Increase in spam?

[nlinecomputers]

How do you account for webmail? What happens to Hotmail/yahoo/etc?

I'm going to quote myself, to bring up something I mentioned earlier that was passed over...

Well which proceedure does your question refer to, the pay for email plan, the all mail must be digitally signed plan, or the all email must be sent from a registered SMTP server plan? From what I see webmail could work for all three. The digitally signed mail would require that the ISP or mail sever hold your certificate and authenicate you via a passphrase at logon.

[GolfProRM]

It really doesn't matter... My main issue is that this will hose any site that offers free email accounts... All those "kids" that use hotmail will be SOL because their parents won't pay for their emails...

[nlinecomputers]

The pay for email plan would kill free accounts but the other two plans would not be affected by it. Indeed it would help them. Now days I get so much spoofed email that anything from yahoo or hotmail is trashed without reading it. I've missed some valid mail that way. SPF would solve that as spoofed email would never make it while legit mail would.I appreciate IBE feelings of wanting to "Stick it to the spammer" but pay as you go email would be impossible to implement. Forcing crypto on everyone would be slightly easier to pull off but not that much and you really still can't easily force people to use it. SPF is likely to get codified as a RFC in the next 6 months to a year. It is going to happen and most of the major vendors of spam products and email servers are supporting the idea. Then all it takes is sysadmins to add the proper records to the DNS and users to set filters for email that lacks proper reverse lookups.(Or is can be done at the ISP level too.) Most spammers are allready breaking the law so they don't want to be tracked. So they aren't going to adopt this system and thus they will get filtered. Can't be a spammer if your spam never lands.

[Grasshopper]

The problem with spam is not-technological-governmental-due to ISP lack of effort-due to bad firewall or software or any other commercial entity (although they contribute)The problem is societal. Just like when man discovered murder. Murder is bad. Everyone who has even uncommon sense realizes that murder is bad. So why does it still happen?? Some people (the weaker links in society) are messed up! And with anything, it is only as strong as it's weakest link. Spam is the same way, although to a much lesser degree. But the analogy is the same. Spam will NOT EVER GO AWAY unless we give away our American rights to free speech and all the other so-called freedoms we have. This applies to other nations, too, that allow a degree of free speech and enterprise. I would assume that similar annoyances happen in countries where freedom is not present. The world is too big for a blanket tax or charge to work. Any solution to this would have to be complete and absolute rules (which will always offend someone) or make a system so infinitely complex that there are really no rules. And as we all know, rules are made to be broken, and they will be. The do-not-call thing is a perfect example. A piece of legistation comes up, which is a good thing for consumers on the surface, but then the companies bring their lobbyists in and wine, dine and sleep with the politicians and make loopholes in the law. Folks, they already have this planned WAY in advance. Society is fooled into thinking that the legislators and the government are on our side. Yes they do some good but society won't make sure that the government does their work right. They bank on issues of left and right and such. There is no logical solution to this problem. Any ideas that pop up are only local fixes when it comes down to it. What works for one won't for another.Now with all that said, I wonder if there is a way to be able to register an email address. What I mean is this. A new type of email system is invented where you have to register. Personal users would be free ('cept of course the ISP access), but it would be monitored by an entity (don't know who and yes, I know--anonimity goes out the window) for spam. The way that would be monitored? I have no idea. Commercial users could buy blocks of email addresses and they would have a pay scale for volume. For a regular company with employees doing "real jobs", it would be a low pay. But for high volume companies, especially ones that advertise, jack the price WAY up to discourage bad activities. Both of these could be monitored for spam and such. Again, I have no idea who would monitor and maybe, if someone with that monitoring entity were caught selling company info that was exchanged by email or used some of the personal emails to fraud someone, they could be punished heavily, in order to deter the monitoring company from "overmonitoring" so to speak. Their only job would be to monitor for spam, viruses and other malicious types of email junk. Which emails are spam? How do you pay for this? Would this slow the net down to a crawl? How could you separate the old email system from the new and how would you phase the old out? I don't know. I was just joining the interesting discussion. But again, society has to be able to stick together and weed out the "baddies" in all this. Like Stone said, fixing symptoms vs. fixing the source of the problem. This problem can't be patched.my 2 centstbird

