What is spam, and how do we kill it? - Tilted Forum Project Discussion Community

Phage · 08-21-2004, 10:04 AM

http://slashdot.org/articles/04/08/2...&tid=1&tid=218

I was reading the above article on /. and was thinking about how my ISP's email spam protection and Opera's M2 adaptive filter has blocked almost all of the spam I used to get. This poses the question of how do you know spam when you see it? Obviously both the companies I have mentioned have their own way, but I got an idea I would like to run past anyone interested.

From what I understand the CAN-SPAM Act requires that there be a way to opt out of getting any more emails. This jumped out at me as an easy way to identify spam; I bet that the law is very specific about how this option must be formatted, and a filter would be extremely unlikely to classify a non-spam email incorrectly when searching for this sequence.

However, it does not have to stop there. Spammers can send tons of emails but they have to stop sending to an address that requests removal (but they can sell the list to someone else). Obviously it would be nice if your filter would first try to opt out for you, and then delete the email all without making you bother with it. This would have a twofold purpose. First, it would reduce the wasted network traffic of spammers sending mail to an address that deletes them on sight. Secondly, and more importantly, it would place a huge burden on the spammers. They are legally required to have a fully electronic opt out system, so if it cannot be done they are in violation of the law.

How do you think their servers will stand up when the next time they send 60 million emails in three days they get immediately hammered with nearly that many opt out requests? How about if the server cannot be reached the filter program will retain the email for a specified length of time, and retry the request periodically? This would basically turn into a legal DOS attack; one that if sucessfull places the spammers at fault! There could be a central server that collects reports of spam that could not be opted out within the retry time period, and when that reached a significant level be forwarded to law enforcement.

So, what do you think?

RAGEAngel9 · 08-21-2004, 10:52 AM

Um your ideas are nice and all. And if the spammers were willing to follow the law even a little it would be great. The problem is that they don't. They don't offer opt-outs usually. They don't even send off of their own machines often. Frankly, not a lot can be done about spam unless there is some sort of large regulatory faction(I don't really recommend this). So basically it's all about filtering for now.

welshbyte · 08-21-2004, 11:01 AM

I believe certain bodies are trying to develop new sorts of e-mail systems which verify the origin of the e-mails that you receive. Considering that a lot of spam comes from spoofed e-mail addresses i think this would be a step in the right direction to de-anonymise (if thats a word) the spammers. I guess this could then be used as a basis for more stringent anti-spam rules and blocking lists. At the moment very little has been done to address the problem of spam on a worldwide level and the CAN-SPAM act, as cute an acronym as it may be, is really just a way of paying lip service to the problem. I just hope that the big corporations dont take things into their own hands before the polititians figure it out because we might have to start paying for more proprietary solutions. Worst case scenario, a charge-per-email.

Bentley Little · 08-21-2004, 02:36 PM

I think it is a "feel-good" law to, well, make people feel good that something is being done about spam. But there are very few things we can do to fight spam because spammers do not care about the laws and are very sneaky about finding ways to hide their tracks. Plus, not all spammers are from the country where you receive it making international fighting that much more difficult. Plus, once we find a way to do what you are proposing, the spammers would just find a way around that. Then we could come up with another way to stop it and again, they would find a way around that.

Also, the only real way to ever stop spam is to have people stop buying the crap that spammers sell. There are just enough (be it .005% of the population) that do think, YES! I can enlarge my penis with this cream, or, I should send my money to that poor Nigerian... you get my point. These stupid idiots who send money to the spammers keep them alive and profitable. If we can stop (or get rid of) these dumbfucks, spammers would have no incentive to spam us.

MSD · 08-21-2004, 06:05 PM

Opting out just lets them know that the email address is active.

Manic_Skafe · 08-21-2004, 07:10 PM

I'd expect that law to do about as much as the 9/11 commision.

Filters are uneccesary - ignorance is the #1 cause of spam. People need to know that all these free services online are probably making a profit by selling off your information - before they know it one newsletter turns into a thousand spam emails in a month. Sure there are those companies who just take a shot in the dark and their email ends up in your inbox but there's not much of a profit to be made that way.

It's amazing how people are so distrustful of the most inane things but when they're online they'll sign up for anything as long as it's "free".

welshbyte · 08-21-2004, 07:27 PM

The shot in the dark approach could actually be (and probably is) profitable since it costs almost nothing to fire off thousands of messages to random computer generated e-mail addresses and just one sale/successful con could cover the cost of that and more.

I hate spam, can't you tell?

Sargeman · 08-23-2004, 08:17 AM

The problem I have with spam, is all the graphic pictures that accompany many of them.

There's nothing like opening up an e-mail to have some girl with three cocks all shooting their loads on her, while your kids are standing there watching. Damn that just pisses me off!!

