http://www.nytimes.com/2006/12/06/te...rssnyt&emc=rss

I saw that this morning too. Explains a lot. I am getting blasted with SPAM both at work and home like I never have before. At least a dozen per day in each location, sometimes more than double that.

As I've said before, it is a sad statement that there are enough humans stupid enough to buy enough of what they are selling to make SPAM production worthwhile.

Is it possible to block, from my home PC, any email that originated from outside the country?

I may have to create an OK list, and block all others if that's what it takes. Basically only accept mail from people in my address book. Now there's an idea.

__________________
Don of Borg - Cool, Calm, Collective.

"Within the next generation I believe that the world's leaders will discover that infant conditioning and narco-hypnosis are more efficient, as instruments of government, than clubs and prisons, and that the lust for power can be just as completely satisfied by suggesting people into loving their servitude as by flogging them and kicking them into obedience." -- Aldous Huxley

Somewhat, kinda, on a tangent ToSeeked

__________________
Carl Matherly

Offical Battlestar Galactica Apologist

Named Time Magazine's 2006 "Person of the Year"

I may have to create an OK list, and block all others if that's what it takes. Basically only accept mail from people in my address book. Now there's an idea.

Earthlink already has this feature in their SpamBlocker service. Since I enabled it, not a single piece of spam has made it into my inbox. It blocks messages from known spammers. Earthlink keeps a running two week total of the blocked messages. The current total is 472 blocked messages, with the high being about 51 messages a day. I've seen the count as low as 300 and as high as 600+ for a two week period.

Emails from people who aren't in my address book are saved to a "suspect email" folder. I go there using Internet Mail every day or so to see if someone mailed me something legitimate. If so, I can add them to my address book so future messages get through. Probably 90+% of the suspect messages are spam, so I report them. This helps update the known spammer list.

Spam posts to this forum seem to have doubled in the last week.
We have some new methods to block it, thankfully, otherwise it would be all the moderators would have time for.

__________________
Forming opinions as we speak

I'm opposed to the death penalty in general, but I'd be willing to make an exception for spammers.

I've been surprised lately that a couple of spams have even made it through the filters at work. That had never happened before in ten years.

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

That's usually referred to as a "white list" and I actually think it's a great idea for most people's personal email. If you have kids, it's the perfect solution. That way, you can email them and even their friends can email them, but they don't see the spam.

I don't know if there is a workable solution to spam, because it really comes down to the old "tragedy of the commons" thing, but I wonder if a combination of cryptographic signatures, public key infrastructure, a web of trust, and white lists, would get us a 99% solution.

I haven't entirely fleshed it all out, but it works something like this: we all establish identities for ourselves using public key cryptography. Now I can sign an email that I send to you, and you can know with absolute certainty that it came from me and that it hasn't been altered.

Next, we sign the public keys of people we personally know. So for example, I'd be happy to sign toseek's public key.

We set up white lists, and only accept email from people we trust. I'm on your white list, so you accept email from me. But one day, toseek wants to email you. No problem, you look up his public key in the PKI and find that it's been signed by me - and I'm someone you trust. So because you trust me, you also trust toseek. He is added to your whitelist and the email is delivered. All of that is automatic by the way. From the user's standpoint, the email just arrives in your box as it does now.

What this does is, it creates a very small barrier to entry for anyone who wants to send email. I can't just go out and create an anonymous account (tofu@myhost.com) anymore. Well, I can create that account but nobody will get the email I send from it. First, I have to make a friend and have them sign my public key. Then I'm inside the web of trust and I can send email.

Of course, spammers can do this too - this is why it isn't a 100% solution. It's only a 99% solution. So let's say that toseek turns out to be a spammer (something I've always suspected). He creates an account, alice@wonderland.com and uses his toseek account to sign alice's PK and admit her to the web. Now he starts sending spam from the alice account. Because I trust toseek (big mistake) I also trust alice and her spam makes it to my inbox. The spam also makes it into your inbox because you trust me.

So what we do is, we mark the messages from alice as spam. After a certain threshold, say 3 or 4 spams, alice is blacklisted from the PKI and removed from the web of trust. Of course, toseek can just create another account, right? Well, having someone you trusted become blacklisted also counts against you. So toseek gets a black mark too. After he has trusted some threshold of spammers, say 3 or 4 of them, we blacklist him too.

