Would it be far-fetched to start taking measures against spam mail and e-mail? They're a waste of time, space, paper and money, and only a fraction of all spam sent lead to any kind of sale. I've been using the same hotmail address for about 10 years now and the spam in unbelievable. And since the domain names are a bunch of randomly generated ascii characters, it's impossible to block them.

SPAM should be criminal!

I'll second all of that.

The measure that would work:

Require that all e-mail to my account not blocked pass one of two tests:

(1) The 'from' address appears in a list of approved addresses. (Just like I have in my mailwasher program right now) I have a lot of individual @.com and @.net addys, as well as all educational and government addys *.gov, *.edu.

(2) People not on the list who wish to send me e-mail can put $0.02 in escrow (I think that's the right word). If I look at the mail and decide that they're a friend, I give their $0.02 back with the click of a button. If they're a spammer, I keep the money. If they are unwilling to risk the $0.02 up front, they can call me and get me to add them to my list of approved e-mail addys.

Spammers would go out of business in a hurry if they had to pay $0.02 for every one of the millions of people who would keep it. Other people might find the occasional prick who kept their money to be a burden worth bearing. They could also choose not to e-mail me.

MattJ

Originally posted by Frostbite


SPAM should be criminal!

No criminality is needed. The solution to spam is sooooo simple, but nobody in leadership wants to do the obvious...

Extend the anti-junk Fax law to email.

When faxes first became popular, companies would send out 'junk faxes'. People would come in to the office in the morning and find that all their fax paper had been used up by unsolicited advertisements. So, the US government passed a law which allowed the person receiving the fax to sue the person responsible for sending it for some small amount (was it $50 or $500?) This eliminated the problem almost immediately. (Even if very few people tried to sue, just the threat prevented anyone from sending junk faxes.)

The same law could be applied to 'spam'. Allow the person receiving the spam to sue the people responsible for sending it. Now, a lot of email gets routed through other countries. How to stop that? Easy; the person who gets sued is the person on who's behalf the email is sent.

That's all that's needed. Nice, simple, no need for fancy filters, or getting the police involved. No need for an 'opt out' list, or a 'remove' list. I wish the politicians would actually figure that out.

Some states in the US have started to adopt such laws. You may notice some of your spam mentions something about "Not meant for residents of Washington" or something like that.

For more information, contact CAUCE: http://www.cauce.org

Originally posted by Segnosaur


No criminality is needed. The solution to spam is sooooo simple, but nobody in leadership wants to do the obvious...

Extend the anti-junk Fax law to email.



I think your idea would work. I like mine better, because it doesn't require a law, it only requires an e-mail provider that refuses to pass along mail until the $0.02 is charged.

MattJ

Originally posted by aerocontrols


I think your idea would work. I like mine better, because it doesn't require a law, it only requires an e-mail provider that refuses to pass along mail until the $0.02 is charged.

MattJ

Problem with your idea is that it require complex accounting to be set up. Will everyone have such an account? What if I wanted to email you not with an ad, but with a friendly "Hello, enjoy your postings at JREF"? Would I have to set up some sort of senders-account for those tiny 2 cent transactions? (Would a bank even be willing to handle such transactions without charging a $2 fee for each?)

Originally posted by Segnosaur


Problem with your idea is that it require complex accounting to be set up. Will everyone have such an account? What if I wanted to email you not with an ad, but with a friendly "Hello, enjoy your postings at JREF"? Would I have to set up some sort of senders-account for those tiny 2 cent transactions? (Would a bank even be willing to handle such transactions without charging a $2 fee for each?)

My e-mail provider would have to do it, possibly at the cost of one of those pennies each time it was forced to do it. (My $.02 figure is hypothetical - we could just as easily say $0.25)

The way you could send me an e-mail would be to

(1) put the $0.02 in escrow, (with a credit card or online bank - I would use a service like Paypal if I were the hypothetical e-mail provider) then after I see that it's you, I give it back (minus [from my account, not yours mine friend] my provider's cut, if any) or

(2) Post/PM your e-mail addy and ask me to 'permit' you as a sender.

Or finally, you could say "Who does that MattJ think he is to demand I offer him $0.02 up front just for the priviledge of e-mailing him. Fat chance."

In any case, anyone who sends me spam is going to make me $0.02 richer.

Ideally, instances of needing to use the escrow account would be quite rare. (as rare as non-spam, non-solicited, non work-related e-mails showing up in my inbox which is VERY rare.)

MattJ

I think we're all forgetting that we're an international community now. For example, if I choose to send a junk fax to America right now, can you sue me in Australia?

Originally posted by Mr Manifesto
I think we're all forgetting that we're an international community now. For example, if I choose to send a junk fax to America right now, can you sue me in Australia?

Probably not, but long distance charges are going to eat you up aren't they? Plus, are you faxing on behalf of an Australian company? If so, what do I want to buy from them? If not, then Seggy's policy of going after the American company on whose behalf your faxing works.

My way works, too. My hypothetical fax doesn't get printed until you've offered to pay 'spammers fees' in advance.

MattJ

For what it's worth, I believe that the e-mail providers themselves might be willing to bear the costs of these transactions in order to see the amount of spam decrease. (Spam-filled bandwidth costs them a lot of money.)

Originally posted by aerocontrols


My e-mail provider would have to do it, possibly at the cost of one of those pennies each time it was forced to do it. (My $.02 figure is hypothetical - we could just as easily say $0.25)


But then, you're forcing your email provider to set up all this accounting stuff. Many ISPs are small organizations, and may not have the resources to set up accounts like that. And would they handle the 'sending' portion as well? (for example, if I wanted to send out email only.)

