Impoverish a Spammer Today 343
esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"
The problem is... (Score:2, Interesting)
Re:The problem is... (Score:5, Informative)
Re:The problem is... (Score:5, Interesting)
Re:The problem is... (Score:5, Informative)
Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.
Er, if an "online retial outlet" is sending me email I did not sign up for, then that is SPAM and is exactly the thing this is supposed to prevent!.
If you *do* want email from a certain company, and you signed up for it, then you should add that domain/email to your white list. Simple as that.
SImple... but annoying (Score:3, Insightful)
I can think of no more annoying system than one that requires me to adjust some system every time I want an email confirmation from some company I am ordering from. What if you're at an art fair for example and fill out an email address on a card? I sure hope I remember to fill out that whitelist when i get home - if I even know where it's coming from!
What a
Comment removed (Score:5, Informative)
Comment removed (Score:4, Insightful)
Re:The problem is... (Score:2, Interesting)
Even better! This will reduce the number of people that forget to fix their system. ISPs (there are ISPs involved? I didnt RTFA...) probably would give their customers a warning in the first time their budget gets too right due this kind of crap...
Some people would never update their system if arent' forced to do it.
Worms (Score:3, Interesting)
The best way to deal with the problem is follow the money then show up at 4am and stick a Glock in the face of the spammers and their family members. After they shit the bed give them the option to play nice or die anonymously. Harsh? Yes. But not quite as bad as prior reform methods such as the Pyramid of Sk
Re:The problem is... (Score:2)
For example, a check that I can choose whether or not to cash.
In such a "sender pays only if the recipient wants to collect", friends (and good pr0n) spam will be free to send me stuff, but other spam (msft updates) could make me money.
Re:The problem is... (Score:5, Funny)
What needs to be done is to go after the spammers directly. Can you imagine the law enforcement coming up with a plan to fight drugs that involved making crack vials and little ziplock bags cost $5 each. Sure the people that buy them for legitimate reasons can register for a discount or their volume is so small it doesn't make a difference. Does this make sense? This is not a problem that will be solved with technology. Laws have to change and they need to be enforced.
Legitimate bulk emailers, isps, large corporations and the govt should do something about it. It's gotten insane.
Re:The problem is... (Score:5, Insightful)
If it takes 3 seconds per e-mail, the average user won't notice the addition, but the average spammer will have to spend 1700 hours computing stamps to send his 50 million emails.
Re:The problem is... (Score:4, Insightful)
Re:The problem is... (Score:5, Insightful)
Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines.
sender pays stamping is a decent solution to spam, but it's not any solution to stupid lusers.
The solution to the luser problem is:
People need to stop objecting to spam solutions based on the existance of other problems. Sender pays stamping doesn't stop viruses and trojans because it's not supposed to, other systems like firewalls, patches, and anti virus tools are supposed to. Rather than complaining that spam solutions don't solve the malware problem, we ought to be educating people on how to use these things and working on improving them.
But it helps (Score:3, Insightful)
The "stupid lusers" machines will become less usable with all that stamp generation going on. They will be more likely to notice they need help. They will also be more likely to become frustrated with the computer and stop using it (unfortunate but still reducing spam).
Bottom line: If anyone can send you a message without penalty or authorization there will be spam. You can't have it both ways.
Re:The problem is... (Score:4, Insightful)
Proof of Work stamps don't magically give spammers a horde of zombie machines to spam with. They have those machines whether or not real people use stamps.
Re:The problem is... (Score:3, Interesting)
You think large legitimate lists will count on everyone subscribing whitelisting the list correctly?
Re:The problem is... (Score:2, Interesting)
There is no problem here. (Score:5, Informative)
Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."
Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.
Getting a Piece of the Action (Score:4, Insightful)
When someone is paying you, it is extremely difficult to make judgments on quality of the mail. I've seen lots of email lists and newsletters start with good intentions then devolve into a garbage fountain.
In the end the pay to send networks will take money from anyone.
The real goal of such schemes is simply to increase the marginal returns from the spam. As the amount of spam sent to open email accounts reaches astronomical proportions, I can't help but think that the amount of cash the spammers get per email is dropping. I can't help but think that the end goal of pay for spam is that by throwing a rich third party into the equation, they will increase their return.
Pay to send, but not with money! (Score:3, Informative)
You might have a point if this scheme involved using money. In this case, however, the "payment" is a proof-of-work [hashcash.org]. The user is paying in CPU cycles "spent" to send the message.
When do I get a shock-the-spammer protcol? (Score:5, Insightful)
This could really change the way e-mail is distributed.
