This is not a big company. When I first heard about the internet, and I was supporting mainframes, I wondered how an insecure, public system could ever work. At first I was glad it did, now I wonder if, in the long run, it can. The volume of captured SPAM just grows, with no sign of it stopping.

Is the internet, as we know it, doomed? Will the proprietary model M$ hoped to get in place be the eventual model, just so the regulation necessary to make it work will be in place? I am assuming there will be no global governmental co-operation that will happen. UN running the internet anyone?

Only 10,000?

Is that close to producing a significant adverse effect?

While 10,000 sure sounds like a lot, my guess is that it probably isnt in terms of your companies actual resource usage. Admittedly if you didnt have a spam filter then you would be looking at a very serious issue.

If the U.N. ran the internet, then they would still be fighting over how best to split up and allocate IP addresses. Each country represented would be seeking to maximize their own self-important concerns.

The trend is upwards, with no end in site. Already, it blocks real email that I wanted to get, but broke the rules.

Can you demonstrate that most "real" email is of greater value than most Spam?
Call me sceptical, but I am unconvinced.

The internet is a protocol agreed upon by committess so that information can flow from point a to point b. Right now, it does not have the same capabilities like telephones which has got caller id, etc.

As we move on, we'll find new ways of combatting the problems that currently plaque the internet. For example, I encountered (could be an in house built software) that intercepts the emails that it received before the email client receives it. If the sender is not on the list it recognizes as valid, it sends out a confirmation message that the sender has to reply to, to ensure that it is a "real" email. In this manner, we can have a trace of the sender's address.

What I'm wondering is why, for over four years working where I do, I didn't receive any of these obvious virus-containing e-mails. You know, the type that's from somthing like "Arsenal" with a subject line like "agoBy George" and contains nothing but gibberish along with an attachment that only a fool would open. Why are they suddenly getting through?

Friggin' annoying.

This is not a problem, it is an opportunity for some inventive programmer.

We don't need better laws, we need better code.

Actually, an effective solution was suggested a couple of years ago. Unfortunately, the person who suggested it was named Bill Gates, and it involved money, so it was routinely blacklisted by all Freedom-loving Internet Users [tm].

Bill Gates suggested that a small handling charge (a fraction of a cent) was attributed to each e-mail. This would be of no consequence to the normal user, but spammers distributing millions of mails would suffer crippling operation expenses.

My own suggestion for a more democratic version of this would be that the sender of an e-mail would be charged a small sum, and that sum (possibly minus some administration charge) shoud be credited to the receiver. The normal user will send and receive app. the same number and mails and would just break more or less even, whereas any spam that continued to be issued after this would actually be profitable to the receivers.

And yess, it is troublesome. In spite of my ISP running a fairly effective spam-filter, about 80% of the mail I receive to my private account is spam.

Hans

I put my spam usage much higher. When I look at a user's mailbox and see 115 e-mails, and only 3 are legit, that works out to about 3% of legit e-mail, or 97% spam. This is per day. Out of about 300 users this is typical. I'm extrapolating that at least 90-95% of all our traffic is spam. So that means out of 40,000 messages only 2000 are legit and out of that 2000 I'll wager about half is personal and forwards (jokes and crap).

To put this in perspective, in order to get 1000 legitimate e-mails through I had to set up a network capable of delivering 50,000+ per day. And considering some users (like my webmaster and admin mailboxes that are listed on the bottom of our website) get 300-400 spams a day (with only 1 or 2 legit e-mails) I'll bet it's much higher.

Oh, and don't forget all the bounced mail from spammers guessing e-mails on our system. I'll bet that's double of what actually gets through judging by the badmail logs which daily is never less than 5 digits and sometimes into six digits.

You guys would make me start my day thinking about all this.

This is not a problem, it is an opportunity for some inventive programmer.

We don't need better laws, we need better code.

A human can outsmart code. The mail is already hoggin bandwidth before it gets to the other end.

There is a solution to the Spam problem that could potentially eliminate the problem overnight. This is a solution put forward by CAUCE (Committee against unsolicited Commercial Email http://www.cauce.org/.)

Back when fax machines were new, there was all sorts of trouble with people sending junk email faxes. (People would come to work in the morning to find their fax machine was out of paper from all the useless ads that arrived.) So, they brought in a law that allowed the receiver of commercial email to sue the people on who's behalf the fax was sent. Almost eliminated the problem overnight. (Yes, people may get the occasional junk fax, but its relatively rare.) Just the threat that a junk fax may result in lawsuits acts as a deterrent.

