Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Impoverish a Spammer Today

michael posted about 10 years ago | from the lose-money-fast dept.

Spam 343

esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"

cancel ×

343 comments

The problem is... (2, Interesting)

Kenja (541830) | about 10 years ago | (#9531086)

The problem is that I've seen no good way to stop non spammers from paying as well.

Re:The problem is... (5, Informative)

The0retical (307064) | about 10 years ago | (#9531140)

The FAQ says that there is a white list. I assume from reading it that it means that they do not have to pay.

Re:The problem is... (5, Interesting)

Kenja (541830) | about 10 years ago | (#9531215)

I dont consider a white list to be a "good" method. For one thing, most spam I get is claiming to be from a known source (ie someone who knows me has a worm and is spamming from their address book). So you cant just filter by sender. Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.

Re:The problem is... (0)

Anonymous Coward | about 10 years ago | (#9531475)

Sounds like a good opportunity to teach your friend how to use his computer.

Re:The problem is... (1)

ron_ivi (607351) | about 10 years ago | (#9531380)

I'd like the system to let me decide if I want to collect the payment after seeing the email.

For example, a check that I can choose whether or not to cash.

In such a "sender pays only if the recipient wants to collect", friends (and good pr0n) spam will be free to send me stuff, but other spam (msft updates) could make me money.

Re:The problem is... (4, Insightful)

kramer (19951) | about 10 years ago | (#9531157)

Yes, but the point of this is making to make it trivial to send 50 or so e-mails a day, while making it prohibitively expensive in computation costs to send 50 million emails a day.

If it takes 3 seconds per e-mail, the average user won't notice the addition, but the average spammer will have to spend 1700 hours computing stamps to send his 50 million emails.

Re:The problem is... (1)

kramer (19951) | about 10 years ago | (#9531193)

strike that -- that should be 1700 days not hours.

Re:The problem is... (3, Insightful)

afidel (530433) | about 10 years ago | (#9531200)

Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines. This might slow down the overall flow of spam some as the total computational time available is certainly less than the total bandwidth available if the computation function is tuned that way but it's not going to eliminate spam at all.

Re:The problem is... (5, Insightful)

the_mad_poster (640772) | about 10 years ago | (#9531288)

Ah, but the spammers aren't and won't pay for their servers. They will continue to hijack other peoples machines through worms and trojans and just eat up the CPU time of the zombie machines.

sender pays stamping is a decent solution to spam, but it's not any solution to stupid lusers.

The solution to the luser problem is:

  • Education for the naive luser.
  • Network quarantine for the lazy luser
  • Criminal (or civil) penalties for the malicious luser.

People need to stop objecting to spam solutions based on the existance of other problems. Sender pays stamping doesn't stop viruses and trojans because it's not supposed to, other systems like firewalls, patches, and anti virus tools are supposed to. Rather than complaining that spam solutions don't solve the malware problem, we ought to be educating people on how to use these things and working on improving them.

Re:The problem is... (4, Insightful)

loxosceles (580563) | about 10 years ago | (#9531466)

It doesn't matter whether spammers hijack others' machines or not. proof-of-work stamps will still reduce the amount of spam. Without PoW stamps, a spammer with the same number of machines will be able to send an order of magnitude more spam.

Proof of Work stamps don't magically give spammers a horde of zombie machines to spam with. They have those machines whether or not real people use stamps.

Re:The problem is... (0, Redundant)

Kenja (541830) | about 10 years ago | (#9531250)

It makes it prohibitively expensive to send ANY email from low power devices such as my PDA, cell phone and even my mail server (500mhz VIA C3).

Re:The problem is... (3, Interesting)

GigsVT (208848) | about 10 years ago | (#9531403)

And how many messages does the Linux Kernel Mailing List send per day?

You think large legitimate lists will count on everyone subscribing whitelisting the list correctly?

There is no problem here. (5, Informative)

Jim McCoy (3961) | about 10 years ago | (#9531197)

Why is this a problem? If what you are expected to pay depends on volume then it means that a non-spammer who only sends a few emails a day will have almost nothing to pay while a spammer will be unable to afford the work required to send thousands of emails. Since this is based upon proof of work and not an actual monetary amount, it will not be a cost that is difficult to bear.

Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."

Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.

Re:The problem is... (1)

iannn (600593) | about 10 years ago | (#9531494)

they could charge only if someone wants to send more than a certain number of emails in a certain time period.