So, this wouldn't stop spam, it would just create a barrier to entry for the spammers. Today, a spammer can send a million emails with the click of a mouse. Under this system, then can't send very many at all before burning up an identity.

There's probably some little devil in the details that makes this scheme not work, or someone else would be doing it already.

One of the tricks, discussed previously here, is that a lot of the spam blockers are based on certain words, such as Viagra. A lot of the spammers now put the actual message in as a picture, and so the spam blockers don't catch that. Most of the spam I get now is like that.

__________________
At night the stars put on a show for free (Carole King)

One Earth, One Sky - IYA 2009
All moderation in purple

The ones I got didn't have pictures, but they didn't have words like "viagra" (or as many spammers like to put it "v1^gr^") either. The latest one was for something or other they were pushing on e-bay. I opened it because it looked very similar to the internal spam we get all the time offering us stuff from the company gift shop.

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

I've got 99% of it blocked, but every once in a while, I'll check to see what's being sent, and it's definitely growing.

I agree

The one good thing about my sbc/yahoo e-mail is that they have an aggressive spam filter. Only a couple pieces a week make it to my inbox but the bulk folder gets close to 50 a day.

__________________
Reality is for those that can't handle video games.

I don't get spam

.

Yey for me, my email is Secret

__________________
If this writing is blue you're going too fast!

What we need is enough spam to make the current email system impossible to use. That would create a market for a new system that charges for delivering messages. As long as email is cheap to send there will be people willing to abuse it. Passing laws against spamming obviously isn't working.

__________________
Life is like a box of chocolates. All of your choices are bad for you.

A nice idea, but how exactly does it work? Who collects the charges? If your answer is, "your ISP collects the charges when you send mail" ok, so if I email you, then you assume that my ISP charged me for it?? So all I have to do is find an ISP in russia that will wave the charges in exchage for a flat fee. Well guess what, the spammers are already in russia! If your answer is, "the ISP that recieved the mail will collect the charges" then I can't wait to hear the protocol you've come up with that Ketchikan University in BFE alaska is going to use to charge joe_shmoe@taiwan.com. Is the payment made in dollars?

Also keep in mind (from the linked article) most emails are sent from botnets. What that means is, your computer gets hacked and the spammers use your computer to send the spam. So I'd like to see how your system stops spammers from hacking your computer or your grandma's computer and running up charges that you and your grandma have to pay.

It really is a difficult problem guys. I was talking to a coworker yesterday about my idea (posted above) and he shot a bunch of holes in it. For starters, under my system the spammers would DOS people by claiming that they had sent spam, thus reducing the level of trust in the whole system.

It's a seriously difficult problem.

ISPs would charge their customers a small amount for each email and would charge each other for receiving and delivering email. If a customer sends a large number of messages his ISP will realize that it's going to cost them a fortune if they send them to other ISPs for delivery and insist that the customer pay in advance. If I got a large email bill from my ISP I'd know that I was hacked and not pay it. They'd then trash the email and I'd do a virus scan.

If an ISP got a large number of messages from another ISP they'd suspect spamming and insist on payment in advance. If the sending ISP didn't pay then the email would be trashed.

If two ISPs decided to trade spamming rights then their customers would start getting spam again and would switch to a more reputable ISPs. The spamming ISPs would lose customers and their spamming operation would lose income.

It seems unlikely that all ISPs would make spamming deals. The big guys have too much to lose if their reputations are damaged. There might still be some spam but it would be greatly reduced.

If the above scheme isn't good enough then I have another idea. Each individual email user could set a price that he wants to be paid for receiving each piece of email. It need not be a large amount and each user could have a buddy list of people who would not be charged. Each sender of an email would include the maximum amount that he's willing to pay to have it delivered. If he offers at least what the recipient asks for then the email would be delivered and the sender would pay the recipient's fee. If the offer isn't enough then the email would be returned and the sender would be told how much he must offer to get it through. If it gets delivered, the sender's ISP would pay the recipient's ISP and the ISPs would settle up with their own customers monthly.