All they have to do is take the current junk fax law, and extend it to email. In fact, that has already been done in some U.S. states (Washington, I believe.) If a spammer sends out 1,000,000 spams, if even .1% decide to sue (lets say for $100 each), that means the spammer is out $100,000. And its unlikely that his spam will generate that much business in the first place.

Some advantages of the system:
- You don't need to change any computing infrastructure, such as would be necessary if you went to a charge-for-email method
- No need for the government to get involved in the prosecution of spammers (after all, the government has more important things to do.)

The reason why the junk-fax law wont stop spam is that an e-mail costs the same to send (practically zero) no matter where in the world you are. Junk faxers had to deal with long-distance costs, which were not zero. If laws are put in place which let the receiver sue the sender, all that will do is make the senders move overseas (or appear to have moved overseas).

There is no single solution to spam. It's a war, and the recipients have less on the line than the spammers do. To you and me, it's an annoyance. To them, it puts food in the children's mouths and a roof over their heads. And the spammer is typically not the person/company selling the product; it's usually a contractor who has dedicated his life to providing an effective service, which is to get mail past spam detectors.

Think of it like the Gold Rush. The spammers are not the panners and miners; they are the merchants selling pans and shovels. Whether there's gold out there or not, they've made money. And they're good at it, and getting better all the time.

Whenever a technological or political solution becomes popular (single word filters, RBLs, string filters, heuristic word filters, CAN-SPAM, reputation filters, etc.), the spammers can and will find a way around it. The only way to end it is to make it absolutely unprofitable. And no one has come up with a way to do that yet.

My spam filter caught 648,140 messages in the last 24 hours. It delivered 45,173 in the same time period. It’s throwing away 93% of what we get and there is still a lot of junk getting through the filter. I did get something this morning from a nice Russian lady with strong traditionally family values who is looking for a husband.

I have some hope that as the arms race continues, it will become too expensive for the spammers. Given the international nature of the internet, it will be very hard to regulate.

The thing I find the most amazing about Spam is that it continues because it is profitable. There is something like a .3% uptake rate on Spammed products.. When you're talking tens of millions of E-Mails, that is real money.

What I want to know is: Who the hell are these people actually buying the products??

The volume of captured SPAM just grows, with no sign of it stopping.You got only 10,000 spam messages?

Damn, I need to check this out. Coulda swored I'd sent you more like 100,000...

I did get something this morning from a nice Russian lady with strong traditionally family values who is looking for a husband.Saved that one, did you?

Actually, an effective solution was suggested a couple of years ago. Unfortunately, the person who suggested it was named Bill Gates, and it involved money, so it was routinely blacklisted by all Freedom-loving Internet Users [tm].

Bill Gates suggested that a small handling charge (a fraction of a cent) was attributed to each e-mail. This would be of no consequence to the normal user, but spammers distributing millions of mails would suffer crippling operation expenses.Yeah, I remember that. Thought it was a good idea (though how you'd implement it in libraries and such might be a problem). Not the least of its attractions would be the reduction in spam from your friends - you know, the "WARNING! DEADLY VIRUS!!!" "alerts," the ones with the subject, "FWD: Thought For Today," the ones with the subject, "FWD: This is So Funny!" (they usually aren't), the ones with the subject, "You're Late With My Alimony Payment Again!!!" from the ex-wife...

What I want to know is: Who the hell are these people actually buying the products??Um, that would be me. Wanna see my breasts?

So, what are you guys using for filters?

A human can outsmart code.

Yea, well, not always, but I get your drift. The problem does not require a 100% solution, only one that mitigates the difficulty without hamstringing the system: i.e. not throwing the baby out with the bathwater

http://spam-filter-review.toptenreviews.com/spam-statistics.html

The reason why the junk-fax law wont stop spam is that an e-mail costs the same to send (practically zero) no matter where in the world you are. Junk faxers had to deal with long-distance costs, which were not zero. If laws are put in place which let the receiver sue the sender, all that will do is make the senders move overseas (or appear to have moved overseas).

That's why they recommend that the law is set up so that you have the right to sue the person on who's behalf the spam was sent. So, if company X hires individual Y to send spam, you can sue company X rather than individual Y.

Even if the spammers themselves move overseas, they are still trying to market a product, and often those products are coming right from North America (within reach of the courts).

So, what are you guys using for filters?

Ironport (http://www.ironport.com/technology/ironport_antispam.html)

We spent a nice chunk of cash for the hardware/software plus annaul maintainance. The only thing this does is throw away spam and viruses. Our systems would be unusable without it. It's a bugdet item we can attibute directly to the @$$holes that send spam.

So, what are you guys using for filters?

We use MessageLabs (http://www.messagelabs.com/). They handle all the hardware and software, all of our email goes through them first. They of course filter out spam and viruses, they have the ever fun porn tattler, and they filter out all the mail that would bounce.

What I'm wondering is why, for over four years working where I do, I didn't receive any of these obvious virus-containing e-mails. You know, the type that's from somthing like "Arsenal" with a subject line like "agoBy George" and contains nothing but gibberish along with an attachment that only a fool would open. Why are they suddenly getting through?

Friggin' annoying.

I have accounts in public email system such as Yahoo and Hotmail. I constantly receive Spam in both. It started when I joined chatrooms. Those rooms are plaqued by spammers (bot) which picks up the screen name and uses them. I haven't had a problem with my email in my private email in the ISP I use. There are also programs that "harvest" email addresses that gets posted in the internet.

When an email is created, what is important is the destination of the email. The protocol does not care what the sender's address is, just the receiptient. That is why the sender's address in the Spam can have invalid address.

Majority of Spam Filters examine the contents of the email. It looks for words like Viagra, Nude, Pharmacist, etc. The problem is that if a valid email contains the word "Parse" and you block the word "arse", it would be considered spam. That is why spam normally receives gibberish.

And of course spammers use drones to hide and forward emails, so replying to them is usually pointless. There needs to be a major rethink on the "openness" of SMTP protocol design, I feel.

Interestingly, with junk faxes, we used to fax back to the sending number a form invoice for $800 (8 hours at $100/hr) for "consulting fees for processing your paperwork", due and payable in 7 days. With an outstanding invoice from a major business hanging over them, suddenly the fax-spammer "lost" our fax number and we never heard from them again.

Another response was the endless fax reply - put a long page in the machine, and tape the top end to the bottom end to form a loop. Dial the spammer's fax machine and hit "GO". The page would then run round in a loop for quite a long while, and the other end would be spitting pages and filling memory and have the phone line tied up indefinitely.

I take it people who get 648,140 spam mails in a day are not using email for remotely the same purpose as people like me who get about four.
I never see them as they, along with everything from other annoying sources, such as my employers, go straight to the J-file.

I find myself wondering what would happen to the spammers , if everyone they spammed replied to them?

On a slightly differn't note: I abhor adware. I really do. I think if I had the person responsible for any popups on my computer infront of me I would break every bone in their body.


Perhaps atleast we can all start to blacklist the companies that use adware. I.e I see a popup for Crest (just an example, I never have) and every stop buying crest.


Course eventually this could evolve into companies having adware advertise other companies...but hey what do I know.

I hate spam too.

That's why they recommend that the law is set up so that you have the right to sue the person on who's behalf the spam was sent. So, if company X hires individual Y to send spam, you can sue company X rather than individual Y.
What if company X doesn't hire individual Y, but individual Y sends out spam advertising company X's products anyway? Company X could go bankrupt on legal fees alone, without having anything to do with it.

Most of the spam I'm getting these days is stock tips. Would this extend to being able to sue the company whose stock is being advertised? Or would it be to the clearinghouse who set it up? What if neither the company nor the clearinghouse had any knowledge of the spam? How would the plaintiffs go about proving they did?

What if company X doesn't hire individual Y, but individual Y sends out spam advertising company X's products anyway? Company X could go bankrupt on legal fees alone, without having anything to do with it.

Most of the spam I'm getting these days is stock tips. Would this extend to being able to sue the company whose stock is being advertised? Or would it be to the clearinghouse who set it up? What if neither the company nor the clearinghouse had any knowledge of the spam? How would the plaintiffs go about proving they did?

I get tons of those, too.

I think education is key. I mean, none of these people would be in business if people didn't actually buy things from them. Somewhere someone thinks it's a good idea to buy v1agr@ from a total stranger. He couldn't spell viagra because smarter people who know it's dangerous would have stopped that e-mail from even getting through and as long as just 1 person buys a sample, then that pays for the next million e-mails to go out.

Put this thread together with the audiophile thread, and half the other threads on this board for that matter, and it just confirms that people will pay for anything, and I mean ANYTHING. Dang, I should be rich be now.

My anti-spam strategy: Two E-Mail addresses. One throwaway Yahoo or Hotmail address that you use to sign up for things, or to give out to anyone who asks, and another that is only for friends and family.

Make sure this 'gold' E-Mail address never gets on a website, where it can be harvested by a web-trolling bot.

The throwaway E-Mail address only has to be checked when there is an E-Mail you are specifically looking for.

Using this technique, I have only gotten a hand full of spam messages in the 3-4 years that I've had my 'gold' E-Mail address, and I don't run a spam filter of any kind.

As far as Adware goes: Be suspicous about anything you install on your machine. Don't worry about installing shrink-wrapped software, but assume that smaller companies that offer 'free' tools have to make money from somewhere, and probably it's from monitoring your surfing and targetting ads to you.

