http://www.nytimes.com/2006/12/06/te...rssnyt&emc=rss

I saw that this morning too. Explains a lot. I am getting blasted with SPAM both at work and home like I never have before. At least a dozen per day in each location, sometimes more than double that.

As I've said before, it is a sad statement that there are enough humans stupid enough to buy enough of what they are selling to make SPAM production worthwhile.

Is it possible to block, from my home PC, any email that originated from outside the country?

I may have to create an OK list, and block all others if that's what it takes. Basically only accept mail from people in my address book. Now there's an idea.

__________________
Don of Borg - Cool, Calm, Collective.

"Within the next generation I believe that the world's leaders will discover that infant conditioning and narco-hypnosis are more efficient, as instruments of government, than clubs and prisons, and that the lust for power can be just as completely satisfied by suggesting people into loving their servitude as by flogging them and kicking them into obedience." -- Aldous Huxley

Somewhat, kinda, on a tangent ToSeeked

__________________
Carl Matherly

Offical Battlestar Galactica Apologist

Named Time Magazine's 2006 "Person of the Year"

I may have to create an OK list, and block all others if that's what it takes. Basically only accept mail from people in my address book. Now there's an idea.

Earthlink already has this feature in their SpamBlocker service. Since I enabled it, not a single piece of spam has made it into my inbox. It blocks messages from known spammers. Earthlink keeps a running two week total of the blocked messages. The current total is 472 blocked messages, with the high being about 51 messages a day. I've seen the count as low as 300 and as high as 600+ for a two week period.

Emails from people who aren't in my address book are saved to a "suspect email" folder. I go there using Internet Mail every day or so to see if someone mailed me something legitimate. If so, I can add them to my address book so future messages get through. Probably 90+% of the suspect messages are spam, so I report them. This helps update the known spammer list.

Spam posts to this forum seem to have doubled in the last week.
We have some new methods to block it, thankfully, otherwise it would be all the moderators would have time for.

__________________
Forming opinions as we speak

I'm opposed to the death penalty in general, but I'd be willing to make an exception for spammers.

I've been surprised lately that a couple of spams have even made it through the filters at work. That had never happened before in ten years.

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

That's usually referred to as a "white list" and I actually think it's a great idea for most people's personal email. If you have kids, it's the perfect solution. That way, you can email them and even their friends can email them, but they don't see the spam.

I don't know if there is a workable solution to spam, because it really comes down to the old "tragedy of the commons" thing, but I wonder if a combination of cryptographic signatures, public key infrastructure, a web of trust, and white lists, would get us a 99% solution.

I haven't entirely fleshed it all out, but it works something like this: we all establish identities for ourselves using public key cryptography. Now I can sign an email that I send to you, and you can know with absolute certainty that it came from me and that it hasn't been altered.

Next, we sign the public keys of people we personally know. So for example, I'd be happy to sign toseek's public key.

We set up white lists, and only accept email from people we trust. I'm on your white list, so you accept email from me. But one day, toseek wants to email you. No problem, you look up his public key in the PKI and find that it's been signed by me - and I'm someone you trust. So because you trust me, you also trust toseek. He is added to your whitelist and the email is delivered. All of that is automatic by the way. From the user's standpoint, the email just arrives in your box as it does now.

What this does is, it creates a very small barrier to entry for anyone who wants to send email. I can't just go out and create an anonymous account (tofu@myhost.com) anymore. Well, I can create that account but nobody will get the email I send from it. First, I have to make a friend and have them sign my public key. Then I'm inside the web of trust and I can send email.

Of course, spammers can do this too - this is why it isn't a 100% solution. It's only a 99% solution. So let's say that toseek turns out to be a spammer (something I've always suspected). He creates an account, alice@wonderland.com and uses his toseek account to sign alice's PK and admit her to the web. Now he starts sending spam from the alice account. Because I trust toseek (big mistake) I also trust alice and her spam makes it to my inbox. The spam also makes it into your inbox because you trust me.

So what we do is, we mark the messages from alice as spam. After a certain threshold, say 3 or 4 spams, alice is blacklisted from the PKI and removed from the web of trust. Of course, toseek can just create another account, right? Well, having someone you trusted become blacklisted also counts against you. So toseek gets a black mark too. After he has trusted some threshold of spammers, say 3 or 4 of them, we blacklist him too.

So, this wouldn't stop spam, it would just create a barrier to entry for the spammers. Today, a spammer can send a million emails with the click of a mouse. Under this system, then can't send very many at all before burning up an identity.

There's probably some little devil in the details that makes this scheme not work, or someone else would be doing it already.

One of the tricks, discussed previously here, is that a lot of the spam blockers are based on certain words, such as Viagra. A lot of the spammers now put the actual message in as a picture, and so the spam blockers don't catch that. Most of the spam I get now is like that.

__________________
At night the stars put on a show for free (Carole King)

The ones I got didn't have pictures, but they didn't have words like "viagra" (or as many spammers like to put it "v1^gr^") either. The latest one was for something or other they were pushing on e-bay. I opened it because it looked very similar to the internal spam we get all the time offering us stuff from the company gift shop.

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

I've got 99% of it blocked, but every once in a while, I'll check to see what's being sent, and it's definitely growing.

I agree

The one good thing about my sbc/yahoo e-mail is that they have an aggressive spam filter. Only a couple pieces a week make it to my inbox but the bulk folder gets close to 50 a day.

__________________
Reality is for those that can't handle video games.

I don't get spam

.

Yey for me, my email is Secret

__________________
If this writing is blue you're going too fast!

What we need is enough spam to make the current email system impossible to use. That would create a market for a new system that charges for delivering messages. As long as email is cheap to send there will be people willing to abuse it. Passing laws against spamming obviously isn't working.