Since the recipients must be paid, the ISPs could not make profitable spamming deals and they'd have to put credit limits on their customers. If my computer were hacked by a spammer I'd soon reach my limit and the spam would stop. As in the previous idea, if an ISP received an unusually large amount of mail from another ISP they'd suspect spamming and demand payment in advance. They'd have to because they'd have pay their customers if they delivered it.

yep, I quit checking the spam folder. yahoo does a good job.


MSN doesn't however, I still get a couple per day delivered into my inbox.


I have never once had a spam in my GMAIL account however. Course I didn't use it much until October.

__________________
"I will do my best to understand and explain the universe from big to small without invoking miracles, unrepeatable events, or divine intervention. In place of those things I will use observations, mathematics, and science."


-Cross
My travel blog

Some of my Astrophotography


Those that lack education have a hard time understanding its value. - Cross

I'm getting about 1000 a day. Everything @myemailaddress comes to my mail box. Most of them are made up names that have never been used. We've got a broadband contract with Demon so changing ISP isn't an option without losing money. Demon has a filter but you can't see what's been deleted and when I tried it legitimate emails disappeared into it.

I use webmail and sort by 'to' and often delete in batches of 50 when there's a long list of the same non-existent name. I could sort them on the computer, but I don't like downloading them. I didn't go on line for two days this week and came back to 2900 e-mails - about 48MB. Demon don't limit space - they delete after 30 days.

There was an article in the Guardian a few weeks ago which went through various ways of dealing with spam and came to the conclusion that the only thing that would effectively stop it was if no one replied to it! But the way it's going e-mail won't be usable.

__________________
Carolyn

"All the screens are filled with heroes and losers, but the sky's still filled with stars"
...Midnight Oil - 'Golden Age'

I'm not sure if you mean that all this mail is coming to "you@youremail.com" or if you get mail for "anyone@youremail.com". If it is the latter, n\my dad was having an issue with this. We put Thunderbird on his computer then told ti to not allow anything that did not contain "you@youremail.com" and 95% of the stuff stopped coming in. THe problem with T-bird is that it cannot be used for web mail, like hotmail. It will only work with POP3 mail.

__________________
I'm not evil.
An evil person would do the things I think up.

Sorry, I couldn't think of the right syntax. It's "anyone@youremail.com". It's probably obvious from my previous posts that I'm not familiar with the finer points of e-mail! It is POP3, but I think I'm going to have to download it then delete it.

In the past spam has come in waves, but this deluge shows no sign of subsiding. From the comments here, and from what I've read it looks like filtering online isn't going to be possible with my set up.

I have Evolution which has plenty of options for filtering. I haven't because I just don't want all that rubbish on the computer, though as it's Linux any viruses/worms are unlikely (not impossible!) to do any damage.

With junk snail mail it was easy to register with the Mailing Preference Service. I don't get junk snail mail. Similarly with the Telephone Preference Service. It's not so straightforward with e-mail.

__________________
Carolyn

"All the screens are filled with heroes and losers, but the sky's still filled with stars"
...Midnight Oil - 'Golden Age'

you might want to have a look at popfile. http://popfile.sourceforge.net/

The way it works is, it runs on your machine and checks all your inboxes (this makes it great for families or people with multiple accounts). Then it filters the email for you. Whatever email client you use, you set it to download email from the popfile server running on a port on your own machine.

I hear it's pretty good once you train it.

If it were possible to charge for email, how much would the cost have to be to deter spammers? Can anyone think of any way to put a lower bound on it?

What I'm getting at is, I think that almost any cost would put a stop to the run-of-the-mill spammers, the people selling Viagra. I believe they have to send a million email in order to make a single sale. So the cost could be as low as 1/4 of a penny per email and that would mean it costs them $2,500 to send spam. That would put them out of business. So I wonder just how low of a charge would still work. 1/10th of a penny?

But what about the stock spammers? I linked to a study in a previous spam thread that showed that stock spammers always make about 6% profit. So for them, no charge for email would be deterrent so long as they had enough cash invested so that the 6% profit covered the cost of the email. For example, if they could invest $42,000 in the stock, then they would make $2520 after sending the spam - enough to cover the cost of a million spam messages.

Do you think that the stock spammers have that kind of money?

Today I received a "Microsoft Office Live Team" mail with a big typo in the title and "Web site" with space and 1 capital. I immediately thought "spam!!". It's a genuine MS mail though. I'm getting paranoid .