I find myself wondering what would happen to the spammers , if everyone they spammed replied to them?

Well, obviously that would not be a good idea (as others have pointed out, Spammers often mask their return address, in some cases substituting the address of an innocent third party.) Or, they can use temporary email addresses (like a yahoo or hotmail address). It may get cancelled right away, but by then who cares? If everyone responded to spam, it would just generate more useless emails (while at the same time harming innocent 3rd parties.)

However, I've heard of the spammers themselves getting harrased by people in other ways, such as signing them up for junk mail, etc. at their actual home.

My anti-spam strategy: Two E-Mail addresses. One throwaway Yahoo or Hotmail address that you use to sign up for things, or to give out to anyone who asks, and another that is only for friends and family.


Just make sure your friends/family are careful with that address you give them. One way spammers used to get addresses (not sure if its a significant source now) is to set up sites that have things like electronic greeting cards, where they can get people to fill out addresses of recipients.

What if company X doesn't hire individual Y, but individual Y sends out spam advertising company X's products anyway? Company X could go bankrupt on legal fees alone, without having anything to do with it.

Yes, that's a possibility. But then, being 'framed' is a possibility with any law. As such, it should be handled the way any any such case of being 'framed' occurs... through law enforcement. (The possibility of going to jail over framing an innocent 3rd party over spam should be a deterrent.)

(The anti-spam law I mentioned has been active in Washington state, and I've never heard of things like that being a problem.)


Most of the spam I'm getting these days is stock tips. Would this extend to being able to sue the company whose stock is being advertised? Or would it be to the clearinghouse who set it up?

That is a good question and I don't have an answer to that. (I get those stock tip spams too.) The law also wouldn't help much stopping the Nigerian bank scam spam.

Still, even if the sue-the-spammer law only eliminates half the possible spam (those involving products of some type), is that a bad thing? It would still eliminate a good portion of the junk email, and it would allow people creating spam filters and/or government officials dealing with fraud to concentrate their efforts on one type of email (the stock tip) as opposed to multiple types.

Still, even if the sue-the-spammer law only eliminates half the possible spam (those involving products of some type), is that a bad thing? It would still eliminate a good portion of the junk email, and it would allow people creating spam filters and/or government officials dealing with fraud to concentrate their efforts on one type of email (the stock tip) as opposed to multiple types.
This is a claim I agree with, up to a point. What I was having difficulty with was the original claim that it would "potentially eliminate the problem overnight." I do not believe that any one solution has that potential.

I also do not believe that any effective solution will stay effective for even three months... unless it has a way to make the spamming business entirely, immediately, unprofitable. Unfortunately, all the ideas I have been able to come up with would require global cooperation between ISPs, and that isn't likely to happen.

This is a claim I agree with, up to a point. What I was having difficulty with was the original claim that it would "potentially eliminate the problem overnight." I do not believe that any one solution has that potential.

Ok, saying it will "eliminate the problem overnight" may have been excessive. (Although in my defense I did use the word 'potentially' in front of my claim.) And I don't know if you'd consider a huge reduction in spam as "eliminating the problem"... if only a couple of spams get through, is that considered 'eliminating the problem' (since its easy to handle that much).

Lets just say that it has the potential to greatly reduce the spam problem faster and easier than pretty much every other solution.


I also do not believe that any effective solution will stay effective for even three months... unless it has a way to make the spamming business entirely, immediately, unprofitable.

Well, that's what the 'sue the spammers' law is supposed to do... make it unprofitable to actually send spam.

Well, that's what the 'sue the spammers' law is supposed to do... make it unprofitable to actually send spam.But what it would actually do is make it unprofitable to get caught sending spam, which is a horse of a different color.

Actually no, it's worse... it makes it unprofitable to be mentioned in spam, and that's not even a horse any more.

It has to be such that payment is received before the mail is sent, or it's going to be circumventable with the right combination of unethical behavior.

Can you demonstrate that most "real" email is of greater value than most Spam?
Call me sceptical, but I am unconvinced.

I'm not sure what it would take to convince you, since it seems obvious to me that I want most real email (letters from friends, newsletters I subscribe to, Amazon telling me they're shipping my stuff) and have never found a use for any spam I've received.

I use yahoo mail, and only about 2 spams a day get through. I get about 1000 per month, and the number of real mails their filter pegs is quite small (and those are ususally automated replies). I think theirs is based on users flagging mails as spam, and further users ending up never seeing those after a certain amount of flags.