Originally posted by aerocontrols


(1) put the $0.02 in escrow, then after I see that it's you, I give it back (minus my provider's cut, if any) or

MattJ
So, I could get charged (i.e. pay the provider's cut) even if I sent email that you actually wanted?

And if the provider didn't get a cut, what incentive would they have for handling all these 2 cent transactions if they never get paid for it? (I have one email account that never gets spam; an 'escrow' account would cost money to set up, and may never recoup its losses.)
Originally posted by aerocontrols

(2) Post/PM your e-mail addy and ask me to 'permit' you as a sender.


What about cases where there is no 'easy' way to contact the person ahead of time? Here we can post/PM someone; you may not always have that facility. What if you have your email address on a web page? Or I need to contact you for (non-spam) business reasons? There are a lot of cases when email serves as the first point of contact.

Originally posted by aerocontrols

Ideally, instances of needing to use the escrow account would be quite rare. (as rare as non-spam, non-solicited, non work-related e-mails showing up in my inbox which is VERY rare.)

MattJ

Would everyone have an escrow account? Would they have to have an escrow account to email you? You could be eliminating spam, but you could also eliminate some of the few legitimate emails that you actually do get.

And of course, another problem is that it wouldn't totally eliminate the problem; some spammers may still send email (without putting in their deposit) on the hope that some people will have their email set to "accept everything". Even though you might not get much spam, your mail provider will still waste resources handling the 'payless' email (even if its just to reject them.)

There are free market ways of blocking most spam. There are "blackhole" registries your ISP can subscribe to. These require no government regulation and keep junk email from ever landing on a harddrive and wasteing space.

Originally posted by Segnosaur


But then, you're forcing your email provider to set up all this accounting stuff. Many ISPs are small organizations, and may not have the resources to set up accounts like that. And would they handle the 'sending' portion as well? (for example, if I wanted to send out email only.)

I would be paying a provider who was willing to do that. "forcing" doesn't enter into it. I don't understand your last sentence. You want to send but not receive e-mail? Then why would you be interested in blocking incoming e-mails?

Originally posted by Segnosaur
So, I could get charged (i.e. pay the provider's cut) even if I sent email that you actually wanted?

Not necessarily. See my edit (you probably have by now)

Originally posted by Segnosaur
And if the provider didn't get a cut, what incentive would they have for handling all these 2 cent transactions if they never get paid for it? (I have one email account that never gets spam; an 'escrow' account would cost money to set up, and may never recoup its losses.)

I would pay them. If you don't get spam, then don't pay them.


Originally posted by Segnosaur
What about cases where there is no 'easy' way to contact the person ahead of time? Here we can post/PM someone; you may not always have that facility. What if you have your email address on a web page? Or I need to contact you for (non-spam) business reasons? There are a lot of cases when email serves as the first point of contact.

If I put my e-mail address on a webpage (as it is now) and you try to e-mail me, you will meet with no success unless you are willing to pony up the $0.02. If it isn't worth risking two cents to you to contact me, I'll pass on whatever you have to offer.


Originally posted by Segnosaur
Would everyone have an escrow account? Would they have to have an escrow account to email you? You could be eliminating spam, but you could also eliminate some of the few legitimate emails that you actually do get.

1) No need for one if they didn't want to contact people with addy's like mine.
2) No, they could call me, or write me a letter, or they could have one the addy's I've allowed *.gov, *.edu... in the future, perhaps *@boeing.com

Originally posted by Segnosaur
And of course, another problem is that it wouldn't totally eliminate the problem; some spammers may still send email (without putting in their deposit) on the hope that some people will have their email set to "accept everything". Even though you might not get much spam, your mail provider will still waste resources handling the 'payless' email (even if its just to reject them.)

I'm not interested in totally eliminating the problem. I'm interested in not receiving spam myself.

MattJ

Originally posted by corplinx
There are free market ways of blocking most spam. There are "blackhole" registries your ISP can subscribe to. These require no government regulation and keep junk email from ever landing on a harddrive and wasteing space.

Although 'black holes' help, there are several problems with them:

- Non-spammers can get stuck on the list, and once on there, it can be very difficult to get off of it

- It allows spammers 'one shot' to send out their spam (prior to getting listed)

- The number of senders (and/or the ability to disguise the true origin of the spam) probably outstrips the size of the blackhole list.

Originally posted by corplinx
There are free market ways of blocking most spam. There are "blackhole" registries your ISP can subscribe to. These require no government regulation and keep junk email from ever landing on a harddrive and wasteing space.

What I propose is a free market method.

Originally posted by aerocontrols

I would be paying a provider who was willing to do that. "forcing" doesn't enter into it. I don't understand your last sentence. You want to send but not receive e-mail? Then why would you be interested in blocking incoming e-mails?


You're right, nobody is 'forced' to do anything. But, email is supposed to simplify communication, not make things more complex.

As for my last sentence, I was picturing someone with an email account that just sends occasional emails, and doesn't NEED spam protection. (Perhaps they are careful and never get spam.)

Originally posted by aerocontrols

I would pay them. If you don't get spam, then don't pay them.


If you don't mind spending money to ensure a spam-free life, you could always just hire someone to sort your email for you.

Originally posted by aerocontrols

I'm not interested in totally eliminating the problem. I'm interested in not receiving spam myself.