[Ed_P]

Spam will NOT EVER GO AWAY unless we give away our American rights to free speech

Standing on a soap box and yelling "Down with the government" is free speech. Handing out leaflets on the corner saying the same thing is free speech. Sending junk is not. You really think you can say what you want where you want freely? Get on a plane and yell "hijack". Get on tv or the radio and yell "Down with jews" or "Down with blacks". You will find that type of free speaking isn't allowed. Put SPAM in the same classification. There's also the issue that not all spam is sent from free speech countries.

[ibe98765]

The problem with spam is not-technological-governmental-due to ISP lack of effort-due to bad firewall or software or any other commercial entity (although they contribute)The problem is societal.

Ah, but the problem is (at least partly) technological. Because people can spoof email addresses at will and even modify email headers, it makes spam easy to send and to hide your identity/location through.I'm not sure either that the underlying problem is societal. Saying this implies that spam is on the same level, as say murder or stealing, a crime against society. In reality, spammers are just trying to use the free enterprise system to make a buck. While spam is a major annoyance and takes a lot of resources to deal with from the user all the way through the ISP and government levels, it is by no means a crime against society.

There is no logical solution to this problem. Any ideas that pop up are only local fixes when it comes down to it. What works for one won't for another.

But there is! Making a small $$ charge for email would solve the problem directly and immediately by making it economically impossible for spammers to continue to operate. Then it wouldn't matter if we fixed problems with the system that allow spoofing and such to occur.Most everyone gets some amount of garbage snail mail right? How much more do you think you would get if the post office DIDN'T charge for mail delivery? This proposal is based on a proven model and it could work the same way for email delivery as it works for snail mail.I know that I am paddling uphill here because the solution I propose involves taking something that is currently free and now charging for it. But I truly feel that sometimes we need to step back and look at the big picture. Personally, I think that many problems in this world are caused by too many of us adopting a self-centered, selfish position instead of asking what would be best for everyone. Sort of a take off on John F. Kennedy's famous quote - "Ask not what your country can do for you, but what you can do for your country"...

[ibe98765]

It really doesn't matter...  My main issue is that this will hose any site that offers free email accounts...  All those "kids" that use hotmail will be SOL because their parents won't pay for their emails...

There is an easy way in this proposal to deal with the free email problem. Every account gets some limited number of free emails that can be sent on a daily/weekly/monthly basis. Perhaps 100 or 200 monthly?

[nlinecomputers]

The problem with spam is not-technological

I couldn't disagree more. The problem with spam IS a technological one. We all have locks on our doors, do we not? Does it stop all burglaries? NO. Does having a lock make it harder to be robbed? Of course it does. SPAM is so rampant because it is so easy to perform. IBE can charge for emails all he wants. Guess what would happen? Hackers would design viruses that would send email out in our names and WE'D get the D*** bill. Ever been slammed by the phone company? Ever had your credit card stolen and charges applied to your account? Oh Please! Charging for email wouldn't do anything but burden honest users and cause more problems for honest users. The spammers would still spam and on YOUR dime. (They do that already but the costs aren't as apparent.) I've already been Joe Jobbed. Now you want me to be stuck with a fraudulent email bill too? Get real.

[ibe98765]

IBE can charge for emails all he wants.  Guess what would happen?  Hackers would design viruses that would send email out in our names and WE'D get the D*** bill.  Ever been slammed by the phone company?  Ever had your credit card stolen and charges applied to your account?  Oh Please! Charging for email wouldn't do anything but burden honest users and cause more problems for honest users.  The spammers would still spam and on YOUR dime. (They do that already but the costs aren't as apparent.)  I've already been Joe Jobbed.  Now you want me to be stuck with a fraudulent email bill too?  Get real.

Ha! As I said, it's an uphill battle anytime anyone proposes taking money out of anyone's pocket, even if it is for the good of everyone in society. I guess that's why I wouldn't be a good politician. Here in California, due to a law called Proposition 13, people have million dollar homes and yet pay only $1000-2000 a year in taxes. We are running a $38 billion deficit, our state is effectively bankrupt, our schools are ranked near the bottom of all the states in the USA, services are being cut, infrastructure is not being updated. Much of the cause of these problems is blamed on the loss of revenue created by Proposition 13. Yet, any attempt to modify this law gets everyone up in arms because no one ever wants to pay more money for anything, even if it is good for society. Ludicrous examples are proffered such as if taxes go up, then seniors will lose their homes (Doh, they could take a second mortgage against the accumulated value in their houses) and so on. I think much of what you say in this quote is just basic uncertainty and fear mongering. Yes, there will always be problems with any good solution. There will always be people who find some part of the proposed solution disagreeable for one reason or another. Such is life.Still, I think what this thread has shown to-date is that their isn't any other better solution. You yourself and the author of the SPF proposal have acknowledged that it would likely not totally stop spam. All I see with this proposal is another weak attempt to put a band-aid on top of the existing infrastructure, which will just lead to more complication and more problems down the road.Seeing as we reached an apparent impasse, I have a new solution that is ABSOLUTELY, POSTIVELY, GUARANTEED TO work!To quote the Queen of Hearts in Alice In Wonderland: OFF WITH THEIR HEADS!!

[GolfProRM]

I think what this thread has shown is that there's NO ONE GOOD SOLUTION!!!! I think we all agree something needs to be done, and while we all have possible solutions, there are serious drawbacks to each. IBE... Since you said that the important thing is to come up with a solution, why not stop preaching about it here and do something with it? This discussion here can go on for months, but until you step up and propose this idea to someone who can do something about it, nothing's going to happen. I'm not trying to stop you from posting on this topic, but you're not going to make any real progress here... Okay... say you give every free website an X messages per month limit... Won't spammers still spoof 1000's of these addresses to get their mail delivered? I'm not trying to downlplay your idea, as I think it's probably necessary, but I think we need more than just payment. It's going to take an overhaul of the system as well. There are too many loopholes in the current email system for a payment to work.

[nlinecomputers]

Ha! As I said, it's an uphill battle anytime anyone proposes taking money out of anyone's pocket, even if it is for the good of everyone in society. I guess that's why I wouldn't be a good politician. Here in California, due to a law

That is the fatal flaw in your whole arguement. There is NO good to come out of this system. You indirectly compare it to taxes. Well with taxes both sides of the arguement makes has value. If I pay more in taxes in therory I get more services. If I pay less in taxes I get to keep money for services I don't use. I already can send email for FREE. Other then maybe getting less spam for which I don't think can happen simply because I can think of 800 different ways of going around it.(I notice how you avoided answering how a spammer wouldn't use outright fraud to avoid the tax.) what service or benefit does my payment get me, hmm? Nada, zero, nothing. That's why it is a bad idea. If you could send snail mail for free would you pay simply to avoid junk mail? Give me a better beneift and you might have something.

[nlinecomputers]

Still, I think what this thread has shown to-date is that their isn't any other better solution. You yourself and the author of the SPF proposal have acknowledged that it would likely not totally stop spam. All I see with this proposal is another weak attempt to put a band-aid on top of the existing infrastructure, which will just lead to more complication and more problems down the road.