I use yahoo mail, and only about 2 spams a day get through. I get about 1000 per month, and the number of real mails their filter pegs is quite small (and those are ususally automated replies). I think theirs is based on users flagging mails as spam, and further users ending up never seeing those after a certain amount of flags.From my POV Yahoo's filters are worse than the spam problem. Almost every Email I send to a Yahoo address ends up in trash. People write to me and ask why I never replied. Grrrrrr.

There are only two reasons I can think of why Yahoo filters out my Email.

#1. Spammers have spoofed my domain name enough times that users have flagged it.

#2. Content. There is always a price somewhere in my Emails. Folks write and ask how much for such & such service. The filters seem to kick out anything with the mention of money.

AOL is just as bad with the filters and they also have the time delay challenge thing going on. People expect a quick reply via Email if they are buying something. AOL delays most of my Email for a minimum of 4 hours so most users don't get my reply the same day if they get it at all.

Snail mail used to refer to the Post Office. Not so much now.

I strongly favor a postage system. Email senders should pay into escrow accounts that are debited when a real person rejects an Email as unsolicited.

A percentage of the "postage" would go into the escrow account of the receiver. I realize that a lot of spam is sent unknowingly by infected machines. This would encourage people to keep their virus protection up to date.

In the future nobody is able to send e-mail because of all the billions of spam every day that you need to download and filter first. People will be buying faster computers just for getting e-mail faster.

In the future nobody is able to send e-mail because of all the billions of spam every day that you need to download and filter first. People will be buying faster computers just for getting e-mail faster.
Depressing and probably true. It's certainly true that any improvements to the infrastructure of the Web gets co-opted by the scum which are known as spammers.

The only hope I cling to is that some small team of entrepreneurial geeks will see the millions that could be made by offering an Email service that gets every legit Email delivered and compensates the receiver of each spam message with a few pennies for his trouble.

OH yeah, Welcome to the forum ExtremeSkeptic! :)

Do the people who send spam have an ISP? If so should the ISP be held responsible. I mean if xyz ISP allowed people to spam then ban xyz ISP mail by all other ISPs. If an e-mail does not have a good return address ban that as well.

Or am I being simplistic here?

Do the people who send spam have an ISP? If so should the ISP be held responsible. I mean if xyz ISP allowed people to spam then ban xyz ISP mail by all other ISPs. If an e-mail does not have a good return address ban that as well.

Or am I being simplistic here?Yep, too simplistic. Spammers use all sorts of tricks to get round this type of response. The simplest is to use "drones" - unwitting users on the internet running computers without firewalls or any protection, who get their computers and ISP and bandwidth to transmit/forward the spam emails. Usually they use the contents of the address-book (those would probably be the emails that purport to come from "Hi, it's <insert-name-here>!").

Yep, too simplistic. Spammers use all sorts of tricks to get round this type of response. The simplest is to use "drones" - unwitting users on the internet running computers without firewalls or any protection, who get their computers and ISP and bandwidth to transmit/forward the spam emails. Usually they use the contents of the address-book (those would probably be the emails that purport to come from "Hi, it's <insert-name-here>!").That's mostly correct Zep but I don't think that the "Hi, it's <insert-name-here>!" is ever accurate on spam.
The return address is always forged. If you got spam from a known acquaintance you would chew them out and they would get the virus wiped off their machine.

When you recognize a first name on a spam it's just a numbers game. I see dozens/day now with first names in the subject line, of course one or two are going to be the names of people I know.

This point brings up another gripe of mine. Email programs should show extended header info. by default AND do a reverse lookup of the IP address before delivery. What most people see in the "from:" field is forged. If they also saw that this Email was sent from Korea they would know it was nothing they wanted. Of course if they are Korean maybe they do want it but you get the idea.

In a loser pays postage system the actual sending IP address would have to pay a few cents for spam that was rejected by a person. Those unwitting "drones" or "spambots" would smarten up quickly enough when their postage escrow accounts were wiped out and they were no longer able to send Email.

This point brings up another gripe of mine. Email programs should show extended header info. by default AND do a reverse lookup of the IP address before delivery. What most people see in the "from:" field is forged. If they also saw that this Email was sent from Korea they would know it was nothing they wanted. Of course if they are Korean maybe they do want it but you get the idea.


This wouldn't be that easy. rima-tde.net attempted to send us over 1,000,000 :jaw-dropp pieces of spam over the last month. Do you know who rima-tde.net is? How about proxad.net? They sent us 524,000. I'm affraid that expanded headers would just confuse people. If the server had to generate useful domain information for every message it would not be able to function.


In a loser pays postage system the actual sending IP address would have to pay a few cents for spam that was rejected by a person. Those unwitting "drones" or "spambots" would smarten up quickly enough when their postage escrow accounts were wiped out and they were no longer able to send Email.