But even if you don't receive spam yourself, you still have problems: Your mail provider must spend money to handle mail to you which DOESN'T get paid for (which means higher fees for you), and you run the risk of loosing out on legitimate emails.

If you don't mind those risks, why not just skip email together and go with some instant messaging system? You can send and receive messages just like email, yet avoid a lot of spam.

Black holes can work. The majority of spam comes from open mail relays. Black holes of open mail relays make spam for the most part vanish.

Originally posted by corplinx
Black holes can work. The majority of spam comes from open mail relays. Black holes of open mail relays make spam for the most part vanish.

True, but like I said, 'false positivies' are still very much possible (and can cause a lot of trouble form ISPs.)

And as I said before, before the open relay is listed, a spammer can use it to send out thousands of emails.

Plus, it may keep you from getting spam, but your ISP must still spend the bandwidth and resources to receive the mail, sort it and reject it, even if the sender is listed by a black hole.

Originally posted by Segnosaur
You're right, nobody is 'forced' to do anything. But, email is supposed to simplify communication, not make things more complex.

The vast majority of the people I correspond with are already on my 'friends' list. There would be no added complexity in my communications with them. What adds complexity is dozens of spam e-mails I get every day.

Originally posted by Segnosaur
As for my last sentence, I was picturing someone with an email account that just sends occasional emails, and doesn't NEED spam protection. (Perhaps they are careful and never get spam.)

I presume they would have no need to use the provider I propose.

Originally posted by Segnosaur
If you don't mind spending money to ensure a spam-free life, you could always just hire someone to sort your email for you.

To some extent, I do. (http://www.firetrust.com/products/mailwasherpro/) I am willing to pay more, but to hire an assistant to perform this task seems to me to be beyond my budget, as well as likely to breach my privacy in ways I would rather not put up with.

Originally posted by Segnosaur
But even if you don't receive spam yourself, you still have problems: Your mail provider must spend money to handle mail to you which DOESN'T get paid for (which means higher fees for you), and you run the risk of loosing out on legitimate emails.

Why would I lose out on legitimate e-mails? (I suspect you and I have different definitions of 'legitimate' in this case)

Originally posted by Segnosaur
If you don't mind those risks, why not just skip email together and go with some instant messaging system? You can send and receive messages just like email, yet avoid a lot of spam.

Because instant messages and e-mails are in no way equivalent, and if they were, they would be a big draw for spammers.

MattJ

Originally posted by aerocontrols

The vast majority of the people I correspond with are already on my 'friends' list. There would be no added complexity in my communications with them. What adds complexity is dozens of spam e-mails I get every day.


There would be added complexity. (Bank account information would have to be set up, etc.) Its just that you're willing to live with that complexity. But you shouldn't have to.

Originally posted by aerocontrols

To some extent, I do. (http://www.firetrust.com/products/mailwasherpro/) I am willing to pay more, but to hire an assistant to perform this task seems to me to be beyond my budget, as well as likely to breach my privacy in ways I would rather not put up with.


The thing is, you shouldn't have to pay ANYTHING. Sueing spammers for sending email would prevent you from getting spam, without costing you a cent, and without making ISPs or users set up escrow accounts to send email.

Originally posted by aerocontrols


Why would I lose out on legitimate e-mails? (I suspect you and I have different definitions of 'legitimate' in this case)


My definition of 'legitimate' is non-spam email (in this case, from someone that you have not had prior contact with before). You may have never gotten email like that before, and you may never get any in your life. However, if you had your 'escrow account' activated, you would eliminate all possibility of this happening. This may not be important to you, but it would be for me (and for probably most internet users; we don't want spam, but we also don't want some family member to not get in touch with us.)

Originally posted by aerocontrols

Because instant messages and e-mails are in no way equivalent, and if they were, they would be a big draw for spammers.



It depends on the 'instant messaging' software, but many can send messages that are received immediately, or stored for later retrieval. Many can allow you to send/receive files. So they are functionally equivalent to email.

As for being a 'big draw' for spammers, there are things preventing that... There are multiple messaging systems (Spammers couldn't cover them all), and it is harder to 'disguise' who you are (as you can with email and open message relays.)

Originally posted by Segnosaur
There would be added complexity. (Bank account information would have to be set up, etc.) Its just that you're willing to live with that complexity. But you shouldn't have to.

You're willing to put up with the complexity of court cases to stop spammers (presuming that you can stop overseas spammers your way, which you can't for many products - herbal viagra from Brazil?) I don't think it's sinking in to you truly how few unsolicited, non-spam, non-work related e-mails I get. Assuming every one of those people chose not to e-mail me, I could probably count them on one hand. If those people chose not to set up an account, and chose not to contact me in some other way, I wouldn't miss them.

Originally posted by Segnosaur
The thing is, you shouldn't have to pay ANYTHING. Sueing spammers for sending email would prevent you from getting spam, without costing you a cent, and without making ISPs or users set up escrow accounts to send email.

Why don't you try it up in Canada and tell me how it goes. I bet the ads for penis enlargment from China don't stop.

Originally posted by Segnosaur
My definition of 'legitimate' is non-spam email (in this case, from someone that you have not had prior contact with before). You may have never gotten email like that before, and you may never get any in your life. However, if you had your 'escrow account' activated, you would eliminate all possibility of this happening. This may not be important to you, but it would be for me (and for probably most internet users; we don't want spam, but we also don't want some family member to not get in touch with us.)

It's not important to me. How does your family get your e-mail address? Those members who have mine got it from me. Give someone your e-mail - add them to your friend's list. Simple concept.

Originally posted by Segnosaur
It depends on the 'instant messaging' software, but many can send messages that are received immediately, or stored for later retrieval. Many can allow you to send/receive files. So they are functionally equivalent to email.

As for being a 'big draw' for spammers, there are things preventing that... There are multiple messaging systems (Spammers couldn't cover them all), and it is harder to 'disguise' who you are (as you can with email and open message relays.)

Multiple messaging systems... not equivalent to e-mail.

MattJ

Originally posted by aerocontrols

[...]
Spammers would go out of business in a hurry if they had to pay $0.02 for every one of the millions of people who would keep it. Other people might find the occasional prick who kept their money to be a burden worth bearing. They could also choose not to e-mail me.


Doesn't the cost of a monetary transaction exceed your $0.02 at least tenfold? Who is going to pay for that?

More importantly, your solution would require you to be notified -- by e-mail -- whenever someone tries to contact you. Such messages would be sent from an escrow company, which by definition would have to be on your approved address list. What would happen if your solution became popular would be that spammers started specifically forging escrow company addresses. Your inbox would fill up with alleged notifications of people willing to pay two cents in order to contact you, but when you opened the messages most of them would turn out to contain spam. You would effectively inform spammers about how to send you messages -- for free -- that you have to open and read before deleting.

The process can be easily automated too. Your ISP would bounce unsolicited e-mail, along with information about your escrow terms. A test spamming would thus harvest information about active accounts, from which escrow company addresses could be extracted. And your e-mail address would be burned, along with a hundred thousand others, onto a CD labeled (for example) "Suckers who accept mail from Pay Pal."

Originally posted by karl
Doesn't the cost of a monetary transaction exceed your $0.02 at least tenfold? Who is going to pay for that?

The number was a guess. The actual amount to be offered would have to be enough to offset the transaction cost, of course.

Originally posted by karl
More importantly, your solution would require you to be notified -- by e-mail -- whenever someone tries to contact you. Such messages would be sent from an escrow company, which by definition would have to be on your approved address list. What would happen if your solution became popular would be that spammers started specifically forging escrow company addresses. Your inbox would fill up with alleged notifications of people willing to pay two cents in order to contact you, but when you opened the messages most of them would turn out to contain spam. You would effectively inform spammers about how to send you messages -- for free -- that you have to open and read before deleting.

The process can be easily automated too. Your ISP would bounce unsolicited e-mail, along with information about your escrow terms. A test spamming would thus harvest information about active accounts, from which escrow company addresses could be extracted. And your e-mail address would be burned, along with a hundred thousand others, onto a CD labeled (for example) "Suckers who accept mail from Pay Pal."

I wouldn't be notified that there was mail waiting for me. I would receive the e-mail (spam or not) and a choice to keep or return their money, based on my choice of whether it was wanted. I would only receive that e-mail if the deposit was in the escrow account, however, which would be something that my ISP would need to verify. How would spammers 'spoof' having provided money to an escrow account?

MattJ

Originally posted by aerocontrols


You're willing to put up with the complexity of court cases to stop spammers (presuming that you can stop overseas spammers your way, which you can't for many products - herbal viagra from Brazil?) I don't think it's sinking in to you truly how few unsolicited, non-spam, non-work related e-mails I get. Assuming every one of those people chose not to e-mail me, I could probably count them on one hand. If those people chose not to set up an account, and chose not to contact me in some other way, I wouldn't miss them.


99.9% of all spam would be stopped simply from the THREAT of a law suit, so no action is required. Even if someone DID decide to send spam, it can be handled in small claims court. (Many spammers probably wouldn't even bother trying to defend themselves, resulting in a summary judgement.)

And I have an idea how few useful unsolicitied emails you get. I'm in pretty much the same boat. I just don't want to have to put in extra effort and money to stop a problem which can be eliminated at the source.

Originally posted by aerocontrols

Why don't you try it up in Canada and tell me how it goes. I bet the ads for penis enlargment from China don't stop.


Although a lot of spam comes from overseas, most is sent on behalf of companies that actually reside in the US. Perhaps that may change in a few years as more of the world becomes interconnected. However, when real physical products are involved, the cost of shipping to another country will make email marketing a little impractical.

Originally posted by aerocontrols

It's not important to me. How does your family get your e-mail address? Those members who have mine got it from me. Give someone your e-mail - add them to your friend's list. Simple concept.


I have had my parents give my email address to aunts and uncles when they wanted to contact me. Yes, they could have phoned me first, but then why bother with email if you're just going to talk on the phone anyways?

Originally posted by aerocontrols

Multiple messaging systems... not equivalent to e-mail.


You haven't explained how they are not equivalent.

I'm kinda talking out my ass here but(t) what if everyone used an MTA at localhost? Then ISPs would not have to relay any mail at all. Spammers would have to send their own mail rather than slurping the service from some poor guy with sendmail improperly configured. They would be less anonymous this way.

This would be a hassle for Windows users who might have to buy some new software but this is trivial for us Linux (or BSD) users.

I find spam to be less of a problem than paper based junk mail. I get a couple of kilos a week of dead trees stuffed into my mail box. I'd really like to stop that. (Ok, some of it is recycled but why cycle in the first place.)

Originally posted by Segnosaur


99.9% of all spam would be stopped simply from the THREAT of a law suit, so no action is required. Even if someone DID decide to send spam, it can be handled in small claims court. (Many spammers probably wouldn't even bother trying to defend themselves, resulting in a summary judgement.)

as I said... give it a try in Canada.