When do I get a shock-the-spammer protcol? (5, Insightful)

gevmage (213603) | about 10 years ago | (#9531088)

An interesting concept. Stamping of the mail is computationally intensive, verifying it isn't. I think that it's impressive for something that's calling itself an 0.3 version.

This could really change the way e-mail is distributed.

Re:When do I get a shock-the-spammer protcol? (-1, Flamebait)

Anonymous Coward | about 10 years ago | (#9531154)

no it won't. You know why? Because too many people are going to say what I just did, "who the fuck wants to pay to send mail?"

I hate sending USPS mail because of that why should I pay just to stop getting the four spams I do a year?

Get a clue, don't give our your real email address to websites as a login, don't post it on websites (including your own), and don't let your idiot co-workers send you joke forwards and include your email in the open.

Just be smart and you won't get spam. Paying to send email is ridiculous. WHITE LISTS DO NOT WORK.

Re:When do I get a shock-the-spammer protcol? (2, Insightful)

Anonymous Coward | about 10 years ago | (#9531161)

Sorry, but this is bullshit.

I run a clean operation. Spam has never come from my server and I run a website for the fun of it with tens of thousands of registered members who expect their email notices to arrive and I don't make a dime and already pay a couple hudnred bucks a month for things. It is not fair that my web/mail server should be bogged down by heavy computation just to send an email when it's legitimate email to begin with. I don't want my web server to slow to a crawl every time email updates are sent out to users (which happens every few minutes).

These computational-expense and pay-per-message schemes are worthless and unfair to the individual enthusiast and small business person.

Re:When do I get a shock-the-spammer protcol? (0, Flamebait)

TheRealMindChild (743925) | about 10 years ago | (#9531307)

I call bullshit on you, sir. While I agree that these things are not the ultimate solution, crying that it is unfair is rediculous in itself.

If you don't want to perticipate, then don't. As time goes on, you evolve or die. You don't hear anyone bitching that the average webserver nowadays has to be like 500mhz AT LEAST, with multitude of ram, etc, when at some point inhistory, a 486DX was plenty sufficient for serving webpages. But the climate changed.

You get no tissues from me.

Re:When do I get a shock-the-spammer protcol? (1)

notsoclever (748131) | about 10 years ago | (#9531505)

I dunno, I've had several jobs where I had to keep a high-demand site running on the processor equivalent of a 486/66 or thereabouts. (Legacy systems at a university which had icky, proprietary nonportable binary formats, for example.)

simple (4, Informative)

TamMan2000 (578899) | about 10 years ago | (#9531400)

Require your users to whitelist your address, and then don't stamp your messages.

Boo hoo (-1, Flamebait)

Jim McCoy (3961) | about 10 years ago | (#9531460)

My heart bleeds for you. Oh woe! You want to send your users with messages that you think are legitimate (something they may disagree with) but do not want to be bothered with the inconvenience of putting up with your users asking you to participate in a spam rate-limiting mechanism or ask them to add you to their whitelist.

If the "individual enthusiast and small business person" is too lazy or ignorant to deal with this then maybe this is how we will revoke your license to drive on the information superhighway...

Re:When do I get a shock-the-spammer protcol? (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#9531487)

Too bad; you are now the proverbial egg in the omelette. Fry and die!

OR, tell the spammers what you really thought of their poetry!

Re:When do I get a shock-the-spammer protcol? (1)

mknewman (557587) | about 10 years ago | (#9531488)

Just get another server, you can get a P4 2.8 for like $200 nowadays. Move your mail off your web server, and let mail run at it's own pace.

Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#9531100)

I'm trying to find confirmation, does anyone know the facts?

Two Words (-1, Offtopic)

lorcha (464930) | about 10 years ago | (#9531104)

Mailing Lists.

Re:Two Words (5, Informative)

skiflyer (716312) | about 10 years ago | (#9531138)

RTFA, it handles mailing lists fine. You whitelist the sender and then they don't need to stamp the mail.

The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.

I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.

Re:Two Words (1)

king-manic (409855) | about 10 years ago | (#9531232)

IT doesn't require mass adoption, only mass whitelisting.... and the ability to ignore a lost of false positives.

Re:Two Words (5, Informative)

Anonymous Coward | about 10 years ago | (#9531308)

RTFA, it handles mailing lists fine.

