OSNews: http://www.osnews.com/story/19713/Spam_Turns_30 Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 06 Jul 2009 22:13:11 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com I Thought it was the 'Viking Horde' http://osnews.com/thread?312770 http://osnews.com/thread?312770 http://www.youtube.com/watch?v=anwy2MPT5RE

or maybe just an English breakfast menu. Sun, 04 May 2008 14:14:00 GMT donotreply@osnews.com (tpaws) Comments contrats http://osnews.com/thread?312778 http://osnews.com/thread?312778 Congratulations, Spam! Now please die. Sun, 04 May 2008 15:31:00 GMT donotreply@osnews.com (martinus) Comments 30 years already? http://osnews.com/thread?312783 http://osnews.com/thread?312783 Man does time fly. you think that in thirty years we could have come up with a way of neutralizing it.

I guess, with our current level of tech, it impossible without resorting to serious censorship. I know I'd rather run anti spam software than encourage email censorship so i guess it's a necessary evil at the mo. Sun, 04 May 2008 16:14:00 GMT donotreply@osnews.com (SReilly) Comments RE: 30 years already? http://osnews.com/thread?312791 http://osnews.com/thread?312791 Agreed to that one, censorship or paid email is far worse than anti-spam software!

If only there would be a perfect spam filter...

(I'm using bogofilter on my mailserver, it catches most spam, but sometimes something slips through.) Sun, 04 May 2008 17:31:00 GMT donotreply@osnews.com (evert) Comments RE: 30 years already? http://osnews.com/thread?312792 http://osnews.com/thread?312792 it would be quite easy when you can change the email protocol. For example instant messaging is mostly spam free. When it was required to authenticate people before they are allowed to send you email, this could easily eliminate spam. Sun, 04 May 2008 17:42:00 GMT donotreply@osnews.com (martinus) Comments RE[2]: 30 years already? http://osnews.com/thread?312797 http://osnews.com/thread?312797
For example instant messaging is mostly spam free.


Really? I don't use IM that much, but when I do (Yahoo), I get a ton of offline spam messages every time I log on.

I'm curious about something.. how many of you would favor implementing the death penalty for spammers? Seriously. Sun, 04 May 2008 19:27:00 GMT donotreply@osnews.com (WorknMan) Comments RE[3]: 30 years already? http://osnews.com/thread?312801 http://osnews.com/thread?312801
I'm curious about something.. how many of you would favor implementing the death penalty for spammers? Seriously.


Seems very appealing, but dont let them off the hook that easily, I say sentence them to a bar, with nothing but undesirable people who want to sell everything, that have to ask 'just to make sure' as often as possible. Then you can let them choose between staying there, and the death penalty after a good year ;)

Forgot,, the bar ran out of alchohol... ;) Edited 2008-05-04 19:56 UTC Sun, 04 May 2008 19:55:00 GMT donotreply@osnews.com (hollovoid) Comments RE[3]: 30 years already? http://osnews.com/thread?312803 http://osnews.com/thread?312803 Better yet:

The government should offer a dead-or-alive reward for known spammers.

Let some people do a good deed and, in the process, put their kids through college on the reward money. The general public would get justice faster without costing millions more in silly court battles, legal fees, appeals, media grandstanding, etc.

Better all around, IMO.

(I'm only half-joking. :p) Sun, 04 May 2008 20:07:00 GMT donotreply@osnews.com (null_pointer_us) Comments RE[4]: 30 years already? http://osnews.com/thread?312804 http://osnews.com/thread?312804 Well, more than 90% of today's mail amount is spam. It's worth thinking about why this is.

The government should offer a dead-or-alive reward for known spammers.


This could be a problem because many users "just" running a PC at home are spammers - or at least provide the required functionalities for spamming so an external attacker can easily occupy their PC and use it for spreading spam (collect mail addresses, scan subnets for mail servers, get private mail address book, send messages etc.). Seriously, users are running "spam servers" and don't know. Should they get punished? Yes, of course.

Ah yes, and the software manufacturers that make it "too easy" to set-up a PC that can be compromized that fast should be punished, too. I'm not putting the name of such a manufacturer here. :-)

Spam is never a "thing on its own", it's used for marketing (or at least for stupid advertising). So the firms that want to sell their products via spam advertisements should get punished, too. This is because such firms pay criminals to do the spamming, so they're involved, too.

Regarding dead or alive - alive, please.

As you may know, death penalty (in general) doesn't scare criminals very much. They tend to think something like: "Oh yeah, I do the big deal, and if they get me, I go asleep without any pain, that's no problem." No, make it more scary: Known spammers will have to go to prison for more than 10 years (otherwise they don't care), but not in Europe, not in the USA - no, they are exported into a foreign country where human rights are a no-go. The "helping hands" I mentioned above would have to be treated the same way, maybe with a prison in their own country or for not so many years.

This will teach them. Sun, 04 May 2008 20:26:00 GMT donotreply@osnews.com (Doc Pain) Comments Favourite moment in spam history http://osnews.com/thread?312806 http://osnews.com/thread?312806 A few years ago, the ISP hosting SomethingAwful managed to get itself blacklisted by SPEWS (Spam Prevention Early Warning System). Rather than taking the sensible step (finding an ISP that *wasn't* a well-known spamhaus), one of the SA editors decided to post several rants about how horrible SPEWS is, etc.

Predictably, a large number of SomethingAwful users started flooding into NANAE (the news.admin.net-abuse.email newsgroup) - basically with the intention of harassing the SPEWS admins into removing the blacklist.

The result was a bit like watching a schoolyard bully try to beat up a sumo wrestler. Or as one NANAE poster put it:

"Somehow, whinging about being hosted on a spammy network and trashing a newsgroup populated by e-mail admins does not strike me as the best way to regain widespread deliverability of your mail." Sun, 04 May 2008 20:43:00 GMT donotreply@osnews.com (StephenBeDoper) Comments RE[4]: 30 years already? http://osnews.com/thread?312810 http://osnews.com/thread?312810 you're not going to solve this problem by the government. the system simply has to be set up on the client side to approve or reject emails from specific people. Sun, 04 May 2008 21:51:00 GMT donotreply@osnews.com (ari-free) Comments RE[5]: 30 years already? http://osnews.com/thread?312813 http://osnews.com/thread?312813
This could be a problem because many users "just" running a PC at home are spammers - or at least provide the required functionalities for spamming so an external attacker...


No word games, please. Good points, otherwise.

Regarding dead or alive - alive, please.


Dead is much cheaper, and if you're going to spend money, better to spend less of it on people who will resolve the problem much more quickly and easily.

As you may know, death penalty (in general) doesn't scare criminals very much. They tend to think something like: "Oh yeah, I do the big deal, and if they get me, I go asleep without any pain, that's no problem." No, make it more scary: Known spammers will have to go to prison for more than 10 years (otherwise they don't care), but not in Europe, not in the USA - no, they are exported into a foreign country where human rights are a no-go. The "helping hands" I mentioned above would have to be treated the same way, maybe with a prison in their own country or for not so many years.

This will teach them.


Well, I'm not interested in "teach[ing] them."

The death penalty doesn't scare criminals much *nowadays* for several reasons, all of them related to the stupidity of well-intentioned voters:

1) We go out of our way to make it quick and painless.
2) Even then, we don't really bother to use it much.
3) At which point we give them free room&board, with a/c and cable.

And, naturally, this requires lots of money.

If you're looking for fear, there's no need to export them into another country or put them into a jail system where you seem to be accepting inhumane treatment as the norm. Put a 50,000 USD bounty on a large spammer, and think about what will run through that person's mind when going out to a restaurant or walking into a convenience store.

If you think 50,000 USD is a lot of money for one criminal, I encourage you to do some fact-checking about how much money it takes to put a criminal behind bars and keep him/her there for 10 years.

Personally, I don't care about making them feel anything. Just set it up so that they keep dying. No need to waste others' time or money in the legal system. We've had dead-or-alive working just fine in our legal system with notorious criminals. Bring in one positively-identifiable corpse, and collect your money. Little more is necessary.

Of course, there'd probably be some human rights group out there demanding full-scale investigations into every death, drumming up charges that the spammers may have been tortured, etc.