Originally posted by Segnosaur
And I have an idea how few useful unsolicitied emails you get. I'm in pretty much the same boat. I just don't want to have to put in extra effort and money to stop a problem which can be eliminated at the source.

As long as the source is domestic, which it isn't.

Originally posted by Segnosaur
Although a lot of spam comes from overseas, most is sent on behalf of companies that actually reside in the US. Perhaps that may change in a few years as more of the world becomes interconnected. However, when real physical products are involved, the cost of shipping to another country will make email marketing a little impractical.

I get e-mail from porn and gambling providers, software providers, and herbal supplement providers... I don't get spam from companies offering 'big' items for which shipping costs would be prohibitive. What kind of spam do you get?

Originally posted by Segnosaur
I have had my parents give my email address to aunts and uncles when they wanted to contact me. Yes, they could have phoned me first, but then why bother with email if you're just going to talk on the phone anyways?

*shrugs* the only time my folks have done that is when my mother/stepmother did it, and both times they just sent both targets an e-mail.

Originally posted by Segnosaur
You haven't explained how they are not equivalent.

Because you did. The fact that there are multiple systems makes them impractical for use as a replacement e-mail service, which is one of the same reasons it makes them impractical to spam.

MattJ

It is illegal here in DK as far as I know. If you're spammed you can report it, but rarely anything can be done, since nearly all the spam comes from other countries without the same laws. Maybe a solution would be if people started boycotting hotmail, and similar "services", that sell your e-mail address to these kinds of bogus companies.

Peter :)

Originally posted by aerocontrols

The number was a guess. The actual amount to be offered would have to be enough to offset the transaction cost, of course.


Okay, but the point is that you wouldn't be able to return or keep all the money. Part of it -- perhaps $0.30 -- would be kept by a bank or credit card company. This would essentially be a one-time fee to get onto your approved list. As long as everyone's OK with that, however, I guess it isn't a problem.


I wouldn't be notified that there was mail waiting for me. I would receive the e-mail (spam or not) and a choice to keep or return their money, based on my choice of whether it was wanted. I would only receive that e-mail if the deposit was in the escrow account, however, which would be something that my ISP would need to verify. How would spammers 'spoof' having provided money to an escrow account?


Then I misunderstood your suggestion. But your approved address list is still a gaping security hole. For example, everyone with a Hotmail account would be required to have at least "support@hotmail.com" on their list, so that the administrators could contact them without having to shell out the escrow amount. This would be public knowledge. It's not difficult to write a program that sorts spam recipient addresses according to their mailbox domains and forges an appropriate sender address for each group.

I keep getting spam which tells me it's not spam because it gives me the option to unsubscribe and not receive anymore spam. I'd prefer the option of electing to receive junk, rather than electing not to. I think I should also receive a retrospective royalty from the company/ies which collected my details and sold it on in compensation for using my details without my permission. I'm sure they must be breaking some data protection laws by doing that.

I'd also like to introduce their kneecaps to Mr Cricket Bat, but that's just a personal thing...

Btw, anyone got any hints or links on e-mail mangling?

I love it!

I'm having baked beans, spam, spam, spam, spam, spam, spam, and spam!!

Originally posted by Kodiak
I love it!

I'm having baked beans, spam, spam, spam, spam, spam, spam, and spam!!

You want spam with that?!!

You can bloody well have mine! :D

Originally posted by BillyTK


You want spam with that?!!

You can bloody well have mine! :D

Why can't you have egg, bacon, spam, and sausage?

Originally posted by Kodiak


Why can't you have egg, bacon, spam, and sausage?

I don't want ANY spam!
THAT'S got spam in it!
Could you do the egg bacon spam and sausage without the spam then?
I don't like spam!

"And since the domain names are a bunch of randomly generated ascii characters, it's impossible to block them."

Get a Bayesian filter. Customizable to each user, and has a low false positive probability.

-Who

Originally posted by BillyTK


Btw, anyone got any hints or links on e-mail mangling?


What exactly do you mean by 'e-mail mangling'? Do you mean ways to 'post' your email address (on, for example, a web page) so that it looks normal to the viewer, but can't be "harvested" by a bot collecting addresses?

For web pages, I believe the easiest way is to replace the "@" sign with its ascii equivalent in HTML ( & # 64; )

Originally posted by aerocontrols
(2) People not on the list who wish to send me e-mail can put $0.02 in escrow (I think that's the right word). If I look at the mail and decide that they're a friend, I give their $0.02 back with the click of a button. If they're a spammer, I keep the money. If they are unwilling to risk the $0.02 up front, they can call me and get me to add them to my list of approved e-mail addys.


Well, you'll never get any mail from me, then. There's no way I'd expose ONE CENT of my money to risk from an unknown person on the internet.

Consider what you're saying, and consider what effect it would have on people who were trying to initiate a dialog. Consider what would happen when people who do politically manipulitive things used your system. Consider what Malachi or JK would do with your system.

I think it needs some more thought. Being able to get compensated for real spam is fine, no problem there.

Originally posted by Segnosaur
The same law could be applied to 'spam'. Allow the person receiving the spam to sue the people responsible for sending it. Now, a lot of email gets routed through other countries. How to stop that? Easy; the person who gets sued is the person on who's behalf the email is sent.


Now that's another utterly idiotic idea that will lead to attacking people's entire life savings.

Consider, under your DUMB DUMB DUMB idea all that has to happen is for some lying dweeb, of which there are zillions on the internet, to forge up some solicitation on YOUR BEHALF. Poof, there goes your entire life savings in one shot.

Do you REALLY want that?

Originally posted by Segnosaur


True, but like I said, 'false positivies' are still very much possible (and can cause a lot of trouble form ISPs.)

And as I said before, before the open relay is listed, a spammer can use it to send out thousands of emails.

Plus, it may keep you from getting spam, but your ISP must still spend the bandwidth and resources to receive the mail, sort it and reject it, even if the sender is listed by a black hole.

In fact, it's quite positive to falsely tar a system as an "open relay" by some creative forgery. Most of the blackhole lists will someday acquire enough liability to just go "poof" and disappear up their own event horizon for this very reason, unfortuately.

The problem is hard, very hard.

Originally posted by jj


Well, you'll never get any mail from me, then. There's no way I'd expose ONE CENT of my money to risk from an unknown person on the internet.

Why would you not send me any mail? You don't have to expose ONE CENT of your money if you ask me to put you on my 'allowed' list beforehand.

There is a reason the option you object to is listed as a number - (2) rather than the only option.

Enlighten me as to what Malachi or JK could do with the system I propose. I can't see how my system could be abused.

MattJ

Originally posted by aerocontrols

Why would you not send me any mail? You don't have to expose ONE CENT of your money if you ask me to put you on my 'allowed' list beforehand.

Sorry. We have to presume that email may be the only way to initiate contact. Yes, here we have PM's. That's not always the case, you know.

There is a reason the option you object to is listed as a number - (2) rather than the only option.

I think you're oversimplifying by a factor of a google or so, personally (yes, I'm speaking a bit hyperbolically). Given the ability to forge mail, etc, as others have pointed out, the real results will be counter to what you wanted, I think.

Enlighten me as to what Malachi or JK could do with the system I propose. I can't see how my system could be abused.

MattJ

Well, leaving out the forgery and harvesting aspects already mentioned above (which are fatal, I think, but that's a different argument), let's say that a totally unpleasant right-wing person posted some misogynestic crap to a major USENET group.

Consider how much money he could make by alleging that he requires this for "anti-spam" reasons, and then considering the opposition spam.

Sorry, I think you're oversimplifying the problem by an order of magnitude or 14...

Originally posted by jj
Sorry. We have to presume that email may be the only way to initiate contact. Yes, here we have PM's. That's not always the case, you know.

No we don't. That is highly illogical. Nearly every person I send e-mail to I 'met' in some other way long before I e-mailed them. When I give someone my e-mail address I have already 'contacted them. There may be other people for which your statement is true. My proposal would not be right for them, though they may see some 'free rider' benefits if spam decreases overall.

Originally posted by jj
I think you're oversimplifying by a factor of a google or so, personally (yes, I'm speaking a bit hyperbolically). Given the ability to forge mail, etc, as others have pointed out, the real results will be counter to what you wanted, I think.

If we presume the perfect ability to forge, then nothing will work. Karl's example, however:

For example, everyone with a Hotmail account would be required to have at least "support@hotmail.com" on their list, so that the administrators could contact them without having to shell out the escrow amount. This would be public knowledge. It's not difficult to write a program that sorts spam recipient addresses according to their mailbox domains and forges an appropriate sender address for each group.

Falls a little short of the mark, doesn't it? How will a spammer 'fool' Hotmail (which he's presuming my e-mail provider to be, apparently) into allowing a forged mail to go through? Hotmail knows whether or not it sent the e-mail, and it wouldn't be that hard for hotmail to stop it from going through. That is, if I am operating a mail relay, and someone who is not me attempts to send mail through my system in my name, it should not be difficult to stop them. Hotmail should have such a system in place already, just for the sake of security. Finally, Hotmail doesn't need an e-mail address in order to send me e-mail. They have direct access to my account, since it sits on their machine.

'Harvesting' as Karl describes it would be very costly to a spammer, unless he can think of a way to defraud my ISP.

Originally posted by jj
Well, leaving out the forgery and harvesting aspects already mentioned above (which are fatal, I think, but that's a different argument), let's say that a totally unpleasant right-wing person posted some misogynestic crap to a major USENET group.

Consider how much money he could make by alleging that he requires this for "anti-spam" reasons, and then considering the opposition spam.

I don't use USENET. I am not familiar with USENET. Depending on how USENET works, it may not be compatible to use an e-mail account such as I describe with the system. How would that affect me?

Originally posted by jj
Sorry, I think you're oversimplifying the problem by an order of magnitude or 14...

Maybe. I have yet to see a reason why my idea can't work. Forgery and 'harvesting' won't work (it seems to me) as Karl has described them. How do you think they would work?

MattJ

Whatever happened to not giving out your email to people who you do not trust to not give it out to others? Works well for me, I have a few email accounts that are 100% spam free.

Originally posted by jj


Consider, under your DUMB DUMB DUMB idea all that has to happen is for some lying dweeb, of which there are zillions on the internet, to forge up some solicitation on YOUR BEHALF. Poof, there goes your entire life savings in one shot.

Do you REALLY want that?

The same argument (that someone could be 'framed') can be applied to any law. (But, I've never heard of anyone trying that with the anti-fax law, even though it has the same pentalties.)

If someone does forge spam on somone's behalf, then it becomes a case of fraud, and THAT would be punishable as a criminal offence.