I'm reading TFA [camram.org] and it states quite clearly "Mailing lists don't really have a good solution"

Re:Two Words (2, Insightful)

shadowkoder (707230) | about 10 years ago | (#9531417)

What happens when a virus propagates that white lists the spammers? While every technology that rises for this problem will have some kind of solution, they will also have some kind of weakness.

Though, my hats off to whoever makes a overall good solution.

Because we know.... (-1, Troll)

Anonymous Coward | about 10 years ago | (#9531111)

"why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"

Because we know that CmdTaco needs all the viagra he can get!

What happens... (4, Insightful)

BaltoAaron (242546) | about 10 years ago | (#9531116)

What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.

Re:What happens... (1, Insightful)

trentblase (717954) | about 10 years ago | (#9531177)

Then you're just as fucked as when your box is highjacked and some haxor steals your cc# and goes on a spending spree.

Re:What happens... (2, Insightful)

king-manic (409855) | about 10 years ago | (#9531202)

What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.

You would then notice instantanously, as your mouse woudl be moving 1px/minute.

Re:What happens... (1)

RandoMBU (740204) | about 10 years ago | (#9531305)

Don't you see... That's perfect! Nothing in the world would force joe stupid to pay attention to his computer security more than a $10,000 bill for spam originating from his box. It might even make him switch to a better operating system. :)

I doubt it... (1)

TamMan2000 (578899) | about 10 years ago | (#9531345)

What happens when your box has just been highjacked by the latest MS exploit and used as a Spam server/relay.

You would then notice instantanously, as your mouse woudl be moving 1px/minute.

those spammers are a clever bunch...

they would just throttle their cpu usage, or suspend their process when there is a user at the machine

Re:What happens... (1)

macklin01 (760841) | about 10 years ago | (#9531207)

That was my fist question, too.

My thought is, if the hijacked machine is chocking on all these calculations, at least they'll notice that there's something wrong with their machines. (Which would be an advance in and of itself.)

Re:What happens... (4, Informative)

Dark Paladin (116525) | about 10 years ago | (#9531237)

According to the FAQ, the calculations are that even with the number of "zombie" machines out there, there still isn't enough processing power to generate all of the necessary "stamps" - or at least it's enough to reduce the time.

If nothing else, at least it's something, right?

Re:What happens... (4, Interesting)

Jim McCoy (3961) | about 10 years ago | (#9531274)

Others have mentioned that this will make it easier for the user to notice that their PC has been hijacked, but another side-effect is that it will perform a rate-limiting service on that zombie. If each zombie can only send 100 messages an hour instead of 100,000 then that is another important benefit.

Re:What happens... (1)

Kenja (541830) | about 10 years ago | (#9531432)

No, the user will say "my computer is getting slow. Must be time to buy a new computer" same as they do now.

Re:What happens... (1)

Jim McCoy (3961) | about 10 years ago | (#9531500)

While some users can be inconceivably stupid, I somehow doubt that the vast majority of them are going to not notice that over the past day their computer suddenly slowed down. Another option (sure to please the crowd around here and get this modded up :) is that the user might say "hmmm... windows just gets slow after you use it for a couple of months, maybe I should try linux" and the zombie problem is solved through an alternate solution...

They claim... (4, Insightful)

TamMan2000 (578899) | about 10 years ago | (#9531276)

On their site they address zombie machines. They claim that users of zombies would be more likely to notice the infection if it sucked up all their CPU and made their systems run hot...

I somehow doubt that.

But what I can't disagree with, is that getting the same amount of spam sent as they currently are, would take many (orders of magnitude) more zombies. They claim on their site that if you maxed out every known zombie you couldn't generate stamps fast enought to send spam at the current rates.

This could be a step in the right direction, but I am worried about many issues for a sender pays system.

Re:What happens... (1)

Dasher42 (514179) | about 10 years ago | (#9531449)

What if, instead of billing automatically and sending, the mail was held until payment was received?

With a hybrid of whitelists of free senders and pay-to-email, that might actually work.

One Idea (5, Insightful)

th1ckasabr1ck (752151) | about 10 years ago | (#9531117)

One thing they should look towards doing is maybe circumventing the payment if you are sending to someone else in the same domain. Then businesses wouldn't have to pay for all internal e-mail.

Or maybe businesses should find a new way to communicate internally?