Weak? Of the three ideas in this thread I think it is the strongest of the three. Please explain what you find are it's weak points. One of the problems with "totally" elimatating spam is how do you define spam? I am certain that some of the email I get by choice you would call spam and I'm sure the reverse is true. **** some of the email I get, like from some of my relatives, is sometimes unwanted. But I can't put it in the spam can permananty because sometimes important family issues come up in the mail.. However I can rest assured that the email I get from my relatives and even the wanted Commerical Email is from the sources listed and that I can email my Dad or Ebay and get them to stop. The guy trying to sell me viagra or get me a new credit card with a misspelled email isn't going to have a correct resturn address. Now if I could verify the address and decide for myself if I want the spam that would give me great power. I can do it with SPF or even the digitally signed e-mail. Your pay as you go email might be just as forged as the mail is now.

[ibe98765]

I think what this thread has shown is that there's NO ONE GOOD SOLUTION!!!!  I think we all agree something needs to be done, and while we all have possible solutions, there are serious drawbacks to each.  IBE...  Since you said that the important thing is to come up with a solution, why not stop preaching about it here and do something with it?  This discussion here can go on for months, but until you step up and propose this idea to someone who can do something about it, nothing's going to happen.  I'm not trying to stop you from posting on this topic, but you're not going to make any real progress here...

I intend to. I see the purpose of this thread to help work out some of the details of an eventual proposal. There was no intent to preach though in attempting to respond to the issues that have been brought up, I'll have to plead guilty and might have digressed a bit here and there. Also, I was hoping that with such an important problem that affects so many, that we would have gotten more participation and diversity of solutions presented. With 2000 registered members here, I find it a bit disappointing that all the posts to-date have been by just a few of the "usual suspects"... Oh well...

[ibe98765]

Still, I think what this thread has shown to-date is that their isn't any other better solution. You yourself and the author of the SPF proposal have acknowledged that it would likely not totally stop spam. All I see with this proposal is another weak attempt to put a band-aid on top of the existing infrastructure, which will just lead to more complication and more problems down the road.

Weak? Of the three ideas in this thread I think it is the strongest of the three. Please explain what you find are it's weak points. One of the problems with "totally" elimatating spam is how do you define spam? I am certain that some of the email I get by choice you would call spam and I'm sure the reverse is true. **** some of the email I get, like from some of my relatives, is sometimes unwanted. But I can't put it in the spam can permananty because sometimes important family issues come up in the mail.. However I can rest assured that the email I get from my relatives and even the wanted Commerical Email is from the sources listed and that I can email my Dad or Ebay and get them to stop. The guy trying to sell me viagra or get me a new credit card with a misspelled email isn't going to have a correct resturn address. Now if I could verify the address and decide for myself if I want the spam that would give me great power. I can do it with SPF or even the digitally signed e-mail. Your pay as you go email might be just as forged as the mail is now.

Some possible weaknesses were pointed out in earlier posts here by me. You can refer backward for them.Since the idea you are championing is, as you say, likely to be accepted as a standard in the next 6 months, I guess we will get the chance to see what it will do. I hope it works but I am not holding my breath. Meanwhile, I think we will eventually wind up paying to send email anyway. Not because it is a good or the best idea, but because big business will realize that they can kill two birds with one stone - stop spam (assuming the SPF initiative doesn't produce the results expected) and make more money (or retain it by cutting overall costs, which as pointed out earlier, will happen with less spam taking up bandwidth). Time will tell...

[Ed_P]

Also, I was hoping that with such an important problem that affects so many, that we would have gotten more participation and diversity of solutions presented. With 2000 registered members here, I find it a bit disappointing that all the posts to-date have been by just a few of the "usual suspects"... Oh well...

I think most forum participants realize that this thread is a waste of time. Nothing is going to change as a result of it especially the opinions of those that have posted in it. I also suspect that most members are here to get help with technical problems and to offer some in exchange and have little time to "shoot the bull" around the water cooler or more likely the coffee machine. imho

Meanwhile, I think we will eventually wind up paying to send email anyway. Not because it is a good or the best idea, but because big business will realize that they can kill two birds with one stone - stop spam (assuming the SPF initiative doesn't produce the results expected) and make more money (or retain it by cutting overall costs, which as pointed out earlier, will happen with less spam taking up bandwidth). Time will tell...