This would be interesting. Over the same month, comcast.net, verizon.net and qwest.net together sent us 780,000 junk emails. Most of the time a single IP doesn't spew for very long. Built in limits might shut them down even sooner.

This is all going to a small college with about 6000 users.

Actually, an effective solution was suggested a couple of years ago. Unfortunately, the person who suggested it was named Bill Gates, and it involved money, so it was routinely blacklisted by all Freedom-loving Internet Users [tm].

Bill Gates suggested that a small handling charge (a fraction of a cent) was attributed to each e-mail. This would be of no consequence to the normal user, but spammers distributing millions of mails would suffer crippling operation expenses.
You mean those nutjobs who realized that it would mean the death of all fee community and enthusiast mailing lists as well the death of anonymity without having the slightest effect on spammers, since spammers would simply find a way around the payment restriction? (Such as, for example, using networks of trojan-infected machines to send their spam, thus making the unknowingly compromised machines responsible for the cost of sending their floods of unwanted commercial advertisements. Or simply sending them from their own systems located in regions with inadequate or non-existent enforcement of standards and regulations. Or simply redirecting them through poorly secured back-end systems, which are typically running IIS. Much like they do now.)

And this is the same Bill Gates who's software development business is incapable of creating and marketing an operating system or web browser that is not full of huge holes and wide-open doors requiring extensive third-party software and hardware protection to keep from being ganked by every obnoxious 12 year old kid who can download one of several hundred viruses and website scripts, and their even more numerous variants, from a website somewhere after a couple of minutes search? And who suggested replacing the entire pop/imap/stmp system with his own proprietary system, available for a hefty license fee and running only on Microsoft (and maybe Apple, if they ever get around to it) platforms?

Yeah, I don't understand why people were so resistant to the idea.

Even if the spammers themselves move overseas, they are still trying to market a product, and often those products are coming right from North America (within reach of the courts).

That is no longer the case. The majority of spam is increasingly scams, cheap products that are produced and shipped from overseas locations, if they're shipped at all (like "enlargement" products), drugs produced in and sold from regions with little to no regulation; porn websites located in areas that have little to no enforcement of regulations, pump-and-dump stock scams, and so on. The amount of spam from or on behalf of legitimate businesses is increasingly being drowned by scam emails in much the same way that legit non-commercial email is.

Just make sure your friends/family are careful with that address you give them. One way spammers used to get addresses (not sure if its a significant source now) is to set up sites that have things like electronic greeting cards, where they can get people to fill out addresses of recipients.

It's still a significant source, and such things are still very common.

Another one that was really popular a while back was a virus that operated via a default Outlook and Outlook Express macro setting that would scan and email the contents of your address book to the spammers. That loophole has since been closed, fortunately.

On a slightly differn't note: I abhor adware. I really do. I think if I had the person responsible for any popups on my computer infront of me I would break every bone in their body. (remainder snipped)

One very effective blocker for adware/spyware/etc is the MVPS HOSTS file:

http://www.mvps.org/winhelp2002/hosts.htm

It redirects nearly 12,000 known ad and spyware server URLs to 127.0.0.1. The packets that request connections to those sites never even leave your computer. Works like a charm. I've rarely had a popup/under/over since I installed it.

The smart people who designed the internet made sure that the internet is as dumb as a rock. It only has one purpose, that is to make sure that the bits of information it carries sent by the sender will be recieved by the reciepient. It does not care what kind of data it carries.

The advantage of such a design will ensure that new technologies will only affect the sender and the receipient. For example, refridgerator company can create a site that the product (fridge) can contact for say, recipie.

It has to be such that payment is received before the mail is sent, or it's going to be circumventable with the right combination of unethical behavior.

The problem with the approach suggested would mean that we have to put "inteligence" on the internet so that the bits of information it carries can be validated and recognized. Everytime new type of data is implemented, the internet has to be modified.

The problem with the approach suggested would mean that we have to put "inteligence" on the internet so that the bits of information it carries can be validated and recognized. Everytime new type of data is implemented, the internet has to be modified.
Not necessarily. ISPs could implement this with no changes made to the protocols themselves.

Not necessarily. ISPs could implement this with no changes made to the protocols themselves.

Correct me if I am wrong here. I am more comfortable with mainframe and do not know much about the internals of internet.

With regards to SMTP, is there any problem of installing my own SMTP in my machine. As far as I know, ISP's provides a way of sending your data. SMTP just formats the email in the form that the receiving end would recognize. Therefore, all I have to do is to prepare the email in my machine then send it as a normal data that internet would be able to carry.

As I understand it, MS/Exchange provides an alternative to SMTP and provides its own mail protocol which formats the mail that is sent.