Re:One Idea (1)

marnargulus (776948) | about 10 years ago | (#9531272)

I see businesses migrating to an instant messenger service in the future. Email's are meant to be kept short, just like instant messages, and many businesses require anything longer than an instant message will be routed through hard copy. I think that as soon as enterprise instant messaging (company hosts the server and controls through-put) becomes available in a solution that works, most companies will migrate to that.

Re:One Idea (1)

Sargondai (25502) | about 10 years ago | (#9531279)

Well, there goes any benefit of this service to hotmail users. :)

Re:One Idea (1)

ron_ivi (607351) | about 10 years ago | (#9531420)

Surely business could set up their email servers to accept internal mails without stamping them.

Impoverished or not (5, Funny)

darth_MALL (657218) | about 10 years ago | (#9531118)

they should be able to survive just fine according to the SPAM nutrition fact sheet [nutritiondata.com]

Re:Impoverished or not (1)

awhelan (781773) | about 10 years ago | (#9531371)

No wonder spam is getting even more out of control. At only 4 carbs it's Atkin's friendly.

Hobbiests (1, Interesting)

Anonymous Coward | about 10 years ago | (#9531122)

So how will this effect hobbiest/enthusiest webmasters like myself who own and run our own web and mail servers and send out thousands of emails per day to users who are subscribed to our site and need to get these emails (they're updates about transactions they're involved in -- NOT spam). Messages that, when they aren't delivered for some reason, the recipients get upset and ask what is wrong -- that's how important the email is for us.

So how will this affect us? I make no money off of my site and I can't afford to spend any money sending email (on top of the costs of my site already). Even 1/100th of a cent would be difficult for me to spend (that would be an additional 10% to my monthly expenses which already come out of my own pocket!).

For the average home user who sends a dozen emails a week, this won't matter. At 1/100th of a penny, they'd only pay a couple bucks a year - but for someone like me who is volunteering to run a service for people but does not, has not and enver will spam - it is unfair to expect me to pay out 10,20 or 30 bucks a month or more. Especially when all that would be necessary is for the SMTP protocol itself to be retooled to be more secure in the first place.

Re:Hobbiests (1)

slimak (593319) | about 10 years ago | (#9531203)

They mention in the article "white lists" of senders that are not charged. In addition, the cost is only processing time to "stamp" the message not actual money. So, if it takes 1-second to stamp a message then it would "cost" you 17 mins of processing to send 1000 messages. Not too bad if you ask me.

Re:Hobbiests (2, Informative)

lpret (570480) | about 10 years ago | (#9531228)

As long as people whitelist you there's no cost to you. You're fine.

Re:Hobbiests (5, Informative)

Jim McCoy (3961) | about 10 years ago | (#9531239)

You will have to change your signup mechanism to notify the user that they have to add you to the whitelist, and you will need to change the list admin email to first send a message to a user reminding them of this fact and only after they reply to this standard response to all complaints message will the message filter up to your mailbox. This is a couple of hours of coding for anyone maintaining a mailing list package.

READ THE PROPOSAL FIRST PLEASE!

This is not asking you to spend money, it is asking you to perform a proof of work. This is hashcash, not real money.

Re:Hobbiests (1)

Deliveranc3 (629997) | about 10 years ago | (#9531351)

Here's an idea why don't we send the money TO each other? Sending it to a company seems a rather silly thing to do and if we send it to one another all we need is a bank account number to tie it to. Hmmmm, #3 profit.

Re:Hobbiests (2, Informative)

jrutley (723005) | about 10 years ago | (#9531451)

It isn't talking about money at all -- only computation. The only extra money you would spend is on your electric bill since your CPU load will be higher. Besides, you wouldn't need to stamp since you're on their whitelist. ;)

Re:Hobbiests (1)

tmhsiao (47750) | about 10 years ago | (#9531452)

Lately, I've come to think that website updates would be better served when presented as RSS/Atom feeds. Granted some sensitive information would still require e-mail.

E-postage is not the answer... (-1)

Shoeler (180797) | about 10 years ago | (#9531130)

But I don't know what the answer IS. Sure - it seems cool, but there were days in college where I couldn't afford a stupid stamp, and especially wouldn't have paid a price for each e-mail I sent. It really seems like it's a purely revenue-generating scheme masquerading as a spam answer.

Re:E-postage is not the answer... (3, Informative)

skiflyer (716312) | about 10 years ago | (#9531199)

I agree, but this project isn't exactly e-postage... it's more like E-e-postage... you pay in computational cycles, not dollars (or pounds or lira or whatever you trade in your part of the world).

So as long as you're not sending out several thousand messages to new and different recepients on a daily basis, you needn't really worry.

Re:E-postage is not the answer... (0, Redundant)

Shoeler (180797) | about 10 years ago | (#9531235)

Ok - so I run a web forum as a hobby. I get some donations from members that help pay for it but mostly I foot the bill. Occasionally, I like to e-mail all of my subscribers about a cool event or cool new happening - so now I have to pay some amount that, even a fraction of a penny, would amount to almost a month of hosting charges.

For companies with web presences it makes sense. Even if you use the idea that your ISP would pay a lot of the charge, we all know most ISPs will gladly hike fees in response to it.

Re:E-postage is not the answer... (0)

Anonymous Coward | about 10 years ago | (#9531379)

RTFA

RTFA

RTFA

RTFA

RTFA

you dont pay money, you pay cpu time. This wouldn't be an issue to you. It wont stop spam, but it wont inconvience you either.

Re:E-postage is not the answer... (1)

Westley (99238) | about 10 years ago | (#9531389)

No, you don't have to pay, because they go on your white list - either implicitly due to you generating a stamp once, or explicitly because you tell them to add your server to their white list.

It would help if you read the FAQ, btw, which addresses this in more detail.

Proof of work for complete idiots (4, Insightful)

Jim McCoy (3961) | about 10 years ago | (#9531413)

Did you even read the proposal? I ask because both your original post and your response the the first reply iindicate that you still have no idea how this works, even after someone has been kind enough to save you from your own laziness and point out this proposal is not talking about a montary transation.

So, for your benefit, here is the "proof of work for complete idiots" version:

-You send your spam. Each recipient asks you to perform a proof of work, a mathematical problem that requires some CPU cycles.
-Your CPU starts chugging away at the requests and eventually performs all of the required proof of work.
-Your system responds to the proof of work request and the message is delivered.
-Your spam to your users is delivered, but not instantly because several hours of CPU work were required.
-Cost to you: nothing except a bit of electricity to keep your CPU chugging.

Re:E-postage is not the answer... (1)

hoggoth (414195) | about 10 years ago | (#9531428)

>> this project isn't exactly e-postage... it's more like E-e-postage... you pay in computational cycles, not dollars
> now I have to pay some amount that, even a fraction of a penny, would amount to almost a month of hosting charges

Did you even bother to read the post you are replying to?!

Re:E-postage is not the answer... (0)

GamerGeek (179002) | about 10 years ago | (#9531462)

I agree. It is evident by the shear volume of REAL junk mail I receive that charging for email will not help. US bulk postage is cheap, not 1/100th of a cent, but still many companies make money off sending real junk mail that, um actually costs money to print. This is not the answer.

30% Larger! (5, Funny)

Anonymous Coward | about 10 years ago | (#9531136)

why replace Viagra ads from a scam artist with Viagra ads from Pfizer?

Because I only trust my penis to professionals.

Re:30% Larger! (1)

Savatte (111615) | about 10 years ago | (#9531337)

Same here. That's why I have my hooker invoice me.

Re:30% Larger! (4, Funny)

RAMMS+EIN (578166) | about 10 years ago | (#9531499)

``Because I only trust my penis to professionals.''

Meaning you only put it in people who charge for it? :p

The California law is a sender pay system (4, Insightful)

www.sorehands.com (142825) | about 10 years ago | (#9531147)

Under the California law, if you send spam, you can be sued for $1000 per spam. That is a spam sender pay system, if I have ever seen one.

It is just bush and the other idiots who signed the federal law, killed it and made it a recipient suffers system.

Sure, but try collecting! (1)

unfortunateson (527551) | about 10 years ago | (#9531454)

Nice to be able to file suit, but what about
  • Sender is out of the country
  • Sender is a zombie with fake credentials
  • Sender is a zombie sending a virus, not advertising anything
Sorry, charlie, but much of the spam will be impossible to prosecute.

Re:The California law is a sender pay system (1)

wayward (770747) | about 10 years ago | (#9531483)

Practically speaking, what are the odds of a spam recipient bothering to sue? It sounds like a great idea, but it likely entails spending money for a lawyer and also putting a lot of time and energy into the lawsuit. There's also the matter of actually catching the spammer (as opposed to a bunch of zombie machines). I think it it were actually possible to track down a spammer, a class action lawsuit might be the best way to go.

a Joke! (-1, Flamebait)

ch-chuck (9622) | about 10 years ago | (#9531158)

How do you know when a blonde has been using your computer to send email?

All the stamps pasted to the monitor.

Re:a Joke! (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#9531342)

Apparently one of the mods is a blonde...

Sell "postage" in distributed computing -- (0)

Anonymous Coward | about 10 years ago | (#9531166)

One hundred emails for every Seti@Home work unit, for example.

Or you can simply store the body of a message on the sender's server until requested by the recipient. The person receiving the email could download it on demand just like they can a webpage, and the sender would have to set aside enough storage for all outgoing mail and give a valid return address in order for you to receive it.

Re:Sell "postage" in distributed computing -- (1)

Seth Finklestein (582901) | about 10 years ago | (#9531211)

My mother sends thousands of e-mails on behalf of her charitable organization, the Foundation Against MS. (And no, "MS" doesn't stand for Microsoft. It stands for Michael Sims.)

I set her up with one of my old boxen, a Pentium 166 running Gentoo. Are you saying that just because her box can't crunch SETI work units, she can't help to stop MS?

Sincerely,
Seth Finklestein
President and Chief Officer
Foundation Against MS

I will save you one step... (5, Informative)

TuringTest (533084) | about 10 years ago | (#9531170)

They have a page with Frequently Raised Objections [camram.org] . Now I've made redundant 40% of the remaining posts to this article.

my objection (1)

WormholeFiend (674934) | about 10 years ago | (#9531365)

is that this scheme does not allow us to send spammers to Abu Graib.

Re:my objection (0)

Anonymous Coward | about 10 years ago | (#9531465)

Uh, that's Abu Garef, Abu Garon, Abu Garayb.

Except these days, it's not the spammer.... (1, Insightful)

foxtrot (14140) | about 10 years ago | (#9531195)

who is sending the spam. It's the million zillion drones he's gotten infected with the latest Windows virus.

So making a cost for sending spam doesn't help computationally or otherwise, because he's not even sending the spam anymore.

-JDF

RTF-FRO ! (4, Informative)

LordPixie (780943) | about 10 years ago | (#9531366)

Ripped right from their website's Frequently Raised Objections [camram.org] :

If anybody can generate a stamp, what is to stop a spammer from generating stamps?
Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases.
"

And....

The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
[all emphasis theirs]


It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?


--LordPixie

Re:Except these days, it's not the spammer.... (1)

T-Keith (782767) | about 10 years ago | (#9531370)

True, but maybe then maybe people will stop using software that allows your computer to be highjacked. Then perhaps, the software company will be forced to fix their software.

Re:Except these days, it's not the spammer.... (1)

jrutley (723005) | about 10 years ago | (#9531495)

Well... the rate of spam would be drastically reduced since the zombies would have to spend lots of computational time calculating hashcash, or the spam is shunted immediately to the disposal section.

Most of your questions are raised here... (2, Informative)

Anonymous Coward | about 10 years ago | (#9531217)

Camram FRO (Frequently Raised Objections)

A system such as sender-pays, which proposes a radical change in the email environment, inevitably generates objections. This is positive because it helps identify the strengths and weaknesses of the system. However, once objections have been worked through and the developers have answered the same questions approximately 10^20 times, a listing of Frequently Raised Objections is appropriate.

Isn't universal adoption necessary for a sender-pays system?

For a classic sender-pays system, the answer is yes--any system requiring universal adoption is a non-starter.

Because of this problem, the Camram project (and probably others) expanded the classic sender-pays model to a hybrid sender-pays model. One of the many strong features of the hybrid model for sender-pays is that it solves the problem of universal adoption. This new model provides anti-spam benefits to the very first user, and the benefits increase as you add users. Hybrid sender-pays lets you incrementally introduce an anti-spam device that will take a serious chunk out of the economic foundations of spam.

What kind of attacks are possible against a hybrid sender-pays system?

There are four known attacks on this system. Two of them attack the sender-pays system, one attacks the friend filter (i.e. the white list), and the last attacks the content filter. Content filter attacks are nothing new; we are in the middle of one right now where spammers are trying to bypass Bayesian filters. As the number of stamps increase, the "harshness" of the content filter can increase and eventually the need for content-filtering can go away.

The friend-filter attack comes from the implementation of white lists by name. If you know the content of the white list, then a simple forgery will let you bypass the filters. The trick of course is determining the content of the white list. One longer-term solution is to move to white listing by public key. Unfortunately, as long as there are folks not using the system, there will always be a need for white-listing by name.

Attacks on the sender-pays system involve trying to generate stamps faster. The first is the classic hardware accelerator. The best estimate we have for today is a 500 times speed up over software. There are both hardware and software responses to this attack but both responses effectively devalue the stamp or the means of production, which in turn restores the economic balance. The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.

How do you deal with large-scale legitimate mail sources (i.e. mailing lists, mail houses, etc.)?

There are two issues here. Mailing lists don't really have a good solution with the first generation of stamps. The traffic mailing lists generate is fundamentally indistinguishable from spammers, therefore whatever hurts spammers will hurt mailing lists. The answer for right now is to not do anything with mailing lists. Let them send unstamped mail and let the user whitelist mailing lists or deal with the trapped message issue manually.

In the future, it will become easier to deal with mailing lists because of the second generation of stamps (opportunistic signatures). If the list is signed with its own stamps, then it would be let through without problem. Spammers would still be barred because their signatures would be ignored.

The second issue is that mailing houses that deliver bulk e-mail for legitimate commercial ventures will need to generate stamps for some of their traffic. If they are sending newsletters to which users have subscribed, then the signature stamps method will work for them. Everything else is advertising mail and should be stamped. A circumstance in the future can be envisaged where mass mailers will try to cheat and use signature stamps for mailing lists to deliver commercial e-mail. Obviously there should be some method of responding, but that is not yet apparent.

In the meantime, these houses will need to generate stamps. While most of their server resources will be maxed out, they'll have idle resources on the desktop. A technique is being developed that allows a company to make use of its idle resources to generate stamps for its outbound mail. It will be up to each organization to determine what machines it wants to use and how high it wants to load them. If it's bulk e-mail with no particular need to deliver immediately, then a small number of heavily loaded machines should be sufficient. If it's urgent corporate mail, then they will want to have more machine resources than are needed for stamps.

If you have to generate stamps for every user and every message, won't this slow down e-mail?

If you did generate a stamp for every user on every message, yes it would. Fortunately, we take a more usable approach. You only generate a stamp the first time you send e-mail to someone. The process of stamping and mailing also seeds the white list on the assumption that if you send e-mail to someone, you want to get e-mail back from them. Therefore, the load for stamp generation drops if you are sending e-mail to the same set of people on a regular basis; this can frequently be handled on an ordinary mail server. On the other hand, if you're sending e-mail to new people every time (i.e. you're a spammer or commercial advertiser) then you need to generate a stamp. Remember: strangers cost, friends fly free.

What about Moore's law inflation? As systems get faster, won't proof of work stamps consume less time?

This is one of the weaknesses of a CPU-based proof-of-work system for postage. The answer is to build a postage system which automatically increases based on a few factors such as local time to generate stamps and what your peers (i.e. the people you e-mail on a regular basis) are using for postage. Peer postage rates are probably the most important factor for knowing whether or not to increase your own postage. This is handled simply by sticking your current postage rates either inside the stamp or in a header in the mail message. If you get enough peers with postage that is higher than yours, it is time to raise your own rates.

If anybody can generate a stamp, what is to stop a spammer from generating stamps?

Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases.

What about slow computers (0)

Anonymous Coward | about 10 years ago | (#9531226)

Will I have to wait an hour to send an email on my Via 500 MHz mini-ITX machine???

Re:What about slow computers (0)

Anonymous Coward | about 10 years ago | (#9531306)

Don't you anyway? :-P

ok... I need to know if this will work or not (4, Funny)

strictnein (318940) | about 10 years ago | (#9531227)

where is that big form listing why it will not?

Hahahah, I love it ! (4, Funny)

LordPixie (780943) | about 10 years ago | (#9531251)

From Camran's FRO [camram.org]

One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue.

You just have to love a product that has the potential to toast a clueless luser's computer. I would be more than happy to shell out good money for software that has "Makes PC's burst into flames" listed as one of the features. And this stuff is Free !


--LordPixie

T+a3o (-1, Redundant)

Anonymous Coward | about 10 years ago | (#9531262)

One common goa&l - [slashdot.org],

Yes! (1)

firstadopter.com (745257) | about 10 years ago | (#9531275)

We need a more fool proof system than this to make spammers PAY for the distraction and wasted time they inflict on us all. Die die die!

Hey Clueless !! (0, Funny)

Anonymous Coward | about 10 years ago | (#9531287)

Your post advocates a

(x) technical
( ) legislative
(x) market-based
( ) vigilante

approach to fighting spam.
Your idea will not work.
Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Hey Clueless !! (0)

Anonymous Coward | about 10 years ago | (#9531355)

Sheesh. Free time, much? Get back to work!

Re:Hey Clueless !! (0)

Anonymous Coward | about 10 years ago | (#9531489)

I think you meant:

( ) Blacklists suck
(X) Whitelists suck

Since the scheme depends on keeping whitelists for people you have already approved. Other than that, dead on.

Standard Stamps (3, Interesting)

Roger_Wilco (138600) | about 10 years ago | (#9531330)

It seems to me that one should need only one stamp generator. I receive a payment request containing a message encrypted with a short private key, and as "postage" I need to decrypt the message and return it. As computers get faster, the key length used to encrypt the message gets longer. The receiver can thus decide how much postage is required.

This way the stamp generator doesn't need to have any secret component, and could be written in any language. It could be part of the mail client.

Read the website! (4, Informative)

jschottm (317343) | about 10 years ago | (#9531360)

This is a calculation based stamp, not anything financial. It's not going to cost anything. It allows for white-listing on a per user basis that exempts senders from the stamp requirement. Therefore, if you wanted to get on a mailing list, you'd add them to your white-list. Yes, it's an extra step, but what's one extra step when you sign onto a mailing list compared to having to dig through hundreds of spam messages a day?

Have some (slightly out of date) documentation:
One section [billerica.ma.us]
Another section [billerica.ma.us]

Stupid way to get a handle on a problem. (1)

cyberlotnet (182742) | about 10 years ago | (#9531363)

Someone is doing something illegal lets charge them for doing it..

And in next weeks news you can kill someone and get away with it by paying enough money..

Oh crap I forgot that already happens in this country anyways so these anti spam ideas are right along our lines of justice.

Give me a break, We have some of the most lax punishments in the world for some crimes and insane punishments for others ( You can go to jail for killing someone and get out in 10 years, Get caught with some dope and you can go to jail for 10 years and come out homeless and bankrupt because the goverment took everything you own claiming it came from drug profits. )

What we need is a reform of our justice system and laws that work and have enough weight behind them to enforce.

Its a fact that while 80% of the spam come from servers outside of the US or hacked boxes, a majority of the spams advertise real world of which most are produced or the money handled by us companys. There are to many spammers out there to stop them all, Our better tactic would be to cut off the flow of money to those spammers..

Example in point, We put more hurt in the war on terror by seizing funds both here and overseas then we have done with all fighting combined. You can't bomb a building if you have no money to buy the materials needed to make that bomb.

Re:Stupid way to get a handle on a problem. (1)

cyberlotnet (182742) | about 10 years ago | (#9531386)

Oh my lord, I really should use the preview button, And try to avoid posting when tired, excuse me for my horrible grammer.

postage does not work (1, Informative)

danmart (660791) | about 10 years ago | (#9531419)

This is microsoft's dream come true, but it does not work.

Look at your mail box. All that junk mail was paid with postage. It does nothing to deter them from continually bombarding you with the junk mail.

The only think it does is hurt the little guy. Big advertisers will always pay the price to spam you with junk mail and junk email.

This will just mean the little spammers will be replaced with big spammers. And the company controlling the postage meter will get quite rich. And your email will still contain just as much spam. Only it will be called targeted marketing material that you are interested.

Credit Card companies (1, Interesting)

IamGarageGuy 2 (687655) | about 10 years ago | (#9531437)

The only ones that can stop spam in its' tracks are the credit card companies. You have to make a purchase with a card. Have the credit card companies stop any payments to known spammers - problem solved. This is the bottom line - stop the flow of cash - stop the problem. Is there any reason this cannot be done? Why is this never mentioned. The companies that facilitate spam can stop it today.

Could be a useful example of a token-based system (2, Interesting)

argent (18001) | about 10 years ago | (#9531455)

Like whitelists and keywords, this is a special case of a token-based system. Token-based systems depend on the sender performing some action that is, at the time they send it, sufficiently hard to predict, unusual, or onerous for a spammer to bother with it.

For example, I have certain addresses that bypass my spam filter either partially or completely, and I have set up a scheme for my kids whereby a sender has to know a "magic word" to get in. