Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam Your Rights Online

A Conference About Spam 403

Posted by timothy from the universal-convergence dept.
zonker writes "January 17th will be the first (annual?) meeting of the Spam Conference held in Cambridge, Massachusetts. The informal meeting will feature Paul Graham, John Graham-Cumming, John "Cap'n Crunch" Draper among others (possibly including ESR though he hasn't yet confirmed). The free conference will consist of a number of talks about new ways to combat the growing spam problem, after which everyone's going out and getting some Chinese food. Should be an informative and fun meeting and a chance to meet some interesting people."
This discussion has been archived. No new comments can be posted.

A Conference About Spam More

A Conference About Spam

Comments Filter:

  • Annual, hmm... (Score:3, Insightful)

    by Miroku ( 553494 ) on Monday December 16, 2002 @11:02PM (#4904261) Homepage Journal
    I'm not sure if I want it to become an annual conference or not. While combating spam is always good, and the list of those involved looks decent, if the conference becomes a regular thing, it means that spam is still a big problem.
    Yeah, yeah. I'm probably being over-idealistic again to try to imagine that spam would become any less of a problem, no matter what measures are enforced.
    So while I really hope something somehow gets done (Maybe that *cringe* AOL thing will help...) I'm not throwing out my spam filter just yet.

    • Re:Annual, hmm... (Score:1, Flamebait)

      by GMontag ( 42283 )
      if the conference becomes a regular thing, it means that spam is still a big problem.

      You sort of lost me there. Sounds like you are implying that spam will cease being a problem if we just stop the confrences.

      No offence to you Pacifists out there, but the problem does not go away by ignoring it.
      • Just because one is a pacifist, that it mean that he will not fight problems. Pacifism is about fighting problems without violence or wars. And yes I believe it is possible to solve almost all problems without the involvement of a gun or a fight. The only condition is willing to do so, and unfurtunaly the people in this world is yet willing to do so.

  • spam? (Score:2, Interesting)

    by Dylan_t_p ( 630258 )
    slashdots being over-run by spam first aol now this, sounds like a good idea though hopefuly they will find out how to at least get rid of some of the spam, which by the way is getting very bad, I registered a new hotmail account the other day and normaly when you finish creating an acount there is one message, a welcome to hotmail from msn not this time nope there was two one was the welcome the other was a porn mail.....things are getting out of hand

  • spammers mining public keys (Score:5, Interesting)

    by hey ( 83763 ) on Monday December 16, 2002 @11:09PM (#4904301) Journal
    I was just about to update my mail address in my PGP public key which is on my website but then I released that spammers might mine mail addresses from public keys. Do they?

    MIT (who is hosting this conference) has a key server [mit.edu] that presumably hold millions of mail addresses.

    • Re:spammers mining public keys (Score:1, Insightful)

      by Anonymous Coward
      If they didn't before, they will be now.
    • Never heard of them doing so... And I think that given the amount of hardware it already takes to send out millions of messages a day, they wouldn't think it was worth it to get many times more in order to do the (computationally trivial these days, but still far more so than just sending some spam) calculations to encrypt it.

      • Re:spammers mining public keys (Score:2, Interesting)

        by Anonymous Coward
        And I think that given the amount of hardware it already takes to send out millions of messages a day, they wouldn't think it was worth it to get many times more in order to do the (computationally trivial these days, but still far more so than just sending some spam) calculations to encrypt it.

        They wouldn't be encrypting the messages, they'd just look at the public key to grab an email address.

        It might be a good idea to set aside a specific account for encrypted email. Then create your public key based on this address, and delete any unencrypted mail that arrives (you'd never see any spam with this account).

    • Re:spammers mining public keys (Score:4, Interesting)

      by carpe_noctem ( 457178 ) on Monday December 16, 2002 @11:18PM (#4904353) Homepage Journal
      I don't know if this is actually being done, but it's a rather novel concept. I did a search for ".com", and unfortunately, I got an error saying too many results had been found. However, it would be relatively easy to write a script to pick 3 random letters/digits out of the english language, and keep submitting them. That way, you'd probably not exceed the limit for returned addys and you'd get lots of data.