Re:When do I get a shock-the-spammer protcol? (Score:2, Insightful)
I run a clean operation. Spam has never come from my server and I run a website for the fun of it with tens of thousands of registered members who expect their email notices to arrive and I don't make a dime and already pay a couple hudnred bucks a month for things. It is not fair that my web/mail server should be bogged down by heavy computation just to send an email when it's legitimate email to begin with. I don't want my web server to slow to a crawl every time email updates
simple (Score:5, Informative)
Re:When do I get a shock-the-spammer protcol? (Score:2)
Re:When do I get a shock-the-spammer protcol? (Score:3, Insightful)
I totally agree. Technical solutions to spam arne't going to work in the short run if they rely on the unauthenticated SMTP protocol to send e-mail. I'm all for fining the company who's product is advertised. $100 per reported spam. We might not be able to make spaming unprofitable for the scumbags that do it, but we can make it unprofitable for the companie
Re:When do I get a shock-the-spammer protcol? (Score:3, Insightful)
Re:When do I get a shock-the-spammer protcol? (Score:2)
Re:When do I get a shock-the-spammer protcol? (Score:3, Interesting)
It may not seem fair to make everybody go thru a security checkpoint, just because of the actions of a few -- but you can bet your sweet ass it is necessary.
As an aside, I would wager that the percentage of your messages that are actually read by the recipient goes up, after this p
Re:When do I get a shock-the-spammer protcol? (Score:2)
What happens... (Score:4, Insightful)
Re:What happens... (Score:3, Insightful)
You would then notice instantanously, as your mouse woudl be moving 1px/minute.
I doubt it... (Score:2)
those spammers are a clever bunch...
they would just throttle their cpu usage, or suspend their process when there is a user at the machine
Re:What happens... (Score:2)
Re:What happens... (Score:5, Informative)
If nothing else, at least it's something, right?
Re:What happens... (Score:2)
"Something must be done! This is 'something', therefore we must do it!"
Just because it is an idea, it does not mean it is a good idea.
This sort of "sender pays" system will kill mailing lists. Most people do not have control enough of their mail host to whitelist addresses for this sort of system. In order to send the volume needed for large mailing lists the mailing list operators will need to add huge amounts of additional hardware.
No amount of adv
Re:What happens... (Score:5, Interesting)
Re:What happens... (Score:2)
Re:What happens... (Score:2)
They claim... (Score:5, Insightful)
I somehow doubt that.
But what I can't disagree with, is that getting the same amount of spam sent as they currently are, would take many (orders of magnitude) more zombies. They claim on their site that if you maxed out every known zombie you couldn't generate stamps fast enought to send spam at the current rates.
This could be a step in the right direction, but I am worried about many issues for a sender pays system.
One Idea (Score:5, Insightful)
Or maybe businesses should find a new way to communicate internally?
Re:One Idea (Score:2)
Impoverished or not (Score:5, Funny)
30% Larger! (Score:5, Funny)
Because I only trust my penis to professionals.
Re:30% Larger! (Score:5, Funny)
Meaning you only put it in people who charge for it?
Re:30% Larger! (Score:5, Funny)
Because I only trust my penis to professionals.
You know you can put it in the hands of your lawyer, but it won't stand up in court.
The California law is a sender pay system (Score:4, Insightful)
It is just bush and the other idiots who signed the federal law, killed it and made it a recipient suffers system.
Sure, but try collecting! (Score:2)
- Sender is out of the country
- Sender is a zombie with fake credentials
- Sender is a zombie sending a virus, not advertising anything
Sorry, charlie, but much of the spam will be impossible to prosecute.Re:Sure, but try collecting! (Score:2)
This does not get the mortgage spammers, but it gets much of it.
I will save you one step... (Score:5, Informative)
my objection (Score:2)
Re:I will save you one step... (Score:3, Insightful)
Most of your questions are raised here... (Score:2, Informative)
A system such as sender-pays, which proposes a radical change in the email environment, inevitably generates objections. This is positive because it helps identify the strengths and weaknesses of the system. However, once objections have been worked through and the developers have answered the same questions approximately 10^20 times, a listing of Frequently Raised Objections is appropriate.
Isn't universal adoption necessary for a sender-pays system?
For a classic
ok... I need to know if this will work or not (Score:4, Funny)
Hahahah, I love it ! (Score:5, Funny)
One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue.
You just have to love a product that has the potential to toast a clueless luser's computer. I would be more than happy to shell out good money for software that has "Makes PC's burst into flames" listed as one of the features. And this stuff is Free !