I agree. In a free capitalistic environment such as ours $$ rules, more than idealistic hot air. Thus "one stone - stop spam... make more money" will get the most attention of CEOs.

[Guest LilBambi]

These Forums are a wonderful place....where everyone's opinion is important. So, while a ground breaking idea may or may not be found through discussion, all the discussion is valid.Carry on!

[GolfProRM]

speaking of trying to stop SPAM...Congress poised for antispam vote

[ibe98765]

speaking of trying to stop SPAM...Congress poised for antispam vote

It's worth a try but it doesn't seem to have the teeth that the California bill has, which makes a company behind the spam liable, not just the deliverer (spammer). There is talk that the reason Congress is acting on this so fast is because it has been pressured by BIG BUSINESS lobbyists to take action specifically to neutralize California's law. A point that has been brought up in our prior discussions here doesn't seem to be addressed. How do you enforce this law against foreigners sending spam from outside USA jurisdiction? Let Bush nuke them?

      The bills would prohibit senders of unsolicited commercial e-mail from disguising their identity by using a false return address or misleading subject line. They also would prohibit senders from harvesting addresses off Web sites and require such e-mails to include a mechanism so recipients can indicate they do not want future mass mailings.    Both bills authorize the Federal Trade Commission to establish a do-not-spam list, similar to the agency’s popular do-not-call list of telephone numbers that marketers are supposed not to call. The FTC has criticized the idea, and the Direct Marketing Association has described it as “a bad idea that is never going to work.â€

[ibe98765]

Hmmm. This looks interesting...

http://www.newscientist.com/news/news.jsp?id=ns99994459Yahoo! plans to fight spam with 'domain keys'   17:51 08 December 03   NewScientist.com news service   A scheme for fighting spam by authenticating the sender of every email is being developed by Yahoo!, a US internet portal.The project would involve revamping the email system by building a worldwide database of digital domain name "keys" - a string of characters associated with a domain.Under the proposal, email messages would be automatically signed by the email server from which they are sent. Using a cryptographic scheme known as public key cryptography the receiving server could then check to see if the message really came from a valid system.Yahoo! believes this would prevent spammers from using forged email addresses - a common trick used to defeat anti-spam filters."What we're proposing here is to re-engineer the way the internet works with regard to the authentication of e-mail," Yahoo! spokesman Brad Garlinghouse told Reuters.However, the plan is provoking a mixed response from internet experts.Viagra to stationery Yahoo! says it will develop the software needed to run the system and then release it for free so that others can co-operate with its implementation. Similar schemes have been suggested in the past but Yahoo is the first major email provider to endorse such an approach.Some anti-spam campaigners welcomed the announcement. But technical experts were also cautious about its chances of success. Mark Sunner, chief technical officer of the UK email filtering company MessageLabs, says Yahoo! would need to work with every single email server in the world to prevent all forged messages getting through. But he adds that MessageLabs would be willing cooperate because it could at least reduce such forgery. "It's a step in the right direction," he told New Scientist. "But it isn't a 'magic bullet' that's going to stop all spam."Nicholas Bohm, of the UK campaign group CyberRights & CyberLiberties, says checking every incoming message would place a large stress on mail servers. "It doesn't sound madly promising," he says.Missives advertising everything from Viagra to stationery have become an enormous nuisance for internet users around the world. Up to half of all email messages are now thought to be spam.There is also strong evidence that spammers are using computer viruses to send out spam and also attack anti-spam servers with floods of bogus network traffic. ----------------------------------------------  Will Knight

[nlinecomputers]

And I proposed that very same idea plus a few other a few months back when you were ranting about how everyone should just pay for mail. This has a very good change of working IF the programs like sendmail adopt it and it mail hosts will load it on there servers. Or it has a chance to devide the internet into a have and have not internet. As most mailservers are swamped with spam I think most of them WILL adopt it. But only time will tell.

