how-to block ads
|
Comments on news posted 2003-07-24 14:33:08: MSNBC reports that according to a survey of some 1,200 Internet users conducted by ePrivacy Group "Three out of four Americans favor a 'Do not spam' registry". ..
| |
page: 1 · 2  |
footballdude
Premium
join:2002-08-13
Imperial, MO | Penalties
How about penalties for people that BUY from spam? Sort of like visiting with a prostitute. | |
RayW
Premium
join:2001-09-01
Layton, UT
clubs: | A politician passes laws
Does not have to make sense, as long as he/she/it passes another one.
--
I am not lost, I find myself every time. | |
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs: | Extreme
Well, I don't normally support capital punishment or castration but I'm willing ot make exceptions.
--
God I love being a turtle. - Michaelangelo »www.maxolasersquad.com | |
koitsu
Premium
join:2002-07-16
Mountain View, CA | What would you do for a Klondike bar?
Re: 'Do not spam' registry enforced by politicians.
--
Making life hard for others since 1977. | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| I'd Sign Up
But, the address that I'd register would be the one that I use for my DCC processes. As such a registered address, it should never receive any emails, SPAM or legitimate. If the address never receives any email for at least a year, then I might consider registering my real address.
-tom
--
You can be only -so- accurate with a sledgehammer. | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| I commend your combination of open-mindedness, and yet practical common sense, in that approach.
Of course, in taking that approach, I think you do understand the basic reality; More than likely, the names on that list will get hit worse than ever imagined possible (I dunno... one day, and 200 mails in my 'Spam' folder on my Yahoo.com address is pretty ugly!)
Personally, I like an idea that was touched on here in this article; Make the ultimate advertiser responsible for ads they contract for. Of course, we need to be mindful of the possibility that competitors or even just pranksters will 'spam' on 'behalf' of a company, just to cause them trouble... but where we can clearly track a company to having bought advertising from another company with a knowledge that 'spamming' would have been part of it...
Actualy, though, I don't think 'spam' can be tackled - AT ALL - without a substantive change in the whole e-mail system itself. | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by Marilla  :
Actualy, though, I don't think 'spam' can be tackled - AT ALL - without a substantive change in the whole e-mail system itself.
If all email was required to originate from authenticated sources and the authentication was made to require the use of third party authentication tokens, then maybe that could work.
However, paying Verisign (or whoever) to generate me an e-mail key every year is a pain in the ass. Worse, installing such keys into all of your tools is not as simple as just clicking on a certificate installer application. You have to go to each application that you want to authenticate with and install the certificate. Just kinda blows.
-tom
--
You can be only -so- accurate with a sledgehammer. | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| Yup.. that's why I said it really needs a basic change to the whole system. Our E-Mail protocols were designed for a 'wide open' communication system.. the people that did this weren't expecting things like Spam or e-mail-borne virii.
Of course, it may be too late to really 'tear apart' e-mail and start all over... but one possibility... instead of USERS having to concern themselves with certificates, perhaps ISP's could begin to put in place a system where SMTP/POP3 servers authenticate each other, and SMTP servers become required to perform SOME sort of authentication of their own users, or else they get 'kicked out' of the system, in some way.
This could stray into the same sort of 'black listing' system many people fall into now, but what I'm suggesting is an industry-standard method of determining what servers can or can not... bleh... the more I think about this, the bigger headache I get!
I'll just switch all my e-mail to a 'white list' system, with a 'challenge' mechanism for every possible recepient.
Ugh | |
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| reply to Marilla
said by Marilla :
Actualy, though, I don't think 'spam' can be tackled - AT ALL - without a substantive change in the whole e-mail system itself.
Agreed, as great as POP and SMTP have proven to be it's too easy to forge. On the other hand I think SPAM is as stopable as P2P. With P2P there's always a bigger nerd out there with too much spare time willing to right a better, harder to stop, program. With SPAM there's a big enough ass-hole with enough money willing to make a better, harder to stop, program.
--
God I love being a turtle. - Michaelangelo »www.maxolasersquad.com | |
thephantom
join:2001-04-24
Alamo, CA |  reply to footballdude
Re: Penalties
Hey!
There is no call to insult a hard working girl by bringing her down to the level of a spammer. | |
godsmack
join:2003-06-08 | I'll take what I can get.........
As far as I'm concerned, something is better then nothing.
Don't forget you have to start some where........ | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to Marilla
Re: I'd Sign Up
said by Marilla :
Of course, it may be too late to really 'tear apart' e-mail and start all over... but one possibility... instead of USERS having to concern themselves with certificates, perhaps ISP's could begin to put in place a system where SMTP/POP3 servers authenticate each other, and SMTP servers become required to perform SOME sort of authentication of their own users, or else they get 'kicked out' of the system, in some way.
Problem isn't really POP/IMAP authentication. Problem is pretty much with SMTP.
SMTP client authentication is fairly trivial to set up. Unfortunately, just because my SMTP server has authenticated the client, it doesn't really give any other SMTP server a reason to trust anything coming from my SMTP server. For this, you need to set up trust relationships.
Trust relationships are also fairly trivial to set up (however, depending on the method used, said trust relationships have to trade of scalability and management ease for security). Unfortunately, many people (myself included) don't like to pay hundreds of dollars of year to secure a server with a commercial SSL certificate. It's fairly likely that even fewer are going to want to spend that kind of money on securing a mail server.
That's why I was suggesting per-user. That way, I could always write my rules such that, if the originating user had authenticated with a certificate from a trusted authority, I wouldn't have to worry about whether I trusted any of the intervening mail hosts. Of course, SMTP would need to pass more than simply "Verify=OK" in the headers - it would need to include the verification certificate fingerprint, or something.
-tom
--
You can be only -so- accurate with a sledgehammer. | |
Unit649
I B U, Who U B?
Premium
join:2000-01-22
Stockton, CA
·Comcast
| Dual Costs
Since its not illegal for americans to have accounts in ISPs offshore, this will never work. The spammers will just get servers outside of the US, and more money will be leaving the US to services outside of it.
The spam won't go away, and at the same time, more jobs and money will go to companies outside of the US.
--
U ::::Founder, ForeverChat IRC Network:::: »www.foreverchat.net | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to nixen
Re: I'd Sign Up
I only mentioned POP3 servers because I don't believe any server, at all, that is involved in e-mail should accept any mail that is not 'approved', IF such a system were put in place... I do understand that POP3/IMAP really only deal with delivering the mail to the client.. but.. well, yes.. just remove 'POP3' from my list..
And I think it's much more realistic to expect SMTP servers to get certificates than to expect every single user on the Internet to do so. Doesn't it sound cheaper if an ISP only needs one cert per e-mail server, costing a couple hundred a year, as opposed to hundreds of millions of USERS having to get a certficate every year, costing whatever they will cost. Add to that the fact that the requirement to get a certificate to EVERYONE on the Internet would be a nightmare, in and of itself.
If such a plan caused a lot of 'small' e-mail servers to drop off the face of the planet.. including yours and mine... I'm perfectly happy. Hell, I got a server certificate for one of my websites that only has maybe 10 people using it... certainly, I would get it for my e-mail, OR I would let me ISP get it on their server and make sure they have me set to authenticate to it.
Actually, my home ISP already DOES require that I authenticate to their SMTP server. I'm sure they wouldn't be concerned about having to get a cert for the e-mail server, if it was being done globally, in order to prevent 'open relays' and other tools spammers can use.
After that, ISP's can more pro-actively observe traffic from their users... when users seem to be engaging in 'mass e-mailing', the ISP can look closer, and they'll HAVE A USERNAME it's connected to. IT would be up to the ISP themselves to be certain that it's not too easy to simply 'sniff' those usernames over the Internet... perhaps by being certain that SMTP logons don't go OVER the Internet itself, but stay on the ISP's local network.
Given the costs that ISP's claim are associated with handling spam, I think something like this COULD work... but it would really require a different setup than we have right now, I think... and it would take a while to get EVERYONE on it, so that it would be effective. | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to godsmack
Re: I'll take what I can get.........
Well, if this happens, I guarantee you'll get much more than you can take. hehe
(note here: I'm assuming you are talking about the no-spam list... if not, then ignore me!)
The thing to keep in mind here is that the 'no-spam list' is NOT a 'baby step' in the right direction; It's a Quantum Leap in the wrong direction. It's solving one of the spammers BIGGEST problems ever: Getting a nice, fresh list of active e-mail addresses, at lost cost (free!), and in an easy-to-use format.
And to top it ALL off... the names of people on it will tend not to be Highly Internet Savvy types... since a good percentage of us who are sick of spam also understand why it is a no-spam database won't work... so we're not going to sign up on it; Only people who don't entirely understand how it all works, will... and those people are the most likely to actually 'click through' on those ads, in the first place. | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to Unit649
Re: Dual Costs
This is why I believe that this issue really is NOT about laws. Schumer is, to me, exposing himself to be a politician who really doesn't care enough to know what he is talking about (or, to be fair, even getting a staffer to learn about it) but instead is just hopping on the bandwagon because it seems like the 'popular' thing to do.
The fact is, ultimately people will 'spam' from any country that allows it. Of course, linking the ads back to the company being advertised for COULD help, as long as we're careful to weed out the 'false positives' there; But a lot of this junk isn't legitimate products in the first place, so even THAT won't "fix" the issue, once and for all.
So that's why I think this issue must have a TECHNICAL solution, not a legislative one. Yes, I am aware that some 'hackers' will find a way around any such solution, but hackers have found ways to compromise secure websites, too... that doesn't mean that the vast majority of such sites are perfectly safe to use. | |
Unit649
I B U, Who U B?