A few general email tips to help minimize SPAM:

I receive no SPAM on my personal email account, and most SPAM sent to my Yahoo account is sorted out by Yahoo and put into a junk folder automatically. Periodically I empty this folder without looking at the contents...just one click. Simple. I received one "false positive" in there that I'm aware of perhaps a year ago (it was from my ex-girlfriend so maybe it wasn't really a mistake?).


1. Have a "main" email address to give to your friends and family.

2. Register for and use Yahoo email accounts, or other "junk" accounts when you sign up for webboards, or when filling out any other web-based form that requires an email address. You never know if that address is going to be sold to others, which leads me to...

3. Read a website's Privacy Policy. You may be surprised at what you read in some of these. I never read them (who does?). I just assume the worst when giving out an email address. If I don't know you, you're getting my Yahoo account.

4. Never post your email addy on a forum such as this one, especially in the body of your message. "Bots" scan websites searching for and collecting email addresses. I used to include my email addy (plain for all to see) with the news I posted on my own website. I received tons o' SPAM. So I deleted that email account and made a new one. When I post news now, I include no email contact info. This account receives no SPAM at all.

For curiosity sake, try doing a search on Google for your email addy and see if anything comes up (webboard postings, etc). If you see anything, then the webbots will find you as well.

5. Be careful what you sign up for online. My mother signs up for "email lists". These are sites that send out daily jokes and cartoons via email. Of course some of these services undoubtedly sell her email addy to other companies. She receives a LOT of SPAM. But it's mainly her own fault for giving out her email address so easily. At least use a Yahoo account for this type of thing and let them deal with the SPAM.

6. Use an email filter. Most email clients have built in customizeable filtering systems. For instance, I have a filter that deletes any email with the word "unsubscribe" in the message. This still requires you to download the message from the server first, but at least you don't need to look at it.

7. Many ISP's have SPAM eliminators. Check the website of your ISP, you may need to activate this feature yourself. I have my own domain name and my email is based on that, so this may give me better security than using an ISP email account.

Other suggestions:

Don't use Microsoft Outlook or Outlook Express as an email client (my personal recommendation anyways). Most computer viruses are designed to exploit the features of these programs. I use Eudora (www.qualcomm.com). It doesn't automatically open embedded items and attachments which reduces the risk of accidentally activating a virus. Also, many viruses are designed to scan Outlooks' address books and automatically forward the virus-laden email to everyone listed without your knowledge. Most viruses don't work this way in other email programs...so far.

Internet Pop-up ad windows: This is a form of SPAM, in a looser sense. Use a Pop-up blocker program. I use a free utility called "Pop-Up Stopper" (www.Panicware.com). You can disable it when needed with an icon in the system tray (Windows). Works great for me.

As suggested earlier, check out www.CAUCE.org for more info on fighting SPAM.

Hope this helps someone out there.

This has been a public service announcement...

More:
As for the "$.02 escrow per email" idea, that's fine for people willing to pay for that service. Theoretically it could work. An Email Filtering service of some sort may be marketable to large companies. However, a good portion of the population would need to be willing to pay for this service or it would have little cost-effect on the offending companies. Requiring users to have Pay-Pal accounts or credit cards would leave a lot of people without this option. Two cents lost here or there may be worth the amount of emails sent out that are not blocked. My guess is that the ratio of "blocking services" would be very low, and perhaps these email addresses would be gathered, listed, and sold to companies as a "Do Not Send" list, along with a "Accounts That are Not Blocked" list. In other words, I don't think Spammers would be hit too hard by this unless everyone used it.

The best way to fight this currently is for the user to be informed of all tools at her/his disposal. Use an ISP with good email filtering, be careful with your email address. When people stop registering "hits" to the sender of the email by clicking on a banner ad and following it, when users take control of their email through learning, when SPAM fails to sell, it will end. Maybe.

A related note: Phone solicitors.

You would think that the phone companies would campaign and fight against telemarketing companies, right?

Wrong!

Turns out that a company has invented a gadget to help telemarketers bypass "blockers" that people can install on their phone system. These blocker systems send an audio tone when the receiver is picked up which will tell an automated telemarketing dialing system (or whatever) that this number is not valid. The number is then removed from the database by the company, supposedly.

So now some guy has invented a gadget that will ignore this signal and keep the phone numbers on their lists. And the PHONE COMPANIES, for a price, are helping to implement this system! Looking for a link but I saw this story a few months ago on CNN.com I think.

So, if the phone companies are playing on both sides of the fence and helping telemarketers beat the system, how are the ISP's REALLY handling SPAM?

Originally posted by Segnosaur



What exactly do you mean by 'e-mail mangling'? Do you mean ways to 'post' your email address (on, for example, a web page) so that it looks normal to the viewer, but can't be "harvested" by a bot collecting addresses?
Yup!

For web pages, I believe the easiest way is to replace the "@" sign with its ascii equivalent in HTML ( & # 64; )
Cheers! I'll give it a go!

Originally posted by aerocontrols

Falls a little short of the mark, doesn't it? How will a spammer 'fool' Hotmail (which he's presuming my e-mail provider to be, apparently) into allowing a forged mail to go through? Hotmail knows whether or not it sent the e-mail, and it wouldn't be that hard for hotmail to stop it from going through. That is, if I am operating a mail relay, and someone who is not me attempts to send mail through my system in my name, it should not be difficult to stop them. Hotmail should have such a system in place already, just for the sake of security. Finally, Hotmail doesn't need an e-mail address in order to send me e-mail. They have direct access to my account, since it sits on their machine.