[ibe98765]

And I proposed that very same idea plus a few other a few months back when you were ranting about how everyone should just pay for mail.  This has a very good change of working IF the programs like sendmail adopt it and it mail hosts will load it on there servers.  Or it has a chance to devide the internet into a have and have not internet.  As most mailservers are swamped with spam I think most of them WILL adopt it.  But only time will tell.

Well, this sounds somewhat different than the proposal you were championing. I'm just reporting the news though. I take no position on what Yahoo wants to (or even if they can make it work). But as we have seen from politics, where there is a hole, the rats will find it. :'( So adoption by "MOST" is not going to cut it. Everyone needs to adopt it for it to work.I still maintain that the ultimate answer is to charge a very small amount for each email you send. This would have no effect on most home users, only those with high volumes of mail would see any real additional costs. But of course, any solution that mentions an extra charge immediately gets attacked. Now I know why politicans shy away from anything that will be construed as raising taxes. Instead, we borrow on the future to to spend more now.

[nlinecomputers]

Not by much. I've long proposed that all mail be encrypted or at least digitally signed by the sender as the means to track it. You can't fake or spoof digital signatures so it would be a sure way to track the source of the email. As most people point out the only real flaw with that plan is that most users can't properly setup normal email adding encryption would really confuse things. My second proposal was to simply use only registered SMTP servers as the only way to send mail. This would be checked by SFP. This plan kind of combines the two. Mail would be digitally signed as the means to verify the source but the mail wouldn't be signed by the sending user just by the originating SMTP server. Thus no digital signatures or new software for end users only for the servers. Most spam today is sent either by raiding an open relay SMTP server or by simply creating one of your own and sending the mail out or by using viruses to do that work. By using DC to certify mail the only people that would be allowed to get a DC are those running permanent SMTP servers(like ISPs) and they would be required to run an closed relay with authenticated logons. Most ISP don't run wide open relays but most do allow anonymous sending of email from within their network. That's got to stop. ISP's have got to know who the heck is using their SMTP servers.

[nlinecomputers]

AOL tests caller ID for e-mail.AOL is testing the SPF system that I have mentioned here in this thread. This is one of three different methods all doing about the same thing that are currently competing to get status as a full fledged RFC. If granted RFC status that means it is a standard on the internet that any all all email servers can use to mark mail. Such mail can then be filtered out if it fails to pass SPF tests. These test can be done client side or server side.Slashdot story on this and the other two as well.

[ibe98765]

Well, we'll have to see how it all works out. Hopefully, we will get some positive results. But if these fail, then the next step might very well be my idea of paying to send email...

[ibe98765]

Bruce Schneier weighs in on this issue in his current newsletter - Link:

The Economics of SpamLast month Bill Gates talked about spam at the World Economic Forum.  He said, "Two years from now, spam will be solved."He listed three technologies he claims will solve spam.  The first is based on positively identifying the sender of any e-mail.  The second involves a computational puzzle, something that a computer must do for each message that becomes  prohibitively expensive for any bulk mailing.  The third involves forcing the sender to pay for e-mail.  Gates feels that this is the most promising technology to kill spam once and for all.Spam is an interesting problem, because it's an economic one.  Spam is prevalent because -- as bizarre as it may seem -- it is profitable.  If spam were not profitable, it wouldn't be done.Gates is right that the best way to deal with the problem is to change the economics.  If spammers had to pay money for each message, as paper bulk mailers do, they would spam a lot less.  They would only spam interesting and effective messages.  Because spam is nearly free, even messages with marginal rates of return are profitable.Today, accounts that spam are shut down pretty quickly.  Or, at least, large ISPs block e-mail from those addresses.  In retaliation, spammers are more likely to use stolen accounts to send spam, and to change those accounts regularly.  Spammers are also willing to pay for hacker exploits in order to more efficiently break into systems.This means that anti-spam security that relies on positive identification isn't likely to work.  It'll mean that more spam will rely on stolen accounts.  It'll change the tactics of spammers, but not the amount of spam.  E-mail recipients could decide to only accept mail from people they already know -- so called white lists -- but those solutions are available and effective today.  But most people want to get e-mail from people they don't expect to get e-mail from, so most people don't use white lists.  Enforcing strong identification won't make this issue any different.Computational puzzles are an interesting idea, and one that has been talked about in the security community for a while.  The basic idea is that Alice sends Bob an e-mail.  Bob's computer responds with a mathematical puzzle for Alice's computer to solve.  Alice's computer does so and sends the result to Bob's computer, which in turn delivers the mail to Bob.You can see how this deals with spam.  Alice's computer has no trouble solving the puzzle, but it takes time.  If Alice's computer has to solve millions of these a day, it won't be able to.  So spam is reduced.It's an economic solution; it makes the sending of e-mail more expensive.  Spammers will respond by breaking into a lot more accounts and send a lot less spam out of each of them.  My guess is that no real spam reduction will result.Gates's third solution is the direct economic solution: charge for e-mail.  This one has also been talked about a lot in the security community.  It is also a very difficult one to implement.  Overlaying a fee structure on top of the existing e-mail system will be complicated.  It will have to deal with the fact that spam comes from every country, and not just the economically sophisticated ones.  The best solution is for fees to be collected close to the sender -- so spam doesn't clog the network -- but the easiest solution is for fees to be collected by the recipient.  And we'll all have to get beyond the expectation that e-mail is free.But this solution won't necessarily solve the problem of spammers breaking into other people's accounts, either.  You'd have to add some additional controls inside the network: how much e-mail a person can send in a day, maximum charges that can be accrued, that sort of thing.  Again, extremely difficult to implement in practice.  But at least it's thinking along the right lines.In general, I think that Gates is being overly optimistic.  Some of these ideas are promising, but most of the anti-spam ideas are more likely to change the tactics of spammers than reduce the overall rate of spam.  What's interesting to me is that his optimism comes largely from ignoring the problem of insecure computers on the Internet, primarily insecure Windows computers on the Internet.Right now the best solution is a spam filter.  I use one, and I get almost no spam.  There are a few false positives, but I find those when I clean out the filter every week.Now I just have to convince a bunch of filters that Crypto-Gram is not spam.

[ibe98765]

This looks interesting as a possible spam solution:

ISPs Can Slam Spammer Profits ...By MARK HALL FEBRUARY 16, 2004    ... with new technology that sits on a service provider's network borders and slows spam progress to a costly, slothlike pace. Called Edge GX and developed by Openwave Systems Inc. in Redwood City, Calif., the Linux- or Solaris-based software is the outgrowth of an ad hoc Internet service provider and vendor organization founded last fall with a decidedly uncatchy name, Messaging Anti-Abuse Working Group, and an even less melodic acronym, MAAWG. Although short on literary or phonetic style, the group is long on clever ideas to hinder spammers, such as getting ISPs to work together to fight pernicious unsolicited e-mail. "We don't defend against spam the same way carrier to carrier," observes Todd Dean, director of data operations and support at Cox Communications Inc. in Atlanta. But with the frightful costs of unnecessary bandwidth, server and storage capacity to handle spam, ISPs need a coordinated strategy, Dean says. He added that he and his competitors have seen the light and will begin to use common weapons to diminish, if not eliminate, spam. Edge GX is the first tool developed under MAAWG's auspices. According to Richard Wong, general manager of Openwave's messaging group, the software has two key features specifically for service providers. The first is called Receipt-To: Harvester. Again, you can question the less-than-snappy name, but not the cool technology. This feature keeps track of messages bounced back to an IP address, the inevitable result of classic dictionary attacks. If those mail-return numbers are beyond what the ISP deems legitimate, it will slow the rest of the outgoing messages from the spammer, "so much that it will take a decade to get through," claims Wong. The second technique looks at outbound mail traffic from a source: If it's outside normal behavior, it slows down message processing. If the queued messages continue to pile up, the oddly named Rate-Limiting Tarpitting feature drops the spammer connection for as little as a millisecond or as long as an hour, adding costs and hassles to spammers. For once. Edge GX hits the streets today.Link 

