Comments on: Happy spamiversary

Ten years after the Internet first woke up to unsolicited marketing attacks, outrage has been replaced by growing resignation. But the war rages on.

Can the spam problem be solved?

Yes! Yes! & Yes!
all we need to do is to make them pay for sending it!nothing new right?
just remember! they do not use mobile phone SMS because they have to pay!
If we are really serious about resolving the problem its easy.
complains from all people using internet?
No, No, people, in the begining may complain a little, but here is the deal:
pay something for sending email and the spam go away!
Remember, the most effective way to punish human beeing, in this situation, is to take they income!

Nice, but one problem

Spoofing.

There is no way to be absolutely sure that the email being sent, is actually being sent by the person. How would you like to get your phone/cable/adsl bill one day and see 10000 new emails sent? Even at a penny for each email, that just cost you 100 dollars.

I do however like the idea, its just that its impossible to implement legitimately.

Yes & No

there are patial solutions to the problem but these solutions might make the use of email inconviniant for some users making email secondary to regular mail

Write a Book guys!

Thanks for sharing this interesting story of the origins of spam. Just can't bring myself to sing "happy birthday"...

My most sincere congratulations to Paul Festa and Evan Hansen. What a great article! Good writing. Very complete. You guys didn't miss a thing. There is even a mention of the Nigerian scam. (by the way, on this particular subject I highly recommend www.quatloos.com)

But really: Have you guys considered writing a book on this subject? You have plenty of material you could develop a bit further and easily complete a good book.

My best wishes,

No Spam for me

I am the owner of a web designing company and I would like to
tell everyone the same thing I tell all my clients when they ask.
How do I avoid spam? I receive MAYBE 10 spam emails a week.
The trick is multiple email accounts and watching where you
submit your email address.

I have my business email address which NEVER receives any
spam. I have a hotmail address, my local ISP email and another
free email. I only sign up to online services with my local ISP
email. I only submit my hotline email to forums, chats, and
discussions. The last email is for questionable websites which I
don't trust. If a website goes under, liquidators will buyout their
client list and databases. Those lists get sold to the semi-legal
spamming services. This is a process that has been around since
"email advertising" companies started.

Forums are the number one resource for spammers to get free
email addresses. If your email is posted anywhere on a website I
guaranatee an automated program will scan the website and
scoop up your address along with hundreds of other addresses
in seconds.

My business email address never receives spam since my
business's website address is not in a database. If you have a
hotmail address, the entire email network is a write-off to spam.
There are generators that will send emails to every single
possible email name @hotmail.com. There is nothing you've
done wrong except use their service. There is no avoiding the
problem. I use my hotmail address for places where I don't
expect any emails that require my attention.

So to sum everything up, the best method of avoiding spam is to
start fresh. Use 3 or 4 email addresses. Never post your email
address on a website. If this is a company website, use a contact
forms. An alternative is to use email aliases through your server
and simply change the alias name every few months. Your
webmaster will be able to set this up for you. One method of
preventing the spread of spam (and especially for Windows
users), do NOT use the address book of your email program.
Store your information in a more secure location, use a textfile,
a database program, excel spreadsheet, anything that cannot be
accessed through your email program. They are the number 1
exploit for the attacks of viruses and continuing the spread of
spam. Another little trick is with the browser itself. Never fill in
the user information where it will ask for your email address,
name, location, etc. This information is not necessary and
incredibly easy to access through a website as it is provided
freely (originally intended for logging and tracking purposes).

With no targets and the right precautions you will stop the
spammers in their tracks and divert all spam to an email account
that you don't even need to check. I hope this helps the many
concerned and confused internet users.

[Burnsie001]

Spammers can be tracked.

Ultimately spam has to direct you somewhere. It's there to sell a product. Surely the owner of the product being sold, should be the one held responsible for the spam.

If the spam sends you to a web site, someone owns that website. If the spam directs you to call a phone number, someone owns that number.

There needs to be some convenient method of having these sites shut down and their owners charged. Perhaps the bodies that maintain domain registrations need to have a complaints system where unsolicited advertising can be directed. And phone companies as well.

Also, the current opt out methods only allow you to opt out of spam for a single product. Opt Out pages should be required to publish the source that provided the e-mail so people can direct their complaints against the groups that harvest addresses in the first place.

Proper legislation to punish harvesting of e-mail addresses would also help.

[TomPhilo]

Stopping spam - but not through expensive technology

Technical solutions discussed in the US Congress and elsewhere always address spam AFTER it has gotten onto the wire. Blocking spam after it has been sent is like making people stand at their home mailbox as if each letter sent to them has been sent COD and paying the postal carrier before you can get the letter to even decide if you want that piece of mail or not -- that means YOU are paying and having to stand there forever opening and closing the letters - and by opening letters or just discarding them it automatically lets the sender know you exist and you will be sent more since they know that mail was either discarded or opened (they did not bounce when sent.)