      So is it hypothetically possible? Yes.
      Is there anything we can do about it that wouldn't defeat the concept of using a public-key conservatory? No, probably not.
      And finally, are most spammers intelligent enough to harvest email addys this way rather than use scripts they got hungry college students to write for them 4 years ago? Definitely not. ;)

      • Re:spammers mining public keys (Score:4, Insightful)

        by RLaager ( 200280 ) on Tuesday December 17, 2002 @12:16AM (#4904705)
        There are three reasons (that I can think of off the top of my head) that spammers are not doing this:
        1. The people that have PGP keys are extremely unlikely to respond (positively) to the product/service/scam being offered in the spam, as compared to a broad cross-section of Internet users.
        2. Many of the addresses on PGP keys are outdated.
        3. The keyserver operators (should) notice if there are suddenly a ton of queries from the same person. (Just recently, I got an e-mail from a keyserver operator asking if I was an individual who was making lots of requests.)
        • I agree with you about points 2. and 3. but not 1. Because if you think about it, so many people try to post their e-mail address in a form that would make it hard for spambots to get it (eg. whatever at something dot com). That should be an even more clear sigh that "I don't give a damn about _any_ offers in my inbox!" but the spammers don't care and instead try to make the bots better so why would they take into account PGP users. And another thing is that the value of their list of e-mail addresses is based on how many of them are valid - not how many are "stupid idiots that might buy something so that spamming is still worth doing and thereby harrasing 99.9% of the recipients".
      • The entire keyring is available for all to download. It would be pretty trivial to do this and grab the addresses afterword. If it's actually done, I couldn't tell you.
    • If spammers were smart enough to mine pgp key servers for addresses, would they themselves possibly get their own keys to sign and/or encrypt the email and make it look important - and accordingly, invalidate one of the Really Good Things(TM) about email encryption and keysigning?

    • It wouldn't be a smart move for the spammer. The list includes a large number of people who would react very negatively to the spam, and have the ability to do something about it.
  • Seems it'd be more appropriate to go out to eat Spam afterwards...

  • What does ESR know about anything? (Score:5, Interesting)

    by Anonymous Coward on Monday December 16, 2002 @11:11PM (#4904312)
    This is the guy who brags on his website that he doesn't have a credit card. The same guy who helped "steer" VA Linux to the biggest dot com stock flameout in history. The same guy who runs a blog that is so right wing that his solution to plane hijackings is to arm all the passengers. The same guy who brags he has no formal training in software development. The same guy who was pretty much run off the Linux kernel developer mailing list.

    Who exactly gives a shit what this guy has to say?

    Just asking ...

    • Re:What does ESR know about anything? (Score:2, Informative)

      by Anonymous Coward
      I'll bite

      Two words: fetchmail [tuxedo.org], bogofilter [tuxedo.org]

      Who cares what his political and moral persuasions may or may not be? If he helps reduce the thousands of spam emails that hit my mail server every day I'd be very grateful for his opinions to be aired.

      • According to commentary on the Exim mailing list, ESR has not worked on bogofilter since version 0.7. There's a new team of people maintaining and extending it. As for fetchmail, someone also commented about the multitude of ways to drop a message on the floor... Pointing out that it was hardly a good tool for reliable mail delivery.

  • ...and forward this message and Slashdot page to ten of your e-mail contacts, you shall be granted eternal life!

    Also, you shall be given a free Penis Enlargement, millions of dollars from your Nigerian friends and find out how to lose 50 pounds of weight in less than 5 seconds.

    Yes, it is true!!!

  • funny (Score:5, Interesting)

    by Yusaku Godai ( 546058 ) <hyugaNO@SPAMguardian-hyuga.net> on Monday December 16, 2002 @11:20PM (#4904361) Homepage
    I just received one of the fakest spams I've ever seen:
    Hi Ya, I saw your post on the message boards... I hope you don't mind sharing some information with me ^_^ I'm transfering to your neck of the woods in the spring and would like a penpal. What do you think? ^_^ Care to share some info.. hehehhe..eh If you'd like more information about me you can checkout my homepage if you have time... www.geocities.com/cafecutie21 Hope to hear from ya soon! BYEE~~~ Sammi~
    It's obviously spam, what with lines like "I hope you don't mind sharing some information with me" but this time they went beyond just fake emails. Out of curiosity and boredom I clicked on the link which had a whole fake website for this girl, which ultimately linked to some online dating service. Why would companies turn to deceptive advertising? Why would anyone want to trust a company using such dirty methods.