--LordPixie
Yes! (Score:2)
Standard Stamps (Score:3, Interesting)
It seems to me that one should need only one stamp generator. I receive a payment request containing a message encrypted with a short private key, and as "postage" I need to decrypt the message and return it. As computers get faster, the key length used to encrypt the message gets longer. The receiver can thus decide how much postage is required.
This way the stamp generator doesn't need to have any secret component, and could be written in any language. It could be part of the mail client.
Read the website! (Score:4, Informative)
Have some (slightly out of date) documentation:
One section [billerica.ma.us]
Another section [billerica.ma.us]
Stupid way to get a handle on a problem. (Score:2)
And in next weeks news you can kill someone and get away with it by paying enough money..
Oh crap I forgot that already happens in this country anyways so these anti spam ideas are right along our lines of justice.
Give me a break, We have some of the most lax punishments in the world for some crimes and insane punishments for others ( You can go to jail for killing someone and get out in 10 years, Get caught with some dope and you can go to
Re:Stupid way to get a handle on a problem. (Score:2)
Re:Stupid way to get a handle on a problem. (Score:2)
You know, this is called a fine and most justice systems use it for minor infractions.
And in next weeks news you can kill someone and get away with it by paying enough money.
And despite the use of fines it is still illegal to murder people for money.
Credit Card companies (Score:2, Interesting)
Re:Credit Card companies (Score:2)
I threatened to contest a charge to a local merchant once (he sold me defective merchandise, looked up *on his computer* my purchase info, then refused to exchange or refund because I didn't have my receipt). Just the threat was enough because it doesn't take many complaints before you lose the ability to accept credit cards at all -- doomi
Could be a useful example of a token-based system (Score:3, Interesting)
For example, I have certain addresses that bypass my spam filter either partially or completely, and I have set up a scheme for my kids whereby a sender has to know a "magic word" to get in. Whitelists, of course, make the sender address the token.
Right now, these are good enough.
Spammers are beginning to respond to whitelists, though, and trying to guess sender names. It's only a matter of time before they start using the address books in their zombies to build up lists of probable whitelists, and start sending spam using pairs of addresses from the same address book the way viruses already are.
The problem is that you need it on.... (Score:2)
Thanks, nothing says screw off and leave
Slightly Offtopic... (Score:2)
Currently there are laws in place which govern truth in advertising. What if it was made illegal to intentionally misspell words with the goal of circumventing content filters?
Also, can't we just file civil suits against companies who sell their products through spammers? I know that currently companies that have insufficient corporate ethics facilites set up (i.e., an ethics officer, a company ethics statement) can be held liable when one of their employees engages in unethi
Re:Slightly Offtopic... (Score:2)
There's a better variant (Score:4, Informative)
It's at this page on cpu stamps and challenge response [templetons.com].
Computation penalty will never work. (Score:3, Insightful)
Numerical Assumptions make it succeed or fail (Score:3, Informative)
Many Major Flaws (Score:3, Interesting)
From the Faq "You only generate a stamp the first time you mail someone." So when all 20 of the biggest spamhouses have generated a stamp for you, you are right back at square 1? Net cafes with changing clientelle pay a higher price than spammers? Forged headers cliaming to be from friends don't need a stamp?
Re:Many Major Flaws (Score:3, Informative)
As for the other comments, you ought to read about camram. camram whitelists by pgp keys, not by sender. Initial messages have both a hashcash stamp and a pgp key. If the hashcash stamp has enough bits, the pgp key gets whiteliste
Alternative solution: Downgrade our technology... (Score:3, Funny)
And Spammers who 'bot' your machine make YOU pay. (Score:3, Insightful)
JUST SUE THE PEOPLE WHO HIRE THE SPAMMERS, BIG TIME!
Drying up the demand mean that they don't make money. Not making money means that they don't bother spamming.
What they want is $$$.
Take away their market buy making it no longer cosat effective, by passing laws that will sue the pants off of anybody that send you Spam. And don't worry about borders. You can BUY the border agreement with a percent of the fines.
Its simple economics. Supply and demand. As long as there is a demand, these schmucks will supply.
Tony Sopranos may be immune but his customers are supposed to be legitimate businessmen... You can't sell squat when every Spam you send can get you X thousands in fines levied against you, in every jurisdiction and with every offense.
And NOBODY is going to bve AGAINST this law. (If they are, they're suspect...)
My new favorite URL for this kind of thing... (Score:4, Insightful)
Click Here, it's funny in the so-true-it's-sad way [rhyolite.com]
Re:Two Words (Score:5, Informative)
The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.
I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.