Attack spammer at THEIR revenue end -- not end users.

Technological solutions to block the source is laughable -- you never will block spam sources since people can tap into an open mail relay or set up an valid e-mail system and make it open to anyone anywhere in the world.

however EVERY spam message MUST have ONE of THREE possible items in it in order for them to sell their product:

A postal address
A Phone number
A URL to click on

Every solution EVERY discussed ignores this simple fact.

Instead of blocking delivery take the other approach -- yank the methods the spammer must use to make a sell - block the advertiser from ever getting a response.

What is needed is a law -- and very fast methods to react to spam -- that makes the spammer lose access to customers immediately (or at most in 24 hours after the initial spam has been sent) by shutting off ability for anyone to get to them -- block their phone numbers, web addresses and mailing addresses. You can have the post office put a block on delivery of all paper mail delivery to that address and have it seized, the Telcos (at least in the US) to suspend the phone number -- or block all calls originating in the USA trying to dial to it -- and have the Net/ISP provider block the IP/URL address and disable the account: all on the same day of detecting spam (again, we cannot control access in other countries but we can block all access to it FROM the USA thereby not violate treaties or interfere with access to those places from elsewhere. We can block any traffic passing THROUGH any device IN the USA (or any company doing business in the US) which is allowed under international law. Other counties could easily enact similar laws.

In the US have a simple federal law to set up a central SPAM Detection Agency (spam Duh!) within the Federal Trade Commission or Commerce (the law has to be written forcing them, on their own they will do nothing), funded by ISPs (it is in their interest to stop spam since they have to put in hardware and software to handle the volume) with more money provided by fines on those companies / people sending out the spam. Have a hefty $50,000 fine per occurrence levied against senders each time they send out spam set. This applies to the spammers and people who benefit from the spammers: do any or all actions of permanently barring them from obtaining any 800 number (or any phone number), web address, net accounts in the US after the third time -- by them or any known or suspected associates. Have them also post a $100,000 bond before they can get any type of net account if a fine is ever levied.

Note: Make all this an administrative action: like that of a traffic ticket -- guilty until proven innocent, Do not use a formal grand jury or legal charges environment. Then these people MUST come out in the open and challenge the administrative ruling in administrative court.

Put the burden on THEM to prove that they have not sent out the spam or contracted with a spammer to get their fine back. This is what happens in traffic court.

And have all fines indexed to inflation. This will solve 95% of it.

This central FTC group (or whomever it is assigned to in other countries), after they detect a mass mailing of spam, would have INSTANT authority to contact the Telco who owns the number, The Post Office to seize mail and the ISP/Internic to shut that site immediately. (And if ISPs will not shut down abusers in their domains / web site then the whole ISP is cut off from access to the Internet at the DNS root server(s)).

Legitimate business will not have to worry about this since they ALWAYS provide valid return mail addresses, ways to opt out of mailings (and honor it), valid postal addresses, customer service phone numbers etcetera. and do not resale people's e-mail who are on their mailing list (unless noted in their valid privacy statements.) Spammers never do these things.

This attacks spammer at THEIR end -- not end users.

If their firm or site can NEVER be contacted then they will go out of business real fast. Only then will these people stop sending billions of spam messages a year.

www.taphilo.com

Tom Philo

tom @ taphilo . com

I would LOVE to say I agree with this, but....

As I replied to the other person on this thread....

Spoofing.

While I admit your method for stopping spam mail is amongst the best I've seen, not to mention the most proactive. It still suffers from the malcontents who cause major problems in the world.

Email spoofing is a major problem right now. Its so bad that every day I recieve at least one email sent from "myself" that contains either a rather powerful/prominent virus (ie netsky, bagle, the list goes on) or some kind of stupid ad. If your method of stopping spam were to be implemented, it would take less then 1 hour for almost every single major business to be taken down from the internet in the largest 'legal' DoS ever accomplished. For instance, I could program a computer to send out 1 billion spam emails with Sun microsystems information on it (I use myelf as an example to show just how easy it is to do it, not because I would actually do something like that). According to your method, they would be completely cut off from the legitimate business they do (phone, email, internet) within minutes, and suddenly be slapped with a multi thousand dollar fine for something I did.

Its because of that, that spam has to be, and I mean HAS TO BE, dealt with in a reactive manner. At least for now. The problem with the internet is that it is anonymous. Me personally, I've always thought that once IPv6 comes out, every single human being on earth should be issued a personal IP address sort of like everyone is issued a birth certificate. Then when they want to access the internet, its always them who gets the bill (this of course would require some kind of security, otherwise spoofing comes into play again).

Anyway, I really would like to agree with your statement, but its just too dangerous at this time.

Kyle King

[George Cole]

discussed in the US Congress

http://www.analogstereo.com/fiat_owners_manual.htm