I don't know how spammers fool Hotmail into allowing forged mail to go through. I only know that they do. The MSN Hotmail FAQ has a section devoted to how Hotmail users can report spam from faked Hotmail accounts, so apparently this is still going on and it's still a significant problem.

http://hotmail.msn.com/cgi-bin/dasp/ua_info.asp?pg=faq&_lang=EN

As you point out, it doesn't have to be that way. They can theoretically make their system secure against forged hotmail.com addresses. But they don't. Presumably because the current system is cheaper and easier to manage.

Even if mail providers took care of these problems, however, I think your escrow suggestion would be too awkward to be put to widespread use. The following seems like a more realistic idea:

People can have an "approved" list of addresses/domains, an "ignore" list of addresses/domains and a "keyword". Mail that matches the approved list passes through. Mail that matches the ignore list is deleted. The remaining mail gets bounced back along with a text explaining that unsolicited mail from unknown people needs to have that particular keyword in the subject line.

Then the person trying to contact you just has to copy-paste the keyword into the subject and re-send the message. Easy to do by hand, if the person had a valid return address in what he sent.

The spamming industry could still harvest keywords from bounced test messages and sell them together with the e-mail addresses, but if the keywords were randomly generated by the mail providers and automatically updated on a weekly basis, there would be no point. A list of spam recepients and personal keywords would be out of date by the time it was fully compiled and someone bought it.

Originally posted by karl


I don't know how spammers fool Hotmail into allowing forged mail to go through. I only know that they do. The MSN Hotmail FAQ has a section devoted to how Hotmail users can report spam from faked Hotmail accounts, so apparently this is still going on and it's still a significant problem.

http://hotmail.msn.com/cgi-bin/dasp/ua_info.asp?pg=faq&_lang=EN

As you point out, it doesn't have to be that way. They can theoretically make their system secure against forged hotmail.com addresses. But they don't. Presumably because the current system is cheaper and easier to manage.

It's not clear to me that this is what Hotmail is talking about at this page. I think they are talking about this kind of forgery:

I (the forger) have a mail server. I spam 100000 people with a 'fake' hotmail.com addy in the 'from' line.

You (some schmuck on my list) get my mail at your @earthlink.net account.

You complain to hotmail: "Hey, someone with one of your addresses is spamming me"

They reply: "Sorry, that's not really a hotmail account - our servers never touched that message"

I suspect that you (an earthlink user, hypothetically) would not have allowed 'support@hotmail.com', since you would have no reason to, and that if a spammer had tried to forge 'support@earthlink.com', earthlink would have blocked the mail when it got to their server.

MattJ

May i ask a question of the computer wizards here? I recently went to XP home edition with a new computer. I now have a new and very irritating kind of pop up ad.

I use pow.exe for most pop ups, but with XP, there is a new kind. It seems to open, not an IE window, but a "windows" window with an ad. They pop up more often if I haven't run adaware recently, so I assume they are part of some spyware thing...?

In any case, is there a way to deal with this "other" type of pop ups?
thanks!

Originally posted by hal bidlack
May i ask a question of the computer wizards here? I recently went to XP home edition with a new computer. I now have a new and very irritating kind of pop up ad.

I use pow.exe for most pop ups, but with XP, there is a new kind. It seems to open, not an IE window, but a "windows" window with an ad. They pop up more often if I haven't run adaware recently, so I assume they are part of some spyware thing...?

In any case, is there a way to deal with this "other" type of pop ups?
thanks!

I've gotten that one, but only when I turn off my firewall.

I recommend Zonealarm, which will block the ad you're talking about, I think.

http://www.zonelabs.com/store/content/home.jsp

MattJ

I never thought I'd be saying this... but Yah Microsoft: http://seattlepi.nwsource.com/business/127012_Microsoft17ww.html and http://www.cnn.com/2003/TECH/internet/06/17/microsoft.spam/index.html


Microsoft Corp. announced it has filed 15 lawsuits against alleged e-mail spammers in Washington state and the United Kingdom on Tuesday.


Note that the article mentions Washington State. This is one of the locations that has enacted laws similar to that suggested by CAUCE and myself (namely, allowing people to sue spammers).

Originally posted by Segnosaur


The same argument (that someone could be 'framed') can be applied to any law. (But, I've never heard of anyone trying that with the anti-fax law, even though it has the same pentalties.)

If someone does forge spam on somone's behalf, then it becomes a case of fraud, and THAT would be punishable as a criminal offence.

Well, Segnosaur, it's a lot harder to forge some things than others.

I don't do it, and most people who know how don't do it, but forging email is so blatantly, stunningly, inexcusably, trivially easy to do successfully (especially given the number of completely undefended cable-modem machines out there (boo, hiss, put up a good firewall, folks, PLEASE?)) that it's not the "general case".

Furthermore, spamming fax happens one at a time. Spamming email can happen 1 million at a time.

You're not thinking through the implications. I still maintain that you are enormously oversimplifying the problem.

Note: In case it's not clear, I do not support "spam". In fact, I have the same opinion as the poor lady in the Monty Python sketch, like most of us...

I DON'T LIKE SPAM!

Passing a law to sue companies who spam, especially when it is being done on there behalf would be a huge step forward. Most of these companies are based in the USA, even if the spam originates from elsewhere.

AT&T are spending a 9 figure sum directly because of spam, which ultimately comes from the consumer. It's about time these spammers were sorted out.