    • Oh great... (Score:2, Funny)

      by Anonymous Coward
      now you've posted that site and they'll get thousands of click-throughs from /.ers wanting to see what the fake website looks like!!

      Hey... you sure this isn't some cunning spam advertising method to get us to go to your site? Is Yusaku Godai even your real username or is it really cafecutie21?!?

    • Re:funny (Score:4, Funny)

      by GMontag ( 42283 ) <gmontag AT guymontag DOT com> on Monday December 16, 2002 @11:33PM (#4904437) Homepage Journal
      No doooode! She's into you! Score doode score!
    • along those same lines...My freshman year in college, my roommate used aol (poor guy), anyway his profile on AOL stated that he was from Miami (he never updated it when he went to school) so someone evidentially did a search on profiles and sent out an e-mail from a girl who was supposedly planning on visiting Miami, and needed someone to show her around. The e-mail then said to click the link to find out more about her. Once you click the link you were brought to a pay porn site. It was a rather interesting idea to get someone to click your links. I am guessing they did this for people in other towns as well...perhaps a script that looked at your AOL profile and inserted your home town into the e-mail.

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Tuesday December 17, 2002 @02:59AM (#4905553)
      Comment removed based on user account deletion

      • Re:funny (Score:3, Insightful)

        by eaolson ( 153849 )
        The matchmaker service probably has an affiliate program ("send us traffic and we'll give you 50% of all signups"), and some enterprising college kid (or adult) discovered that they could set up geocities websites that link to the matchmaker site, spam the entire world, and make a few bucks from the affiliate commissions.

        Based solely on my observations, this probably isn't "some enterprising college kid" so much as their business model.

        1) The matchmaker site is probably not enforcing its TOS, if they have one. There's a temptation to turn a blind eye to what affiliates do to generate traffic; if people get upset enough about a particular spammer, you can always say "Gosh! They were violating our TOS. We'll kick them off!"

        At which point they turn around and sign up as another "affiliate" within seconds. Assuming, of course, it wasn't the main site doing it through shills in the first place.

        As far as I'm concerned, if your system is this trivially easy to abuse, then you aren't an innocent bystander, you are part of the problem.

        Geocities is pretty notorious for being slow to respond to abuse complaints.

        Really? I don't think I've ever had Geocities take more than 48 hours to nuke a site, except over the weekend.

        To get specific, I've been having some problems with a chatroom spammer that has persistently been spamming ifriends.com / webpower.com for quite some time. They're always geocities or tripod pages that link to an ifriends "affiliate" page. Geocities and Tripod take the pages down within a day or so. Ifriends has left them running for six weeks or more. They're either unwilling to deal with the problem, unable to do so, or (as I suspect) they are the spammers themselves.

        • Comment removed based on user account deletion
          • 48 hours is a good but not great response time.

            Agreed. Large institutions tend to move a bit slower than smaller ones, it sometimes seems. My preference would be for bombardment from orbit within 30 minutes, but no one ever said the world was a perfect place.

            I have some experience with Ifriends. I can almost assure you that they are not the spammers themselves -- not out of any ethical concerns, but just because they're smart enough to not want to deal with their upstreams and such. It's just another case where the business model they've chosen incents them to turn a blind eye to spammers who promote their business.

            OK, maybe I did jump the gun a bit, but my main point remains: these sites that depend on affiliate programs to bring in traffic / customers are simply begging for abuse.

            If their business model is so easily and widely abused, then they're not "innocent bystanders," but part of the problem.

    • Out of curiosity and boredom I clicked on the link
      They didn't expect you to join or pay anything. They wanted you to follow the link on their fake girl website so their advertiser pays them for the click-through to the online dating service. It looks you followed the link just like they hoped. (you did click on the link to see where it went didn't you?)
      You didn't see the obvious. Ker-ching $$
      P.T. Barnum was right!