That would be why I said I was half-joking. ;-) Sun, 04 May 2008 22:32:00 GMT donotreply@osnews.com (null_pointer_us) Comments RE[5]: 30 years already? http://osnews.com/thread?312815 http://osnews.com/thread?312815 So it sounds like the consensus so far is that death would be too good for spammers, thus slow torture would be much more appropriate. Sun, 04 May 2008 22:42:00 GMT donotreply@osnews.com (WorknMan) Comments RE[5]: 30 years already? http://osnews.com/thread?312816 http://osnews.com/thread?312816 Spammer torture = ratings = happy people, and who better to carry out this act than someone with ALOT of experience,, the govt?

It is a good point though, we do have the technology to limit spams effectiveness, but getting anyone to make the jump is a huge hurdle, that many countries will not see for decades to come. Sun, 04 May 2008 23:05:00 GMT donotreply@osnews.com (hollovoid) Comments RE[6]: 30 years already? http://osnews.com/thread?312818 http://osnews.com/thread?312818
Spammer torture = ratings = happy people

Could this be made into some form of televised entertainment? Revenue from legitimate advertisers would then defray the cost of catching and transporting the spammers. From there, I'm not sure. I could see something like "Let's Make a Deal" where the spammer selects his own method of execution by choosing between what is behind curtain number 3 (where Carol is standing) or what is behind door number 4. Sometimes it might be a scaffold, other times an electric chair. And perhaps, occasionally, a year's supply of Rice-a-Roni... one of the 1095 boxes containing rat poison, but they don't know which one.

Assuming this show got the go ahead, who would be good to host it?Edited 2008-05-04 23:18 UTC Sun, 04 May 2008 23:16:00 GMT donotreply@osnews.com (sbergman27) Comments RE: 30 years already? http://osnews.com/thread?312822 http://osnews.com/thread?312822
I guess, with our current level of tech, it impossible without resorting to serious censorship. I know I'd rather run anti spam software than encourage email censorship so i guess it's a necessary evil at the mo.

I don't know about other Gmail users, but I rarely get a spam in my inbox anymore. Virtually all of them end up in the spam folder and get deleted in 30 days. About the only "spam" that ends up in there is things I've signed up in the past for but have been too lazy to unsubscribe to.

Really their solution is impressive in the it works so great. When a user receives a spam, they can select it and click "Report Spam". It then adds information pertaining to that particular email to a database. Then if any further emails come in that are similar to the one recorded in the database, they are immediately moved to the spam folder.

Obviously it works or I would be getting slews of spam in my inbox. As it is I might get one per month. And its also very accurate - only rarely does a good email get into the spam folder. And usually thats when I'm signing up for an account with a new site. I promptly report it as valid and it never happens again. Mon, 05 May 2008 00:16:00 GMT donotreply@osnews.com (Frobozz) Comments Spam is a thing of the past. http://osnews.com/thread?312826 http://osnews.com/thread?312826 "Spam will be a thing of the past in two years' time."
- Bill Gates, BBC News (24 January 2004)

Another gem:

"Understand that this is the last physical format there will ever be."
- Bill Gates on Blu-ray. interview The Daily Princetonian (14 Oct 2005)Edited 2008-05-05 00:43 UTC Mon, 05 May 2008 00:41:00 GMT donotreply@osnews.com (chrono13) Comments Spam black holes http://osnews.com/thread?312831 http://osnews.com/thread?312831 I once heard an excellent suggestion of putting a particular kind of spam filter in every ISP. These filters were not the usual black and white type that you normally get though.

As a message comes through, it uses heuristics to determine its spam probability rating. Messages that score highly are slowed down, and repeat messages are slowed even further.

All the messages eventually get through, but the slowdown is lethal for spammers who rely on sending millions of emails per minute to get to the 1% of people who actually respond.

Even if you get a false positive, this system works because most people don't care if their mail takes an extra couple of minutes. Mon, 05 May 2008 01:17:00 GMT donotreply@osnews.com (HappyGod) Comments A proposed solution http://osnews.com/thread?312846 http://osnews.com/thread?312846 There's one thing I think Bill Gates (among others) got quite right: the root of spam is the zero-cost of sending an e-mail, (and I would add) combined with the zero-cost, easy and anonymous creation of new e-mail accounts when the previous account gets blocked.