Redlemon · 08-23-2004, 08:53 AM

If you were on Slashdot, no doubt you have also seen the following:

Quote:

Your post advocates a

( ) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

welshbyte · 08-23-2004, 09:11 AM

Hehe i like that

08-21-2004, 10:04 AM	#1 (permalink)
Phage Insane	What is spam, and how do we kill it? http://slashdot.org/articles/04/08/2...&tid=1&tid=218 I was reading the above article on /. and was thinking about how my ISP's email spam protection and Opera's M2 adaptive filter has blocked almost all of the spam I used to get. This poses the question of how do you know spam when you see it? Obviously both the companies I have mentioned have their own way, but I got an idea I would like to run past anyone interested. From what I understand the CAN-SPAM Act requires that there be a way to opt out of getting any more emails. This jumped out at me as an easy way to identify spam; I bet that the law is very specific about how this option must be formatted, and a filter would be extremely unlikely to classify a non-spam email incorrectly when searching for this sequence. However, it does not have to stop there. Spammers can send tons of emails but they have to stop sending to an address that requests removal (but they can sell the list to someone else). Obviously it would be nice if your filter would first try to opt out for you, and then delete the email all without making you bother with it. This would have a twofold purpose. First, it would reduce the wasted network traffic of spammers sending mail to an address that deletes them on sight. Secondly, and more importantly, it would place a huge burden on the spammers. They are legally required to have a fully electronic opt out system, so if it cannot be done they are in violation of the law. How do you think their servers will stand up when the next time they send 60 million emails in three days they get immediately hammered with nearly that many opt out requests? How about if the server cannot be reached the filter program will retain the email for a specified length of time, and retry the request periodically? This would basically turn into a legal DOS attack; one that if sucessfull places the spammers at fault! There could be a central server that collects reports of spam that could not be opted out within the retry time period, and when that reached a significant level be forwarded to law enforcement. So, what do you think?

08-21-2004, 11:01 AM	#3 (permalink)
welshbyte Insane Location: Wales, UK, Europe, Earth, Milky Way, Universe	I believe certain bodies are trying to develop new sorts of e-mail systems which verify the origin of the e-mails that you receive. Considering that a lot of spam comes from spoofed e-mail addresses i think this would be a step in the right direction to de-anonymise (if thats a word) the spammers. I guess this could then be used as a basis for more stringent anti-spam rules and blocking lists. At the moment very little has been done to address the problem of spam on a worldwide level and the CAN-SPAM act, as cute an acronym as it may be, is really just a way of paying lip service to the problem. I just hope that the big corporations dont take things into their own hands before the polititians figure it out because we might have to start paying for more proprietary solutions. Worst case scenario, a charge-per-email. __________________ There are only two industries that refer to their customers as "users". - Edward Tufte

08-21-2004, 02:36 PM	#4 (permalink)
Bentley Little Insane Location: In my head...	I think it is a "feel-good" law to, well, make people feel good that something is being done about spam. But there are very few things we can do to fight spam because spammers do not care about the laws and are very sneaky about finding ways to hide their tracks. Plus, not all spammers are from the country where you receive it making international fighting that much more difficult. Plus, once we find a way to do what you are proposing, the spammers would just find a way around that. Then we could come up with another way to stop it and again, they would find a way around that. Also, the only real way to ever stop spam is to have people stop buying the crap that spammers sell. There are just enough (be it .005% of the population) that do think, YES! I can enlarge my penis with this cream, or, I should send my money to that poor Nigerian... you get my point. These stupid idiots who send money to the spammers keep them alive and profitable. If we can stop (or get rid of) these dumbfucks, spammers would have no incentive to spam us. __________________ That is my 2 cents.

08-21-2004, 07:10 PM	#6 (permalink)
Manic_Skafe More Than You Expect Location: Queens	I'd expect that law to do about as much as the 9/11 commision. Filters are uneccesary - ignorance is the #1 cause of spam. People need to know that all these free services online are probably making a profit by selling off your information - before they know it one newsletter turns into a thousand spam emails in a month. Sure there are those companies who just take a shot in the dark and their email ends up in your inbox but there's not much of a profit to be made that way. It's amazing how people are so distrustful of the most inane things but when they're online they'll sign up for anything as long as it's "free". __________________ "Porn is a zoo of exotic animals that becomes boring upon ownership." -Nersesian

08-21-2004, 07:27 PM	#7 (permalink)
welshbyte Insane Location: Wales, UK, Europe, Earth, Milky Way, Universe	The shot in the dark approach could actually be (and probably is) profitable since it costs almost nothing to fire off thousands of messages to random computer generated e-mail addresses and just one sale/successful con could cover the cost of that and more. I hate spam, can't you tell? __________________ There are only two industries that refer to their customers as "users". - Edward Tufte

08-21-2004, 10:52 AM	#2 (permalink)
RAGEAngel9 Insane Location: Vermont	Um your ideas are nice and all. And if the spammers were willing to follow the law even a little it would be great. The problem is that they don't. They don't offer opt-outs usually. They don't even send off of their own machines often. Frankly, not a lot can be done about spam unless there is some sort of large regulatory faction(I don't really recommend this). So basically it's all about filtering for now.

08-21-2004, 06:05 PM	#5 (permalink)
MSD The sky calls to us ... Super Moderator Location: CT	Opting out just lets them know that the email address is active.

08-23-2004, 08:17 AM	#8 (permalink)
Sargeman Insane Location: Texas	The problem I have with spam, is all the graphic pictures that accompany many of them. There's nothing like opening up an e-mail to have some girl with three cocks all shooting their loads on her, while your kids are standing there watching. Damn that just pisses me off!! __________________ ...because there are no facts, there is no truth, just data to be manipulated. I can get you any results you like, what's it worth to you.....

08-23-2004, 09:11 AM	#10 (permalink)
welshbyte Insane Location: Wales, UK, Europe, Earth, Milky Way, Universe	Hehe i like that __________________ There are only two industries that refer to their customers as "users". - Edward Tufte