Subject:

__________________
To the regular visitor of internet bulletin boards it is clear that it's an excellent idea your parents get to choose your real name.

Conventional spam filters could still be used in addition to the charge. The price per message could also be increased gradually until spam ceased to be a problem. Even at ¼¢ per message most spam would be stopped. That's better than relying solely on spam filters like we are now. I don't expect all unrequested ads to be stopped, just greatly reduced.

__________________
Life is like a box of chocolates. All of your choices are bad for you.

Just because it came from MS doesn't mean it isn't spam. Was it unsolicited? Were they trying to sell you something? Did they send the same message to a large number of people on their list? Then it's spam, as far as I'm concerned.

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

I wonder though, if the spammers would just start using stolen credit cards. In discussing this with coworkers, we're also concerned about the botnet issue.

If the *spammer* had to pay $2500 to send a million emails, I totally agree, that would stop all spam. But what I'm concerned with is that the spammers are sending their email from a hacked computer - from your grandmother's computer. Wont they just keep doing what they've always done, except tht now your grandmother gets a bill for 2500? Or alternately, they only have to steal one credit card per spam blast.

In an earlier post, I asked "who collects the charges" I've pretty much got that part figured out. (I'll share if anyone cares) But the part I don't have a solution to is botnets and stolen CCs.

It was a commercial for their office live services, linking only to the official office live site.

The mail icon had the MS butterfly, offered only free products and linked only to official MS sites.

It was somewhat different from other MS mail, but that is mainly because other MS mail was MSN mail, and this is Office Live.

Sent from:

__________________
To the regular visitor of internet bulletin boards it is clear that it's an excellent idea your parents get to choose your real name.

If stolen credit cards became a major way to fund spam then banks would probably stop allowing cards to be used to pay for email except by prior arrangement between the bank and cardholder. When a credit card is issued the user would have to specifically ask for the ability to pay for email and set a monthly limit for it. He would accept responsibility for any emailing charges put on the card so most people would leave it off or set a small limit. Then most stolen credit cards would be useless for sending spam. Most people would not be paying large email charges so it would be no real inconvenience to not be able to. When an ISP received a credit card number from someone to charge for emailing services they'd have to report it as such so the authorization center would know to decline it if it's not allowed. Computer software would handle that automatically most of the time.

So your grandmother would never get that $2500 credit card bill because the ISP would be told that the charge was fraudulent. The spam would not be delivered.

__________________
Life is like a box of chocolates. All of your choices are bad for you.

I run a website for a railroad museum I'm a member of. In the last month I started getting numerous bounced emails. It's now up to 20 or so a day. Somebody has taken our domain name and is plugging it into the from line on the headers. Now if you seriously examine the header, you'll see that it actually isn't coming from us; just the "From" line is being spoofed.

So far we haven't received any complaints, but I'm waiting for the day I have to explain to the board of directors why somebody(ies) called complaining that we were spamming them. (Actually we did have a grandmother complain that I had porn in the children's Thomas the Tank Engine photo gallery.)

One thing that bothers me with the super aggressive spam filters (AOL comes to mind) is that those of us who have email newsletters chance getting in trouble because somebody signed up for the newsletter and forgot to add the email address to the contact list.

AOL is extremely bad about this to the point that some, many, hosts suggests that you disallow AOL users from signing up. At one point I did purge my database of all AOL addresses when I was trying to troubleshoot a spam warning from my host because AOL was threatening to blacklist their entire company. (Apparently a typical AOL maneuver too, one spamming domain and they'll blacklist the entire hosting company.)

Nicolas, you've missed my point. Even though it was from MS, it was unsolicited advertising e-mail. I still consider that to be spam. Why should sending out mass junk e-mail be ok for MS but not for some guy selling v!agra in Russia?

__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.

Yup - we don't allow AOL email addresses to register for the online store at the company where I work.

What amazes me about spam is that it has to be working. Someone somewhere is going "Hmm - yes - I'll buy some of those shares / order medical products from a radom piece of email / order Office for $59 " - WHO..WHO is actually falling for this stuff. If it didn't work then they wouldn't still be sending it and stories of people make money from sending it wouldn't circulate the news.

DOu