your own. And it's free.

Bayesian! Bayesian! Bayesian!

:)

What T'ai Chi said...also, I think the standardization of digital signatures being bandied about is a very good idea as well. This way, there's some degree of authentication about who sent what email and this will make it a lot easier to manage.

I'm with lemastre on this in that I want to see as little regulation as possible. I get no spam at home, and I get maybe a dozen a day on my yahoo account. It's really not as big a deal as some make out.

OK, so I can say this easily now that I'm not on dial-up, but it was never really a problem then.

Cheers,
Rat.

I'm amazed at how good a job Yahoo! does of filtering spam. If anything, it's overzealous. I barely get any spam on a many year old account, though I occasionally have to fish something out of the bulk-folder [though they're usually asking for it; one legit email had 'FREE' and 'DO NOT DELETE' in the header, and a dozen links inside]

I've been using www.spampal.org for the past couple of weeks.

It's freeware and not too difficult to setup.

It can use a variety of filter methods (whitelist, blacklist, Bayesian, and pattern matching). I'm using the whitelist/blacklist method with:

Spamhaus XBL
SpamCop
NJABL
DSBL
SPEWS

So far about 6-7 emails have gotten through the blacklists (out of over 100 spam). I've since added a pattern matching filter or two (like any email which Norton cleaned goes in the spam folder).

Anyway... in the past week, it's been 100% reliable. Not bad for a free program with several filtering options.

I use MailWasher. There's a free version you can use for 1 email account. Using it, I can preview the email subject and who they're from. I can blacklist the garbage, even whole domains, and delete/bounce the trash. It never gets to my actual inbox. Recommended by De_Bunk, so you know it's good.

The "Pro" version does Hotmail as well....

DB