Premium
join:2000-01-22
Stockton, CA
·Comcast
| Plus the simple fact is, if they ban one medium of spamming (email) they will move to another. Whats next, massive IM spamming (it happens but could be larger scale). Websites you can't visit till you click on the spam? The possibilities are endless!
--
U ::::Founder, ForeverChat IRC Network:::: »www.foreverchat.net | |
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| Well, the IM spam thing can be dealt with fairly easily: don't accept messages at all from people not on your list. If people did this, OR if the software set this setting by default, IM spam (which actually IS something of a problem) would dry up and blow away.
As for websites that do such things... that's easy, too; I'll simply never visit the site. Of course, I say that's easy for me... I visit very few sites as it is.. hehe | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to Marilla
Re: I'd Sign Up
said by Marilla :
And I think it's much more realistic to expect SMTP servers to get certificates than to expect every single user on the Internet to do so. Doesn't it sound cheaper if an ISP only needs one cert per e-mail server, costing a couple hundred a year, as opposed to hundreds of millions of USERS having to get a certficate every year, costing whatever they will cost.
Sounds cheaper, until you get to the point where you get charged for each and every email address you wish to use. Personally, I use a unique email address for every web site or internet service I sign up for. That way, if I ever receive SPAM at that address, I know who it was that sold my address. That way, I can cease doing business with said service and deadmail the tainted address.
said by Marilla :
Add to that the fact that the requirement to get a certificate to EVERYONE on the Internet would be a nightmare, in and of itself.
Err... but you're in agreement that everyone should have to authenticate? That everyone should be identifiable? Yet, you don't want to go the next logical step? Besides, personal certificates also mean that you can sign and encrypt your emails (thus upping the privacy of correspondence). It's also a bit more difficult to forge an authentication identity when personal certificates are used.
said by Marilla :
If such a plan caused a lot of 'small' e-mail servers to drop off the face of the planet.. including yours and mine... I'm perfectly happy.
Ah, one of the people who's perfectly happy to give up a little bit of personal freedom in exchange for a little bit of security, I see. Fan of the Patriot Act, too? At any rate, I won't bother to quote Ben Franklin. 
said by Marilla :
Hell, I got a server certificate for one of my websites that only has maybe 10 people using it...
Unless you're selling something off that website and are only doing it to provide an encrypted channel, you'd have been better served generating your own certificate.
said by Marilla :
After that, ISP's can more pro-actively observe traffic from their users... when users seem to be engaging in 'mass e-mailing',
Like running a listserv/majordomo, or even something as innocuous as telling everyone in their address book, "we just had a baby," or "I am getting shipped to the gulf," or "I'm moving," (etc.).
said by Marilla :
the ISP can look closer, and they'll HAVE A USERNAME it's connected to. IT would be up to the ISP themselves to be certain that it's not too easy to simply 'sniff' those usernames over the Internet... perhaps by being certain that SMTP logons don't go OVER the Internet itself, but stay on the ISP's local network.
So, having given up my ability to have function-oriented email addresses, I'm to also give up my ability to do SMTP transactions as myself, no matter where I am? I mean, what you're proposing means, if I am over at a friend's house who has a different ISP that has such a policy, I am not going to be able to send email (and no, craptacular Web/Mail gateways are not acceptable).
said by Marilla :
Given the costs that ISP's claim are associated with handling spam
And, as an ISP, they're already offloading that cost to the service users (cuz they sure as heck can't offload it to the SPAMmers). What do you think is going to be the real price difference for the end user if mail server choice is reduced?
Personally I think that everyone that cares about privacy, identity theft, etc., should be screaming for affordable and quickly/easily installed personal certificates. But, that's really a separate issue.
-tom
--
You can be only -so- accurate with a sledgehammer. | |
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| News just in...
... 3 out of 4 Americans have absolutely no clue how to effectively deal with spam!
A "Do Not Spam" registry would simply be the biggest, most convenient, gold mine for spammers who already operate their servers outside of U.S. boarders.
The only way to effectively deal with spammers is to cut them off at the money. Even though spamvertised sites are almost always in the Far East (Probably some Korean with his cheap 40 Mbit connection), there has to be a credit transfer from American financial institutions at some point. That point is where spammers are vulnerable.
Of course, it never hurts to close open relays or to report AUP violators (do ISP's really enforce those things as heavily as they should for their frame relay/T1+ customers?).
And for your personal enjoyment, instructions for creating a 100% spam-free account:
1. Create new email address composed of no less than 10 alphanumeric characters, and don't forget the numeric characters either.
2. Do NOT post your address to ANY publicly indexed website, including your own. If you must post your address, obfuscate it.
3. Do not give out your new address via any HTML FORM.
Brightmail, take a hint: Base64 encoding = spam. A large number of HTML comments of random characters = spam.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? | |
|