__________________
Life is like a box of chocolates. All of your choices are bad for you.

A nice idea, but how exactly does it work? Who collects the charges? If your answer is, "your ISP collects the charges when you send mail" ok, so if I email you, then you assume that my ISP charged me for it?? So all I have to do is find an ISP in russia that will wave the charges in exchage for a flat fee. Well guess what, the spammers are already in russia! If your answer is, "the ISP that recieved the mail will collect the charges" then I can't wait to hear the protocol you've come up with that Ketchikan University in BFE alaska is going to use to charge joe_shmoe@taiwan.com. Is the payment made in dollars?

Also keep in mind (from the linked article) most emails are sent from botnets. What that means is, your computer gets hacked and the spammers use your computer to send the spam. So I'd like to see how your system stops spammers from hacking your computer or your grandma's computer and running up charges that you and your grandma have to pay.

It really is a difficult problem guys. I was talking to a coworker yesterday about my idea (posted above) and he shot a bunch of holes in it. For starters, under my system the spammers would DOS people by claiming that they had sent spam, thus reducing the level of trust in the whole system.

It's a seriously difficult problem.

ISPs would charge their customers a small amount for each email and would charge each other for receiving and delivering email. If a customer sends a large number of messages his ISP will realize that it's going to cost them a fortune if they send them to other ISPs for delivery and insist that the customer pay in advance. If I got a large email bill from my ISP I'd know that I was hacked and not pay it. They'd then trash the email and I'd do a virus scan.

If an ISP got a large number of messages from another ISP they'd suspect spamming and insist on payment in advance. If the sending ISP didn't pay then the email would be trashed.

If two ISPs decided to trade spamming rights then their customers would start getting spam again and would switch to a more reputable ISPs. The spamming ISPs would lose customers and their spamming operation would lose income.

It seems unlikely that all ISPs would make spamming deals. The big guys have too much to lose if their reputations are damaged. There might still be some spam but it would be greatly reduced.

If the above scheme isn't good enough then I have another idea. Each individual email user could set a price that he wants to be paid for receiving each piece of email. It need not be a large amount and each user could have a buddy list of people who would not be charged. Each sender of an email would include the maximum amount that he's willing to pay to have it delivered. If he offers at least what the recipient asks for then the email would be delivered and the sender would pay the recipient's fee. If the offer isn't enough then the email would be returned and the sender would be told how much he must offer to get it through. If it gets delivered, the sender's ISP would pay the recipient's ISP and the ISPs would settle up with their own customers monthly.

Since the recipients must be paid, the ISPs could not make profitable spamming deals and they'd have to put credit limits on their customers. If my computer were hacked by a spammer I'd soon reach my limit and the spam would stop. As in the previous idea, if an ISP received an unusually large amount of mail from another ISP they'd suspect spamming and demand payment in advance. They'd have to because they'd have pay their customers if they delivered it.

yep, I quit checking the spam folder. yahoo does a good job.


MSN doesn't however, I still get a couple per day delivered into my inbox.


I have never once had a spam in my GMAIL account however. Course I didn't use it much until October.

__________________
"I will do my best to understand and explain the universe from big to small without invoking miracles, unrepeatable events, or divine intervention. In place of those things I will use observations, mathematics, and science."


-Cross
My travel blog

Some of my Astrophotography


Those that lack education have a hard time understanding its value. - Cross

I'm getting about 1000 a day. Everything @myemailaddress comes to my mail box. Most of them are made up names that have never been used. We've got a broadband contract with Demon so changing ISP isn't an option without losing money. Demon has a filter but you can't see what's been deleted and when I tried it legitimate emails disappeared into it.

I use webmail and sort by 'to' and often delete in batches of 50 when there's a long list of the same non-existent name. I could sort them on the computer, but I don't like downloading them. I didn't go on line for two days this week and came back to 2900 e-mails - about 48MB. Demon don't limit space - they delete after 30 days.

There was an article in the Guardian a few weeks ago which went through various ways of dealing with spam and came to the conclusion that the only thing that would effectively stop it was if no one replied to it! But the way it's going e-mail won't be usable.

__________________
Carolyn

"All the screens are filled with heroes and losers, but the sky's still filled with stars"
...Midnight Oil - 'Golden Age'

I'm not sure if you mean that all this mail is coming to "you@youremail.com" or if you get mail for "anyone@youremail.com". If it is the latter, n\my dad was having an issue with this. We put Thunderbird on his computer then told ti to not allow anything that did not contain "you@youremail.com" and 95% of the stuff stopped coming in. THe problem with T-bird is that it cannot be used for web mail, like hotmail. It will only work with POP3 mail.

__________________
A Nerd can figure out how long it will take the original Enterprise traveling at warp 6.5 to travel from Regulus to Antares.
A Geek will think he can use that to pick up a girl in a bar.
A Dork knows he can't pick up the girl with it, but will hang around for hours anyway, just in case she asks.
She might. You never know.

Sorry, I couldn't think of the right syntax. It's "anyone@youremail.com". It's probably obvious from my previous posts that I'm not familiar with the finer points of e-mail! It is POP3, but I think I'm going to have to download it then delete it.

In the past spam has come in waves, but this deluge shows no sign of subsiding. From the comments here, and from what I've read it looks like filtering online isn't going to be possible with my set up.

I have Evolution which has plenty of options for filtering. I haven't because I just don't want all that rubbish on the computer, though as it's Linux any viruses/worms are unlikely (not impossible!) to do any damage.

With junk snail mail it was easy to register with the Mailing Preference Service. I don't get junk snail mail. Similarly with the Telephone Preference Service. It's not so straightforward with e-mail.

__________________
Carolyn

"All the screens are filled with heroes and losers, but the sky's still filled with stars"
...Midnight Oil - 'Golden Age'