  • speaking of... (Score:4, Interesting)

    by ack154 ( 591432 ) on Monday December 16, 2002 @11:23PM (#4904381)
    Does anyone know what happens to the hundreds of emails I forward to uce@ftc.gov each month? Someone mentioned to send them there, and I tried to read the stuff on the ftc site, but they just say its their "database" for spam. What does that mean? Do they actually do anything with the stuff? Not that the 20 seconds to forward with headers really kills my day. But I just want it to be useful to someone...

    And out of curiosity, what are some other people's ideas on trying to prevent it? Basically right now I just try not to have my email address anywhere online (without some sort of word in it or something along those lines). And I watch what I might sign up for and their "privacy" policies. And I don't reply to the spam I get, since usually that apparently just confirms your address and makes you more valuable.

    So any more tips?

    • Re:speaking of... (Score:5, Funny)

      by dr_dank ( 472072 ) on Monday December 16, 2002 @11:48PM (#4904520) Homepage Journal
      Do they actually do anything with the stuff?

      Of course they do. Judging by their large penises and all that money made from home, they've done quite well for themselves to boot.
      • Huh? I may just be confusing sarcasm with reality, but I hope you don't think I meant the spammers... I just wanted to clarify that I mean the ftc... ... ...

    • Re:speaking of... (Score:5, Informative)

      by Anonymous Coward on Tuesday December 17, 2002 @12:02AM (#4904623)
      I can comment on that.... I'm in touch with some people at the FTC, including the Webmaster and their network administrator. ALL of the spam (40,000 per day) goes into a huge database. This database is made available to all law enforcement agencys, both Federal and State. So far, they are getting good prosecutions of the more prolific spammers.

      The ones they give higher priority to are DOMESTIC spammers, so don't waste the bandwidth sending your chinese or korean spam to them. Although they process it, the ones that get the highest priority are the ones with broken opt out links or ones that bounce for opt out requests. Also quantity takes a higher priority. Plus they also look at the stuff they sell, and sometimes make legit purchases to verify they are not scamming. But ONLY to the more prolific ones.

      Although they DO pay attention to Nigerian spam, it is best to send those to mailto:419.fcd@usss.treas.gov?subject=NO_LOSS

      I send ALL my spam to ftc, spamcop and Nigerian ones to the above address.

      in my recon missions, I have indeed confimed that spammers DO share information, and opt out really just gets you MORE spam.

      When sending reports to FTC, it's helpful if you are specific in your subject line. Like: "there is no opt out", or "opt out link dead", things like that.

      The FTC has a rather large staff to process it, although most is done automatically and none of it's read my a human until AFTER it's entered into the database. Once in the database, it's classified and processed to make it easy for law enforcement to get good evidence on them.

      My recommendation to all /.ers is to put out as many spam honeypots as you can, or "poison" their mailing list with bogus ones, by using phony hotmail addresses and opting out using those.... the idea is to increase the odds of filling their mailing lists with BOGUS ones... So lets all band together and start "poisoning" their mailing lists... :-)

      Make YOUR batch of hotmail accounts today.. :-)

      By the way, in doing this, you can also identify the ones that ARE selling your address, and you can then legally go after them, especially if they have a disclaimer telling you they WONT sell your information...

      CC
      • I'd just like to thank you, that is exactly what I was hoping for as a response. You rock!
      • Actually, if you have access to a place you can put a CGI script, you can install SugarPlum [devin.com], a spam database poisoning script which will generate realistic looking but fake email address on a web page.

        This is a lot less work than setting up hotmail accounts.

        Cheers,

        Costyn.

    • Re:speaking of... (Score:3, Informative)

      by LL ( 20038 )
      Look at DJB's ideas

      http://cr.yp.to/im2000.html

      Goal is to make the sender responsible for storage (and implicitly communications which is public-key encrypted).

      LL
  • being that the conference is about Spam, where Ralsky et al. have set up shop.

    Is there such a thing as premeditated Pavlovian response?

    • There's a long-standing tradition for computer geeks near MIT to congregate at Mary Chung's, a Chinese restaurant in the area that re-opened a couple of years ago after being closed for health code violations. Fortunately (for Mary, probably), they chose to have their meeting on a Friday, since the place is closed on Mondays (or is it Tuesdays? I don't remember, since my gastrointestinal tract took out a restraining order).
    • Huh? In case you haven't been paying attention lately, Ralsky's in Bloomfield Hills, Michigan, and he appears to have goons in Colorado and Georgia. I'd post links to the recent (and repeated) slashdot postings about this, but someone would surely flay me alive for it.