Of the many possible ways to attack the problem at its roots, I propose the following:

1) create an e-mail account certification entity. It would just certify that the e-mail account is backed with some money. To have your e-mail account certified, you have to pay a small amount of money, let's say 12$, of which, say, 2 dollars are the entity's gains and the rest is a pledge. The payment method can be fully anonymous electronic cash (such as ukash).

2) When and if enough people have their e-mail accounts certified, users can set their spam filters to only admit e-mail from certified accounts.

3) Spammers will find that sending spam is no longer so cheap, in one of the following ways:

a) The certification entity has a policy of blocking spammer e-mail accounts. The spammer gets his account blocked and has to pay for a new account certification, either to re-activate his account or to certify a new one.

Alternatively:

b) Every time Alice sends an email to Bob, 1$ goes from Alice's pledge to Bob's pledge. If Bob marks Alice's mail as spam, he keeps the dollar. So, if Alice is a spammer, she will run out of pledge money and she will lose certification until she reloads her account.

Method (b) is a bit more complicated but it has the advantage of being less centralized. People don't have to agree on a definition of spam for the method to work.

What if someone's computer gets hacked and used as a spam server? Well, this person won't be legally punished, they will just realise that they have lost their certification, and this will cost them 15$. Then they can buy a better antivirus or change to a more secure operating system. Mon, 05 May 2008 03:53:00 GMT donotreply@osnews.com (wannabe geek) Comments RE[2]: 30 years already? http://osnews.com/thread?312848 http://osnews.com/thread?312848 No, I think paid e-mail could be a good thing. Definitely not an e-mail tax where every e-mail costs $0.01, but maybe one where people have to pay for e-mail addresses, or better yet, where hosts have to pay to run e-mail servers.

The spam problem isn't about the lack of a solution, it's about a lack of ability to move the entire world away from SMTP. SMTP is essentially anonymous; anyone can be anybody they want. The key is accountability. To fix spam, we need to be able to put an organization to an e-mail address without any question. However, that requires some sort of central registry, and part of the reason that SMTP is so popular in the first place is that it's open and decentralized.Edited 2008-05-05 04:17 UTC Mon, 05 May 2008 04:09:00 GMT donotreply@osnews.com (i3X171UM) Comments RE: A proposed solution http://osnews.com/thread?312853 http://osnews.com/thread?312853 but Bill Gates gives out lots of free email through microsoft hotmail Mon, 05 May 2008 06:16:00 GMT donotreply@osnews.com (ari-free) Comments RE[3]: 30 years already? http://osnews.com/thread?312854 http://osnews.com/thread?312854
Really? I don't use IM that much, but when I do (Yahoo), I get a ton of offline spam messages every time I log on.

That's my take too - I've got the four major services online all the time - and yeah, yahoo is BAD for IM spam... The worst of the services in fact, though AIM and MSN both get their share which is why I have a block/ignore list in Trillian that's climbing up to over a thousand addresses now.

Hell, the only messenger service I don't get spam through is ICQ - but how many people actually use that anymore? Mon, 05 May 2008 06:44:00 GMT donotreply@osnews.com (deathshadow) Comments BUY ME BUY ME BUY ME BUY ME BUY ME BUY ME BUY ME BUY ME http://osnews.com/thread?312856 http://osnews.com/thread?312856 Don't expect me to join in the birthday festivities! Mon, 05 May 2008 06:54:00 GMT donotreply@osnews.com (exigentsky) Comments RE: A proposed solution http://osnews.com/thread?312865 http://osnews.com/thread?312865 I'd gladly pay 125 $ if it could guarantee peace of mind. Mon, 05 May 2008 11:25:00 GMT donotreply@osnews.com (fejack) Comments spam http://osnews.com/thread?312866 http://osnews.com/thread?312866 I must be doing something right i don't receive spam Mon, 05 May 2008 12:33:00 GMT donotreply@osnews.com (happycamper) Comments RE: spam http://osnews.com/thread?312869 http://osnews.com/thread?312869 yeah, I get maybe 1 or 2 spams a month. And my filter catches even them... Mon, 05 May 2008 12:58:00 GMT donotreply@osnews.com (helf) Comments International anti-spam laws? http://osnews.com/thread?312886 http://osnews.com/thread?312886 I cannot see why clearer and stricter international and national anti-spam laws couldn't stop most spam. Preventing individual spammers is only one step, also those few networks and countries where most spam originates from should try to do more to prevent the problem.