Re:Two Words (Score:2)
Re:Two Words (Score:5, Informative)
I'm reading TFA [camram.org] and it states quite clearly "Mailing lists don't really have a good solution"
Re:Two Words (Score:3, Informative)
Re:Two Words (Score:3, Insightful)
What happens when a virus propagates that white lists the spammers? While every technology that rises for this problem will have some kind of solution, they will also have some kind of weakness.
Though, my hats off to whoever makes a overall good solution.
Re:E-postage is not the answer... (Score:4, Informative)
So as long as you're not sending out several thousand messages to new and different recepients on a daily basis, you needn't really worry.
Re:E-postage is not the answer... (Score:2)
It would help if you read the FAQ, btw, which addresses this in more detail.
Proof of work for complete idiots (Score:5, Insightful)
So, for your benefit, here is the "proof of work for complete idiots" version:
-You send your spam. Each recipient asks you to perform a proof of work, a mathematical problem that requires some CPU cycles.
-Your CPU starts chugging away at the requests and eventually performs all of the required proof of work.
-Your system responds to the proof of work request and the message is delivered.
-Your spam to your users is delivered, but not instantly because several hours of CPU work were required.
-Cost to you: nothing except a bit of electricity to keep your CPU chugging.
Re:E-postage is not the answer... (Score:2)
> now I have to pay some amount that, even a fraction of a penny, would amount to almost a month of hosting charges
Did you even bother to read the post you are replying to?!
Re:Hobbiests (Score:2)
Re:Hobbiests (Score:3, Informative)
Re:Hobbiests (Score:5, Interesting)
Re:Hobbiests (Score:5, Informative)
READ THE PROPOSAL FIRST PLEASE!
This is not asking you to spend money, it is asking you to perform a proof of work. This is hashcash, not real money.
Re:Hobbiests (Score:2)
Re:Hobbiests (Score:2, Informative)
Re:Hobbiests (Score:2)
RTF-FRO ! (Score:5, Informative)
If anybody can generate a stamp, what is to stop a spammer from generating stamps?
Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases. "
And....
The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
[all emphasis theirs]
It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?
--LordPixie
Re:RTF-FRO ! (Score:2)
But how many of the zombies will be whitelisted to someone? How long before an email/html-javascript exploit whitelists spammers? How long before spam zombies send an innocent looking email that wouldn't trigger spam, but would set off an auto-whitelist mechanism?
How much bandwidth will spammers waste, trying to find ways around
Re:RTF-FRO ! (Score:3, Insightful)
Except the design's still flawed: If I'm a spammer, I don't _care_ that your machine's only a zombie for a few hours, and I don't care that it can't send quite as much spam as it used to. The zombies are already sending multiple spams to each address; do you really think when you look through your spambox that there's really forty people who want to sell you viagra from their canadian ph
What design ISN'T flawed ? (Score:4, Insightful)
For starters, sending out 1/10 your E-Mail means you're no longer making a pile of money. Odds are, it will still be profitable. But that's not very motivating. Some spammers might not mind just running a few scripts to automate getting 1/10 of a pile money. However, the drop in profits will significantly ruin the market for spamming tools. If spammers no longer make a boatload, they're no longer going to pay a boatload for anonymailers, zombies, E-Mail lists, etc. Thus, people are going to be less motivated to code these damn things in the first place. That will make it a lot more difficult for those who actually want to spam to actually pull it off.
And with the more obvious symptoms of infection, more people will get it cleared up. And the more this happens, the more word will spread. Nobody educates a luser like another luser. (They at least speak a common language.
--LordPixie
Re:RTF-FRO ! (Score:3, Insightful)
Sure you do, there are only so many zombies out there, and you want to send millions of emails to profit off the tiny percentage of responses.
So now, instead of sending 40 messages to each address I know about, I only have the computational horsepower to send 4.
You are describing a 10-fold decrease in the volume of spam. That seems worthwhile. Also, it might be low. It might be much more than simply 10X more difficult
Postage and Junk mail (Score:2)
It is the volume of spam that bothers most people, if you make it sufficiently expensive to send the email, only legitimate business will send it.
Ideally they will turn to specifically targetted advertising (like google searches)
Re:postage does not work (Score:2)
As to your reference to regular mail advertisements, I think you are very incorrrect. The amount of junk snail mail being sent is no where near the type of problem that junk email is. Junk snail mail does not clog up the postal system and m
Re:Would be a lot better... (Score:2)
"Camram FRO (Frequently Raised Objections" Thats enough to scare me away. "stop making with the negative waves, Moriarity" (5 points to the first person that can name the movie that is from).
Comment removed (Score:5, Informative)