      And what does SPAM [spam.com] have to do with Chinese food in Cambridge?

  • Don't Like This Already... (Score:4, Funny)

    by Grip3n ( 470031 ) on Monday December 16, 2002 @11:25PM (#4904391) Homepage
    I opened up my Inbox this morning and had like 50 emails about this conference...
  • E-mail 250,000,000 people about their ideas on fighting spam. That would surely work!
  • ill probably get mod'ed offtopic for this...

    Ever since the internet came along spam has been a problem. People hate spam now.

    i live in Minnesota where 1. we live in iglo's 2. there is no cable or dsl 3. Spam capital of the world.

    I'm speaking of the food of course! Spam has been pretty popular here the last 20 years. You wouldn't believe all of the people that wear spam shirts... although those people go to the salvation army for their shirts its still nonetheless overwhelming!

    • Re:The Internet has given spam a bad name (Score:5, Informative)

      by polymath69 ( 94161 ) <dr.slashdot@NoSPam.mailnull.com> on Tuesday December 17, 2002 @12:00AM (#4904612) Homepage
      ill probably get mod'ed offtopic for this...

      Only because there's not a -1, Wrong moderation type...

      Ever since the internet came along spam has been a problem.

      Not even remotely; you must be new to the 'Net. (Do you remember when it was called the Arpanet?)

      As recently as back around 1990, commercial use of the net for any purpose was strictly prohibited and staunchly enforced. Anyone violating this principle was likely to be summarily removed from the network.

      Vestiges of this old anti-commercialism can still be seen in poster's messages saying things like, I have no connection to this company, but am merely a satisfied customer.

      Spam was really not a serious problem in the first 20+ years of the 'Net. Quite unlike now.

  • All the anti-spam team concentrated in one place. What's the chance of a certain prominant spammer `accidentically' causing the building to collapse?
  • there aren't enough 'offtopic' mod points to go around....

  • Arc? (Score:1, Informative)

    by 0tim0 ( 181143 )
    What happened to Arc? I think their spam tools are (to be) written in their (paulgraham.com) new dialect of lisp called Arc.

    There seemed to be a lot of activity about it months ago, but I haven't heard anything since. And the website has not been updated.

    Anybody have any news?

    --t
  • It seems that at some point ISPs/mailbox providers are going to wake up and see that they should filter out the junk mail for their users. But, since we're all still waiting for that to happen, I decided to try a little program called SpamNet that promised to block out junk email. After a few months of use I'm happy to say it works great. The premise of SpamNet is that all users of the software can block spam. This works well, and works even better as more and more people use the software.

    SpamNet sends it to a little folder called "Spam", in case you want to double-check and make sure nothing you wanted got blocked.

    The good parts:
    - Automatically blocks about 95% of spam
    - Small, fast, simple, FREE

    The bad:
    - Not at all configurable (just does what it's supposed to do...)
    - Occasionally it will block something from Amazon.com or another large mailing list which isn't really spam.
    If you're tired getting spam give it a try for yourself, here is the link:

    SpamNet [cloudmark.com]

    System Requirements:
    Outlook 2000/2002/XP
    Windows 98/2000/XP

    • POPFile is a better solution (IMHO). (Score:1, Informative)

      by Anonymous Coward
      Use POPFile [sourceforge.net] instead. It's free, Open Source, multi platform and easy to use. It also doesn't use a heavyhanded approach to email (like forced white/blacklists) which can cause more headaches than they are worth...

  • One-dimensional approach (Score:3, Interesting)

    by Goonie ( 8651 ) <robert.merkel@be ... g ['ra.' in gap]> on Monday December 16, 2002 @11:50PM (#4904537) Homepage
    It seems to me that this is a rather narrowly-focussed attempt to stop spam. Could the SMTP protocol be changed, for instance, to make life more difficult for spammers?

    One idea that occurred to me was requiring the sender to do some nontrivial computation (for instance, the receiving mail server sends the product of two (large, but not RSA-large) primes, which the sender must factor and include with the message to be accepted.