With regards to SMTP, is there any problem of installing my own SMTP in my machine. As far as I know, ISP's provides a way of sending your data. SMTP just formats the email in the form that the receiving end would recognize. Therefore, all I have to do is to prepare the email in my machine then send it as a normal data that internet would be able to carry.
Systems speak SMTP to each other over a specific TCP port (port 25). There are specific commands that are unique to SMTP (EHLO, RSET, stuff like that) that an ISP could listen for on port 25 (on its own hardware) and charge for.

There are other ways of doing it but that's the first one which came to mind.

As I understand it, MS/Exchange provides an alternative to SMTP and provides its own mail protocol which formats the mail that is sent.For use within an Exchange environment, yes. But before it leaves that environment, it still gets stuffed into SMTP envelopes.

Correct me if I am wrong here. I am more comfortable with mainframe and do not know much about the internals of internet.

With regards to SMTP, is there any problem of installing my own SMTP in my machine. As far as I know, ISP's provides a way of sending your data. SMTP just formats the email in the form that the receiving end would recognize.
Not quite.

It's up to your mail client (that is, the program you use to write your message) to format the message properly, including a set of headers that include "From:" and "To:", and usually include a few others like "Date:", "Mime-Type:" etc. That message is then given to a program known as an MTA (mail transfer agent) for delivery. The MTA connects to the target server via TCP/IP, then carries on a "conversation" with it in an attempt to deliver the message. That conversation is what's covered by the SMTP protocol.

Very often your e-mail client has the MTA built into it, so that part of your mail client is capable of carrying on the SMTP conversation; no need for a standalone MTA.

Therefore, all I have to do is to prepare the email in my machine then send it as a normal data that internet would be able to carry.
In theory, you can. That's what standalone MTAs like sendmail, qmail, and exim do, not to mention pre-written SMTP delivery routines available for most popular programming languages such as Java, PHP, Perl, and Python.

But there's a catch. Over the last couple of years spammers have been installing trojan SMTP programs on unprotected home computers (ie, no active virus scanning or trojan-bocking programs). These are then used to connect to thousands of SMTP servers all over the internet to deliver spam.

To fight this trend, most big ISPs these days block all SMTP traffic attempting to leave their network. They've put rules into their routers that say, "No SMTP traffic is allowed to travel on this network unless it connects with my SMTP server." Your ISP's SMTP server then forwards ("relays") the message on to its proper destination after verifying that you are in fact authorized to send mail on that network.

As I understand it, MS/Exchange provides an alternative to SMTP and provides its own mail protocol which formats the mail that is sent.
That I don't know. My expertise with the open standards.

In theory, you can. That's what standalone MTAs like sendmail, qmail, and exim do, not to mention pre-written SMTP delivery routines available for most popular programming languages such as Java, PHP, Perl, and Python.

That is what I am afraid of. Again, correct me if this is wrong.

(My PC email client) -> (ISP SMTP) -> Internet
to
(MY PC email client -> SMTP) -> (ISP) -> Internet

To fight this trend, most big ISPs these days block all SMTP traffic attempting to leave their network. They've put rules into their routers that say, "No SMTP traffic is allowed to travel on this network unless it connects with my SMTP server." Your ISP's SMTP server then forwards ("relays") the message on to its proper destination after verifying that you are in fact authorized to send mail on that network.


If I send the data directly through the internet bypassing the ISP's SMTP, would that mean that the ISP I am using will examine the data to see what type of data is it?

Of course, the damn spam filter traps valid mail, meaning that people are hindered doing their normal, day to day work as well.

Of course, the damn spam filter traps valid mail, meaning that people are hindered doing their normal, day to day work as well.My #1 gripe with spam is not the spam but the spam filters. They are almost ruining my small business.

Filters are not addressing the problem. They are only sweeping it under the carpet. Kill the filters and maybe there will be enough outrage that people demand a real solution. Not a political/legal solution but a bunch of technical solutions that make spam a low profit industry.

Beleth seems to have a good grasp of the situation. I would like to buy stock in the company that Beleth starts. Deal with the problem head on.

That is what I am afraid of. Again, correct me if this is wrong.

(My PC email client) -> (ISP SMTP) -> Internet)
to
(MY PC email client -> SMTP) -> (ISP -> Internet)
A better representation is:
(My PC email client:MTA SMTP) -> (ISP SMTP) -> Internet

If I send the data directly through the internet bypassing the ISP's SMTP, would that mean that the ISP I am using will examine the data to see what type of data is it?
Not really. When you "send data into the internet", you have to connect to a remote computer and a "port" on that computer, and that computer has to have a program that answers on that port. Think of going to a town that has 65,500 houses in it (TCP/IP has about 65,500 ports). You can choose to approach pretty much any house and knock on its door to see if someone will answer.

