[ale] OT: the Penny Black anti-spam proposal

[ChangingLINKS.com]

> You're willing to continue to let all that bandwidth be wasted?
Yes. For some time (see below).
Oh, by the way, exactly how much "bandwidth" is being wasted? 
How (and how much) does it impact your ability to surf or use the Internet?
How much bandwidth does spam use as compared to illegal downloads?

>  It 
> could be put to such good use.
Like? 
(I am not being a smart *ss I am really curious as to whether spam email is 
"using bandwidth" to a degree that has kept the bandwidth from being used to 
do the more productive X - WHILE there is not enough bandwidth to go around. 
>From my chair, I have not observed it - while I have observed DDoS attacks 
and the like, and can clearly see the damage inflicted.).

> The solution should be at the other end 
> of the pipe, not at the receiving end.

No. The solution should be at both ends (see below).

> > For example, some of my members have email accounts that make me (as
> > a human) verify that I sent the email. It is not too much trouble to
> > fill out the form. There are other solutions as well (like my
> > personal method is just to simply change email addresses after my box
> > starts to get overwhelmed by spammers that spider the ALE list).
> > Others use spamassasin, etc.
> 
> None of these address the wasted resources, which is my primary concern.

Your solution wastes the resources of the ISP (giving them the task for 
billing for email) and possibly the resources of the receiver, but NOT the 
spammer. A spammer (or capitalist) will simply raise prices to offset the 
cost of sending the spam. Simple.

That in and of itself blows the pay-to-send model out the window - especially 
considering those NON-commercial interests (that are using the bandwidth :) 
for "good") that will be harmed in the process. Still, not well thought out.

Contrarily, if "everyone" (the type of everyone M$FT is proposing and likewise 
that YOU are proposing with a pay-to-send model) were to use "spamarrest" the 
results would be completely different. 

How, you ask?

What fuels spam is $ and volume. If "everyone" started using spamarrest, the 
spammers would have to verify each email they send BY HAND. Wouldn't that 
reduce the effectiveness of spam in general?
Next, once the "verified" spam got through, the receiver could easily ban the 
sender, and even set more criteria, thus effectively closing the pipe line. 
Wouldn't that reduce the effectiveness and volume able to be received?

Once you reduce the effectiveness of spam enough, you can raise the cost 
beyond what is profitable. You have recognized earlier that the solution I 
have supported works at the receiving end. Now, hopefully you can see how it 
works effectively at the sending end.

If that weren't good enough reason, there are other benefits:
1. The system that I support is ALREADY in use. No new research or guessing 
needed.

2. The system is IMMEDIATELY effective for the receiver. Set up spamarrest 
today, and by tomorrow, your inbox will be virtually spamless. Charging a 
dime to send an email won't necessarily do that - because that is a matter of 
ROI.

3. While some of these "bandwidth" resources you are trying to protect will be 
wasted for some time, it is clear that MORE effort and resources will be 
wasted overall while the ISP scrambles to count and charge for each email 
sent. (By the way, where does that money go? To the ISP? To some Great Email 
God in the Sky? If not to the God - what keeps an ISP from simply marketing/
saying "Oh yeah, and we don't charge to send email like those other ISPs").

4. Regardless of the product being sold and it's margin or ROI, a spamarrest 
type of system will strangle the lifeblood of spam - volume AND reduce profit 
for the spammer simultaniously.

5.  Lists like the ALE, and even my websites can continue correspondance 
regardless of how big they get (how much email is sent) - without incurring 
undue cost on good Netizens - while using the same verfication infrastructure 
already in place.

6. 
a. While M$FT's solution focuses on processing power as a weakness, hardware 
(and software) is getting faster - which will make M$FT's solution weaker 
over time. 
b. While your solution focuses on cash reserves as a weakness, and heaps more 
responsibility on ISPs (and ignores viruses that could be set up to send spam 
from a victim's computer) it is obvious that the more keen spam marketers 
will overcome this by increasing the effectiveness of their marketing message 
and or changing their pricing.
c. While the "public embarrassment" solutions are humorous, they overlook the 
current problems with bringing spammers to justice with our current legal 
system, as well as ignoring the fact that some have streaked the President 
(or sporting events) with URLs written on their naked body. In other words, 
the punishment could be used as an advertising medium itself. :)
d. However, while the a. and b. solutions are being set up, users can adopt a 
spamarrest type solution and cost spammers MAN (not processor) power and 
money (not skill).

7. End users may equate the charge for sending email as an "Internet Tax" 'Nuf 
said. 

8. Further, I'd be willing to bet that spammers would be more than willing to 
convert their business to "preventing spam" and then sending exclusive spam 
(like spamarrest). This "flexibility" of spammers has been witnessed in the 
Internet community many times (examples: FFA pages, link farms, the products 
and spam scams themselves have evolved).

9. Microsoft could easily take the lead on stopping spam by simply building in 
a free "spamarrest" feature into their email clients set to "on" BY DEFAULT. 
With 90%(or whatever percentage) of the client side computers being M$FT - it 
would put a HUGE dent in the number of people who read spam. 
<ducks and whispers>And, if they outsource the code (or drop it in the lap of 
a jobless US citizen) the additional code would cost no more than $30K</end 
ducking> The point is that the client-side "spamarrest" solution is easy and 
cheaper and could even be a downloadable upgrade to current M$FT email 
clients. Of course, this could expose M$FT to another anti-trust lawsuit. 
This time . . . . by spammers ;)

10. All of the points above allow us to use our current systems and abilities 
to virtually stop spam within M$FT's next two OS releases without making up 
"new rules, laws, infrastructure, processor puzzles, forms of capital 
punishment or flavors of jelly beans."

'Course now that I have written all of these ideas, I am going to waste more 
bandwidth by sending this to all of you, when it could have INSTEAD been used 
to do . . . . . . ?
-- 
Wishing you Happiness, Joy and Laughter,
Drew Brown
http://www.ChangingLINKS.com

 
> -- 
> Until later, Geoffrey	esoteric at 3times25.net
> 
> Building secure systems inspite of Microsoft