    Now, unfortunately, such a scheme has some problems. The huge variation in performance between machines out there means any computation substantial enough to crimp a spammer might cause grandma's 486 to become unusable for sending email. More to the point, it could greatly increase the cost of running webmail services (not to mention mailing lists). Now, the big webmail providers might be prepared to play along - they might even build some dedicated hardware for the purpose of running the protocol fast. However, there's nothing to stop spammers building exactly the same kind of hardware, enabling them to continue to send out spam by the bucketload!

    So, anyway, I don't think my idea is the answer, but surely the whole area of improved mail protocol design would be worth exploring.

    • Your idea is an interesting version of an idea that's been around for a long time... which is to associate a small cost to sending each email. According to your suggestion, this would be a computational cost, not a direct monetary cost. Although I'm sure Intel would like such a scheme, it does sound impractical. Grandma could still use her 486 and have her ISP's outgoing mail server do the legwork. But, even supposing you came up with a practical system, it probably wouldn't take long before someone found a way around it, and you'd be back where you started :-)
    • The solution to spam is easy...Just use whitelists. Tell grandma that she needs to open her email proggy, click through 3 menus, then add your address to a line. A couple of 'OK's later, and no more spam.

      This will ensure that no one gets unsolicited email. Ever.

      Yes, it would suck for a while. Yes, there would be a lot of returned emails at first. Yes, somewhere the bandwidth is still being used.

      But after about 2 months, the problem would dissappear. Completely. Anyone who ever made money off of spam would dry up and blow away.

      • Re:One-dimensional approach (Score:4, Insightful)

        by rgmoore ( 133276 ) <glandauer@charter.net> on Tuesday December 17, 2002 @01:49AM (#4905251) Homepage
        This will ensure that no one gets unsolicited email. Ever.

        That's great, but what about people who want to receive some categories of unsolicited email? If you only listen to people on your whitelist, how will you find out about that classmate who you lost track of and is now sending you an email because he finally found your address? How will my boss handle the emails that she gets from prospective clients asking about the services that we provide? How will my previous boss receive questions about the scientific articles he's published?

        The plain fact is that there are lots of kinds of unsolicited mail that people really do want to receive. They just want to be able to receive them without getting a ton of ads at the same time. The real answer is to figure out a way of smacking the people who are spamming the world with ads, not to cut off the legitimate unsolicited mail.

        • Re:One-dimensional approach (Score:4, Insightful)

          by Mr Bill ( 21249 ) on Tuesday December 17, 2002 @02:17AM (#4905378)
          Just use a combination of a whitelist and an autoreply. If your on my whitelist you get through automatically. If not, my mailer automatically sends you a response saying that your not on my whitelist, and asks you to reply to the message to get through my filter. The returned message will have a unique ID in it that will work once to pass the filter. I will see the second message and can choose to add you to my whitelist.

          The only way the spammer will get through is if they have a valid return email, and an intelligent agent on the other end that can interpret the returned mail and send a new spam. Highly unlikely that this would happen.

          There is a slight inconvenience the first time someone tries to contact you because they will have to mail you twice.

          - Cees

          • Dear Recipient (Score:4, Insightful)

            by Convergence ( 64135 ) on Tuesday December 17, 2002 @07:43AM (#4906235) Homepage Journal
            Due to the excessive volume of robotic responses to the emails I spend time and effort to send to people I have not known to prior to this, have been forced to do this robotics test.

            If you do not run a robot, please ignore this message. I will only send it once. Its purpose is to check someone's mailbox to make sure that I am not communicating to a robot, either some whitelist robot, or a vacation program, or something equivalent. I value my time: Nothing is more annoying than to spend an hour carefully writing a message to you about a subtle technical flaw than to have an obnoxious robot tell me my effort was a waste. Now, if this email is sent without resulting in a bounce, my 'AEIOU ('Avoid Egocentric Ignorant Obnoxious Users') will inform me to not write the message. Otherwise, please reply to this message to confirm that you do exist and this message is read. Only then will I proceed to write the message I wished to.

            So, if this email arrives in your inbox, my apologies. It will only happen once. I've been forced to such extremes only because of the widespread use of such robots. You have my apologies, but I have been left with no choice.