Port (house) 25 is used for SMTP. Most HTTP (that is, WWW) traffic goes to port 80. FTP uses ports 20 and 21.

What your ISP does is put a traffic cop at the exit of your town who asks, "What port do you intend to visit at the destination computer?" If the answer is "SMTP", the cop says, "Sorry, no. You're allowed to talk only to our SMTP server."

OK, then--what prevents me from just connecting to port 80 (which every ISP lets pass unhindered) and sending email though it? The answer is the program that answers on port 80 only knows how to talk the HTTP, not SMTP. If you connect to port 80 and try to send email to it (ie, carry on an SMTP conversation instead of an HTTP conversation) the web server listening on port 80 will spit out an error and close the connection.

It's like each house in town has a family in it that speaks only one language. If you go to a house where they speak Portuguese, you'll get along just fine if you speak Portuguese too. Try talking in Xhosa and you won't get very far.

If you connect to a random port, chances are nothing will happen, because the computer likely will not have a program listening on that port (that is, there's nobody home).

My #1 gripe with spam is not the spam but the spam filters. They are almost ruining my small business.

Filters are not addressing the problem. They are only sweeping it under the carpet. Kill the filters and maybe there will be enough outrage that people demand a real solution. Not a political/legal solution but a bunch of technical solutions that make spam a low profit industry.


Outrage is exactly where the filters came from. I think places like Hotmail, Yahoo and AOL overdo it. The problem is that these harsh filters are a response to user’s outrage.

We can’t get rid of the filters yet. Without our site's spam filter, email would be unusable. We throw away 95% of the messages we get. It is getting harder and harder to successfully send spam. Filters are getting smarter. The arms race has to also be getting more expensive for the spammers also.

There are also companies that pay for agreements with large ISP’s to not filter their email. Our school uses such a company for all of our legitimate mass mailing. It sucks but it works. It may get to the point where your business has to make such a deal. It’s really too bad.

Some advantages of the system:
- You don't need to change any computing infrastructure, such as would be necessary if you went to a charge-for-email method
- No need for the government to get involved in the prosecution of spammers (after all, the government has more important things to do.)

Won't work. In fact, the fax problem may return for the same reason: long distance calls are getting cheap.

The reason the fax schmozzle was resolved by legislation was that the senders had to move out of the US to operate. By doing so, their calls became long-distance, and at that time, the unit cost of sending a fax within the US went about one hundredth of a cent to about 45c.

Nuisance faxes remain a problem in Canada where they are legal.

Now, however, we (telcos) have noticed a dramatic increase in nuisance fax complaints, due to people getting VoIP with 'local' numbers in major cities. Sure, you could sue, but just like spammers, these identities turn out to be a fraudulent post office box in Romania.

The key problem with 'suing' to stop spam, is that it just encourages the spammers to move their operations to Togo Togo, where there is no law against spamming, and no extradition treaty with the US. We have this problem right now with gambling and porn, too.

The other problem with avoiding a criminal approach is that it is not always possible to identify the spammer - you only know the product they were selling. This company does not always end up as a defendant, since they can claim they were victims, too: they can say thought they were engaging a legitemate advertising agency, which has taken their money and run.

It also places a burden of justice on the victim. In some analyses, this is considered a type of trespassing, and the analogy follows that a crime has taken place.

Won't work. In fact, the fax problem may return for the same reason: long distance calls are getting cheap.

I forgot to add: and recorded calls are making a comeback. My concern is that the benefit of 'unlmited' long distance plans is going to turn into the curse of 'unlimited' junk ad recordings filling up our voicemails, sent from Belize.

"You have FORTY unheard messages. Press one one to listen to" <1 1>
"Hello, friend... I would like to tell you about our wonderful prices on Viag" <3-3-7>
"Hello, friend... I would like to tell you about our wonderful prices on Cial" <3-3-7>
"Hello, f"<3-3-7>
"Hello, f"<3-3-7>
"Hel"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"He"<3-3-7>
"You have no more unheard messages."
<***>
"Thank you for using ACME voicemail services."

I forgot to add: and recorded calls are making a comeback. My concern is that the benefit of 'unlmited' long distance plans is going to turn into the curse of 'unlimited' junk ad recordings filling up our voicemails, sent from Belize.

I just read an article about abuse of Google Phone ("Click-to-Call") that attempts to coin a phrase for this: "SPIT" - Spam over IP Technology.

Evidently, the problem is twofold: rapid automation of transmissions is possible through the portal, and secondly, the Caller ID can be spoofed as a 'feature' of the service.