[Guest LilBambi]

Interesting concept ... Technology Review article: A Better Way To Squelch Spam? By Eric S. Johansson and Keith DawsonFrom page two of the article:

Strangers Pay, Friends Fly FreeThe Camram project has coined the term “hybrid sender-pays” to describe a system in which work stamps are combined with other anti-spam techniques in a “cocktail” that stops unwanted e-mail from reaching your inbox while enhancing your ability to communicate with people you know. Mail that arrives without a stamp has the same chance of getting through to your inbox as ordinary mail does in the current anti-spam environment.The Camram project has learned that the most effective anti-spam cocktail contains at minimum three filters: a stamp filter, a smart "white list," and a content filter. The white list is a roster of those with whom you exchange e-mail; it is used to let this friendly mail in unchallenged. The content filter looks at the content of the message and makes a probabilistic assessment as to whether the message is spam. Taken together, these three measures implement the principle of “strangers pay, friends fly free.” In other words, strangers who stamp their mail, and friends with whom you regularly communicate, have easy access to your inbox. All others go through the content filter.To understand hybrid sender-pays techniques by analogy to the real world, imagine a postal system that delivers anything to anybody—for no cost. The Camram filters would function something like an administrative assistant. This assistant passes to you, unopened, mail from friends, as well as all mail, regardless of sender, bearing a valid stamp. After reading the remainder, the assistant tosses the junk, delivers the good mail, and asks your opinion about the questionable mail.Camram’s hybrid sender-pays system has several advantages over other anti-spam techniques. It is completely decentralized: stamps can be generated and validated at any point in the process, and even offline. It is incrementally adoptable: it benefits the first user, and benefits accrue as the number of users grows. And the techniques can be used over a wide range of configurations, from the individual through the enterprise and ISPs. The two most common objections to sender-pays systems are the impact on mailing lists and the risks from “zombie” systems generating stamps. Mailing lists present spammer-like loads to an e-mail system, and therefore Camram-like systems would indeed slow them down. The short-term solution is not to use stamps on mailing-list messages—let them traverse the content filter and, after a short time, the recipients’ training of their filters will assure that such messages pass through unhindered. The longer-term solution is to employ a different kind of stamp based on cryptographic signatures. Such signature stamps present a much lower computational load than work stamps and therefore could be used by mailing lists and other bulk mailers to identify themselves to list members as “friends.”The zombie challenge comes from security flaws in Microsoft software. In the last year, as many as 1.5 million systems running Windows XP or Windows 2000 have been taken over in virus or worm attacks. By some estimates as much as half of all spam sent today is relayed through such zombies.Even if spammers controlled all of these systems—which is almost certainly not the case—they still would lack the computational power to generate enough 23-bit stamps to deliver today’s volume of spam. And if spammers do begin exploiting zombies to generate stamps, the computational cost of a stamp could easily be raised by increasing the number of bits in a valid stamp. (Individual Camram users are able to decide how many bits comprise an acceptable stamp.) Every additional bit doubles the workload for the spammer.Hybrid sender-pays systems as exemplified by the Camram project have the potential to make e-mail friendly again. Worries about e-mail from business associates or friends and family going astray become a thing of the past. The work of slogging through a spam trap to recover miscategorized messages is significantly reduced. Good e-mail gets through and bad e-mail is filtered, and these benefits ensue with an absolute minimum of extra work on the part of the email recipient. If compatible sender-pays systems become widely deployed, spammers will have to begin to look for another line of work.