            I do have some good news however. In the future, we'll have constructed a realtime blackhole list that anyone can check to verify if an address runs a robot or not. This way, people not running can be looked up to verify that they're not running a robot and will not see these messages. If you wish to voluntarily add yourself to this list to state that you are or are not a robot, please see http://aeiou.losers.example.com/addlist.html

      • whitelists aren't an answer (Score:4, Insightful)

        by Preposterous Coward ( 211739 ) on Tuesday December 17, 2002 @02:31AM (#4905447)
        The problem isn't unsolicited e-mail, it's unsolicited BULK or INDISCRIMINATE e-mail. Unless all your correspondence is with a small and static group of people, you'll never be able to anticipate everyone you might want to have on your whitelist.

        If you run a business, for example, you'll frequently (if you're lucky) get queries from potential customers who want more information. You WANT those unsolicited e-mails. Or you might get e-mail from someone you worked with 10 years ago but never thought to add to your whitelist, perhaps because you don't even know his or her current e-mail address.

        I have whitelists set up for my e-mail accounts, but I face both these issues on a regular basis. I can't afford to discard an e-mail from an unknown sender without first verifying that the sender really doesn't have something useful to say. Fortunately, most spammers use obviously retarded e-mail addresses or subject lines that make it relatively easy to skim and filter them out quickly (and of course I use a blacklist for known offenders as well).

    • your idea isn't a new one, its over 5 years old.

      http://www.cypherspace.org/~adam/hashcash/hashcash .pdf [cypherspace.org]

      Hashcash was originally proposed as a mechanism to throttle systematic abuse of un-metered internet resources such as email, and anonymous remailers in May 1997. Five years on, this paper captures in one place the various applications, improvements suggested and related subsequent publications, and describes initial experience from experiments using hashcash.

      The hashcash CPU cost-function computes a token which can be used as a proof-of-work. Interactive and noninteractive variants of cost-functions can be constructed which can be used in situations where the server can issue a challenge (connection oriented interactive protocol), and where it can not (where the communication is store and forward, or packet oriented) respectively.

    • Great - now your saying that you can make email better by making it slower! Not only is that one-dimensional but its the wrong vector. There are plenty of legit reasons to have to send out a few thousand solicited messages to a list - think of the bands that want to tell their fans about tour dates and all the nerd techie lists (no offense intended) - We don't want to collectively punish the rest of the internet because of spammers.

      I'm thinking based upon reading these posts that the best immediate solution is going to be smarter filters and more of them. But this is a technical solution - perhaps there is another angle..(dimension?) Hey- and this is largely the focus of the SPAM Conference. cool. The only thing about filters I still want to be able to get the REAL EMAIL from my girlfriend when she sends me a message saying "I WANT YOUR HUGE C**K TONIGHT" We don't want SPAM filter to become SMUT filters - cause while we might all know SPAM when we see it, we still all have different ideas about smut.

      SPAM for FUN and PROFIT?

      the market itself will(should?) eventually do some sort of self-regulation (nice thing about free markets) - I don't think there are terribly many people spamming for the fun of it. Somewhere there is an econmic incentive - some dismally low percentage of people who are ordering Growth Hormone or Penis Enlrgers from unsolicited mail they receive will either make it worthwhile to continue spamming for customers or will lead anyone who can add (or subtract) to attract customers in other ways. Solutions which propose a charge for outgoing messages are heading towards this idea ,But it too is a solution the collectively punishes the rest of the net (and imagine how up in arms we all would be if somehow "they" started charging for email!)

      Marketers are just like little kids (something they actually share in common with techies!) -- when they get a new toy they love to play with it more than the old toys. Email is still a newish toy for them. much more fun than doing direct mail.

      anyone know the click through or sales rates for any unsoliced mail? Unfortunatly there will probably be a similar reaction as when ad-banner CTR dropped - make more of them and make them bigger.

      yrs. cyberRodent

  • The problem is that email has essentially remained unchanged since... well, since ever. Unlike HTML was given over to a standards board, and has evolved from its humble beginnings, and has been enhanced universally through technologies like JavaScript, Flash, Java, et. al.

    I think the spam problem is only one part of the email issue. Other issues might be that email messages are completely unsecure, and there is no authentication/validation of the sender.

