Impoverish a Spammer Today 343
esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"
The problem is... (Score:2, Interesting)
Hobbiests (Score:1, Interesting)
So how will this affect us? I make no money off of my site and I can't afford to spend any money sending email (on top of the costs of my site already). Even 1/100th of a cent would be difficult for me to spend (that would be an additional 10% to my monthly expenses which already come out of my own pocket!).
For the average home user who sends a dozen emails a week, this won't matter. At 1/100th of a penny, they'd only pay a couple bucks a year - but for someone like me who is volunteering to run a service for people but does not, has not and enver will spam - it is unfair to expect me to pay out 10,20 or 30 bucks a month or more. Especially when all that would be necessary is for the SMTP protocol itself to be retooled to be more secure in the first place.
Re:The problem is... (Score:5, Interesting)
Re:What happens... (Score:5, Interesting)
Standard Stamps (Score:3, Interesting)
It seems to me that one should need only one stamp generator. I receive a payment request containing a message encrypted with a short private key, and as "postage" I need to decrypt the message and return it. As computers get faster, the key length used to encrypt the message gets longer. The receiver can thus decide how much postage is required.
This way the stamp generator doesn't need to have any secret component, and could be written in any language. It could be part of the mail client.
Re:The problem is... (Score:3, Interesting)
You think large legitimate lists will count on everyone subscribing whitelisting the list correctly?
Credit Card companies (Score:2, Interesting)
Could be a useful example of a token-based system (Score:3, Interesting)
For example, I have certain addresses that bypass my spam filter either partially or completely, and I have set up a scheme for my kids whereby a sender has to know a "magic word" to get in. Whitelists, of course, make the sender address the token.
Right now, these are good enough.
Spammers are beginning to respond to whitelists, though, and trying to guess sender names. It's only a matter of time before they start using the address books in their zombies to build up lists of probable whitelists, and start sending spam using pairs of addresses from the same address book the way viruses already are.
Re:The problem is... (Score:2, Interesting)
Re:Hobbiests (Score:5, Interesting)
Re:The problem is... (Score:2, Interesting)
Even better! This will reduce the number of people that forget to fix their system. ISPs (there are ISPs involved? I didnt RTFA...) probably would give their customers a warning in the first time their budget gets too right due this kind of crap...
Some people would never update their system if arent' forced to do it.
Many Major Flaws (Score:3, Interesting)
From the Faq "You only generate a stamp the first time you mail someone." So when all 20 of the biggest spamhouses have generated a stamp for you, you are right back at square 1? Net cafes with changing clientelle pay a higher price than spammers? Forged headers cliaming to be from friends don't need a stamp?
Worms (Score:3, Interesting)
The best way to deal with the problem is follow the money then show up at 4am and stick a Glock in the face of the spammers and their family members. After they shit the bed give them the option to play nice or die anonymously. Harsh? Yes. But not quite as bad as prior reform methods such as the Pyramid of Skulls*. I may be biased, my computer system was compromised by trojans from those bastards last week and pretty much I am still pissed about it.
* Historical note on the making decortive yet functional pyramid of skulls (taken, I shit you not, from kids.mapzones.com): 1258 Baghdad was conquered and sacked by Hulagu, grandson of the great Mongol conqueror Genghis Khan. Hulagu killed all the scholars in Baghdad and erected a pyramid from their skulls. He destroyed the elaborate irrigation system that the Abbasids had established. Iraq became a neglected frontier area ruled from the Mongol capital of Tabriz in Iran. In 1335 the last great Mongol ruler of this region died, and anarchy prevailed. The Turkic conqueror Tamerlane sacked Baghdad in 1401, again massacring many of its inhabitants. He, too, built a pyramid of skulls. Tamerlane's invasion and conquest marked the end of Baghdad's greatness.
Re:simple (Score:1, Interesting)
Re:Boo hoo (Score:1, Interesting)
Listen, retard - I run a heavily used auction site and trust me that people get mighty pissed off if they aren't getting their email notifications of new bids, being out-bid, lost passwords, lost usernames, closed auctions and whatever else. This isn't shit *I* think are legitimate. This is shit THEY DEPEND ON TO CONDUCT THEIR FUCKING AUCTIONS.
but do not want to be bothered with the inconvenience of putting up with your users asking you to participate in a spam rate-limiting mechanism or ask them to add you to their whitelist.
No - what I don't want is to be bothered with having to teach users how to use a whitelist and count on them to use it consistantly. I have enough trouble with users who don't realize their mailboxes are full and why mail from me is bouncing or why they aren't getting email when they couldn't spell their own email address correctly or why they aren't getting my email - when they are and it's just going into their spam folder because hotmail sucks ass - that's what I don't want to be bothered with.
Re:When do I get a shock-the-spammer protcol? (Score:3, Interesting)
It may not seem fair to make everybody go thru a security checkpoint, just because of the actions of a few -- but you can bet your sweet ass it is necessary.
As an aside, I would wager that the percentage of your messages that are actually read by the recipient goes up, after this protocol is put into place. Because for the simple fact that your legit messages will no longer be lost in the noise of illegitimate ones.
What about RSS? (Score:2, Interesting)
Seriously, does anybody know why this hasn't been done? I'm not an expert, so I wouldn't know of any limitations. I'm thinking of a cross between newsgroups & mailing lists.
Re:There is no problem here. (Score:2, Interesting)
Right now spamming hurts ISPs so they are our biggest allies in the fight against it.
This proposal would make spam profitable to ISPs.
They would become our biggest enemies.
Re:The problem is... (Score:2, Interesting)
For now the term "malware" is probably the best for this topic.
Today spammers use malware to send spam so the original source is a victom. I can see people forced to pay for other peoples spam.
Also as much as there are whitelists there will always be someone who will implement this and refuse to put anyone on the whitelist forcing friends and famaly to pay for his own lazyness.
I could even believe some ISPs tech support could "forget" to whitelist costummers (for example paid Linux users) or deside to not whitelist users of a given os for some impossably stupid reason.
This topic came up before and I myself actually did suggest something like this on Slashdot.
A number of insightful people pointed out just how bad my idea really was.
They continue to be correct.