Tilted Forum Project Discussion Community - View Single Post

Phage · 08-21-2004, 10:04 AM

http://slashdot.org/articles/04/08/2...&tid=1&tid=218

I was reading the above article on /. and was thinking about how my ISP's email spam protection and Opera's M2 adaptive filter has blocked almost all of the spam I used to get. This poses the question of how do you know spam when you see it? Obviously both the companies I have mentioned have their own way, but I got an idea I would like to run past anyone interested.

From what I understand the CAN-SPAM Act requires that there be a way to opt out of getting any more emails. This jumped out at me as an easy way to identify spam; I bet that the law is very specific about how this option must be formatted, and a filter would be extremely unlikely to classify a non-spam email incorrectly when searching for this sequence.

However, it does not have to stop there. Spammers can send tons of emails but they have to stop sending to an address that requests removal (but they can sell the list to someone else). Obviously it would be nice if your filter would first try to opt out for you, and then delete the email all without making you bother with it. This would have a twofold purpose. First, it would reduce the wasted network traffic of spammers sending mail to an address that deletes them on sight. Secondly, and more importantly, it would place a huge burden on the spammers. They are legally required to have a fully electronic opt out system, so if it cannot be done they are in violation of the law.

How do you think their servers will stand up when the next time they send 60 million emails in three days they get immediately hammered with nearly that many opt out requests? How about if the server cannot be reached the filter program will retain the email for a specified length of time, and retry the request periodically? This would basically turn into a legal DOS attack; one that if sucessfull places the spammers at fault! There could be a central server that collects reports of spam that could not be opted out within the retry time period, and when that reached a significant level be forwarded to law enforcement.

So, what do you think?

08-21-2004, 10:04 AM	#1 (permalink)
Phage Insane	What is spam, and how do we kill it? http://slashdot.org/articles/04/08/2...&tid=1&tid=218 I was reading the above article on /. and was thinking about how my ISP's email spam protection and Opera's M2 adaptive filter has blocked almost all of the spam I used to get. This poses the question of how do you know spam when you see it? Obviously both the companies I have mentioned have their own way, but I got an idea I would like to run past anyone interested. From what I understand the CAN-SPAM Act requires that there be a way to opt out of getting any more emails. This jumped out at me as an easy way to identify spam; I bet that the law is very specific about how this option must be formatted, and a filter would be extremely unlikely to classify a non-spam email incorrectly when searching for this sequence. However, it does not have to stop there. Spammers can send tons of emails but they have to stop sending to an address that requests removal (but they can sell the list to someone else). Obviously it would be nice if your filter would first try to opt out for you, and then delete the email all without making you bother with it. This would have a twofold purpose. First, it would reduce the wasted network traffic of spammers sending mail to an address that deletes them on sight. Secondly, and more importantly, it would place a huge burden on the spammers. They are legally required to have a fully electronic opt out system, so if it cannot be done they are in violation of the law. How do you think their servers will stand up when the next time they send 60 million emails in three days they get immediately hammered with nearly that many opt out requests? How about if the server cannot be reached the filter program will retain the email for a specified length of time, and retry the request periodically? This would basically turn into a legal DOS attack; one that if sucessfull places the spammers at fault! There could be a central server that collects reports of spam that could not be opted out within the retry time period, and when that reached a significant level be forwarded to law enforcement. So, what do you think?