    A number of people have been saying it, and a whitelist server system seems to be the way to go. A signature key, such as in PGP, seems to be a good start, but PGP isn't a whitelist system. You also run into the problem in whitelist servers of not being able to receive the unsolicited mails that you really, really want to receive (like the email from the headhunter who wants to offer you $20k more than you're making now).

    At the risk of speaking blasphemy here, I'd suggest a whitelist server system that charged a postage on unsolicited emails of 10 cents, and the recipient has the option to accept or reject the fee. For every fee the recipient accepts, the ISP also gets a cut for their trouble, to encourage adoption of whitelist servers.

    Of course, any solution that doesn't have universal adoption won't deter anyone. Spam is the symptom, there should be a consortium to deal with the root problems.

  • Clueless, playing in havoc. (Score:3, Interesting)

    by AndroidCat ( 229562 ) on Tuesday December 17, 2002 @12:24AM (#4904764) Homepage
    Interested in spam filters? Come join us in Cambridge on January 17, 2003 at the first conference on spam filtering.

    While anyone will be welcome, we're hoping most of all to make this an opportunity for hackers working on spam filters to get together and compare notes.

    Filters. That's a give-away. Filters are damage-control after the thief has left. Block them at the first HELO, block them after their ISP refuses to handle complaints to abuse@, block widely, block often. Talking heads, I've said it once.

    • Wrong.

      The whole point is not to reduce spam. Seriously. Instead, the point is to for email to remain useful. So that is the end, and reducing (hopefully to nil) the amount of spam is one of the means.

      Now, if you block large amounts of email without inspecting their contents (either manually or automatically), then you lose, because you aren't making mail any more useful. In fact, you're making it LESS useful, since legitimate mail won't get through.

      "Block widely, block often" is one of the more daft things I've read in a while. If you really feel you have to block, try to use some sense when doing so.

      • Right. If some ISP wants to be spam-friendly, I doubt that I'll want to receive any of their other email. It's only when ISPs get a kick in the bank account that they'll stop collecting pink money. Filtering just sweeps it under the carpet. I am not SPEWS, but I approve of what they do.

        • If some ISP wants to be spam-friendly, I doubt that I'll want to receive any of their other email.

          OK, you win the daftness award of the day.

          So, if you are or somebody you know is unlucky enough to share a provider with a spammer, then what? What if you can't leave that provider because you're in a contract which won't expire for a while, and the provider doesn't care about the spam?

          It happens.

          According to some of the loonies, that's just fine. I say it is NOT just fine. Legitimate mail won't get through.

          Again, stopping spam is not an end. It is a means. Until people realise that, mail will continue to be less useful, regardless of the amount of spam sent.

          • "Daft" "You keep using that word. I don't think it means what you think it does."

            As for a non-spammer trapped with a spam-friendly ISP, there are such things as white-lists. On the other hand, I don't know anyone in China or Korea. Why should blocking them make mail less useful? The spam I get from there already makes mail less useful.

  • If I get spam about this conferences I'm gonna be pissed. Like an angry Christmas shopper. Heh, happy holidays y'all.

  • Accuracy (Score:4, Funny)

    by GrouchoMarx ( 153170 ) on Tuesday December 17, 2002 @01:00AM (#4904939) Homepage
    If this is a conference on spam, then shouldn't about 1000 random people show up and tell the hosts that they could make big bucks by charging everyone who attends one dollar, but let them in for free if they bring ten friends?

  • Oops (Score:2, Funny)

    by Kj0n ( 245572 )
    It is a conference AGAINST spam instead of a spammer conference.

    Lucky I didn't fire my nuke yet...
  • They're going out for some Chinese food? That has to be the funniest thing I've seen in the last 3 days! (The Great Firewall, etc....)

  • Do people still care about ESR? (Score:3, Insightful)

    by autopr0n ( 534291 ) on Tuesday December 17, 2002 @04:46AM (#4905773) Homepage Journal
    Egads, hasn't that windbag been discredited enough.
  • The ratio of people with pages on SourceForge or having nick's like Cap'n Crunch compared to politicians is still too bad... If you know what I mean... :-(
  • or are they baiting stupid spammers into showing up as well, so they can beat the crap out of them?

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Close