[ale] OT: the Penny Black anti-spam proposal

David Corbin dcorbin at machturtle.com
Sat Dec 27 19:46:54 EST 2003


On Saturday 27 December 2003 19:00, ChangingLINKS.com wrote:
> > It *should* be stopped at the source.
>
> That attitude is why spam is still successfully sent today.

It's just a comment that the SMTP protocol is flawed. If SMTP required 
authentication, we'd probably have a lot less SPAM today.

>
> > I don't know that it can be.  Most of
> > the solutions I've heard tend to collapse in the face of mailing lists.
>
> All except the spamarrest solution, which by the way, IS VERY simular to
> the one we use in the current ALE mailing list.
>

Correct me if I'm wrong, by spamarrest is a challenge-response solution, 
right?  As things stand now (the way software works) I find this does C-R 
doesn't mix well with mailing lists.  Furthermore, since the way C-R usually 
identifies the sender, it's insecure/unreliable.

> > Without solving that solution, the solution I like is that it costs
> > someone some price (1 cent ?) to send an email to my inbox.  I get that 1
> > cent.  So, to carry on a bidirectional conversation, there is no real
> > cost to the end user.  If I could configure my account to NOT charge
> > certain people (like mailing lists, or subscribers to a list (if I run
> > it)) that would be even better.
>
> Right. Tell you what. I will pay you a penny for each commercial email I
> send. Easy. Spammers would gladly pay 1 cent for each email sent (assuming
> this payment also protect them from other more scary anti-spam measures).
> Will that stop spam?????????

You are on drugs. (excuse me.  An emotional reaction.  Do the math) The reason 
you get so much spam is that it cost pracitcally the same amount to send 1 
message or 10 million.  So they send 10 million.  The numbers get large 
enough that they can find enough idiots to respond to it and make money.  If 
every spam message I received the Spammer had to spend a $100,000 dollars on, 
I'd doubt they'd send me the same damn message 20 times in a week.

Not to mention the $20 a week or so I'd collect if I were wrong :) 

>
> Noooooooo.
> Affordable costs have never stopped direct mail, telemarketing, newspaper
> advertising, or paid listing search engines which ALL cost more to deliver
> the message. Even if the cost to send an email was as much as 32 cents,
> that would not stop spam (or even dent virus based spam).

It won't STOP it.  You're right.  Nothing will.  It will keep it an managable 
levels though.

>
> The more you guys support the pay-to-send model, the more I realize that
> M$FT's solution is not so far fetched. That was the idea that started this
> thread, and an idea that I think would be as effective and easy to
> implement as the pay-to-send method. I see so many obvious weaknesses in
> both methods.
>

I didn't say I thought we *should* do pay-to-send. I simply said it's the most 
appealing one I've heard.

> However, from my experience and observation, I have seen no weakness in the
> spamarrest solution. EVEN THE USER is prevented from compromising the
> system.
>
> Does anyone see weaknesses in a client-side spamarrest TYPE solution?
>

Wasted bandwidth.  Extra work for the innocent. AND, like most client-side 
"hacks"/anti-spam solutions, the spammers are even now finding a way to work 
around it.  It validates my email address to the sender. 

> If AOL or M$FT were to implement such an AUTOMATED system (set on by
> default), do you think spammers would be able to successfully send bulk
> email and profit as they are now?
>

Yes.  In about 3 months, they probably would.

> Another example of what I am talking about can be found here:
> http://www.marketleap.com/publinkpop
> (note how the "sender/user" must enter the security key)
>

-- 
David Corbin <dcorbin at machturtle.com>



More information about the Ale mailing list