According to studies by Sophos, Spamhaus and others, a major part of spam originates from these countries: USA (about 1/4 of all the spam), China, Russia, Brazil, Japan, South-Korea and Canada. The three worst networks hosting the most spammers are Verizon, AT&T, and VSNL International.

Is the holy cow of free marketing so sacred to politicians in a few spammer-friendly countries that they rather let people around the world lose countless working hours trying to get rid of the useless spam in their emails?

Perhaps there could be some technical means to prevent spam too (not seeing any easy solutions, however) but we should rather stop spam before it even exists, take the temptations away from spamming, make it more dangerous than profitable. Nowadays, however, it is too easy for some irresponsible criminal-minded people to become spammer millionaires.

And, of course, every idiot who buys any products that spammers try to market is equally guilty for the existence of spam as spammers themselves are. If everyone would just do the wise thing: stop buying from spammers, there would be many times less spam. Mon, 05 May 2008 14:51:00 GMT donotreply@osnews.com (irbis) Comments RE[2]: A proposed solution http://osnews.com/thread?312909 http://osnews.com/thread?312909 I was talking about Gates' plan for fighting spam:

http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml

I had not looked at it closely. Now I see that even my proposal of "sender pays to receiver" was first devised by Gates and others. So I think B.G. was spot on this time, despite some criticism.

http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/
http://www.zdnet.com.au/insight/software/soa/Why-Bill-Gates-anti-sp...

Most of the objections raised have to do with big mailing lists. But the essential aspect, I think, is not so much the pay-per-message model, it's the money-backed pseudonymous identity. So, a mailing list or a forum could let any member send mail to all the rest for free or for the cost of one message, but once a spammer is banned from a mailing list, creating a new account will cost them money. Social networks with karma-based moderation would also work better when spammers can't create lots of false identities for free for astroturfing.

So what about citizens of poor countries, who can't afford a money-backed identity (another criticism)? I guess there are many ways to adress that problem. The first I can think of is that every person gets one e-mail account for free or for a nominal fee, associated with their legal identity. Free e-mail accounts may have a very small daily limit in number of messages, and they may be moderated in mailing lists (at least at first). If the account gets hacked, it gets banned for some time and the owner has to regain the trust of mailing list moderators, after taking measures to remove the malware. Is there a place for spam filters? Yes, they would help moderators manage bigger mailing lists where free accounts are allowed. Mon, 05 May 2008 17:43:00 GMT donotreply@osnews.com (wannabe geek) Comments DEC and the history of computers http://osnews.com/thread?312948 http://osnews.com/thread?312948 When i think of DEC i like to think of all the great things they did, or were tangentially a part of:
OpenVMS
* The Alpha family of Processors
* PDP7 where UNIX was born
* PDP11 which is the machine that UNIX was eventually ported to by use of primordial C.

- VMS lives on and is also the spiritual ancestor of the Windows NT family
- UNIX is as influential as ever if not as pervasive as it once was.
- C is still the systems programming language of choice and is a part of a most CS programs in universities.
- Tons of Alpha IP was licensed to AMD and is largely responsible for it's power. The DDR bus for example was borrowed wholesale.

These have solidified DEC's place in my pantheon of computer heroes. As Thom's article points out it was one of their Marketing drones that invented spam. Too bad it wasn't a more loathsome company that did it.

It's also interesting to note that RMS was essentially the same man then that he is today. He pipes up and states his opinion before he even read the message. Gotta love that guy. Mon, 05 May 2008 21:25:00 GMT donotreply@osnews.com (skwirlmaster) Comments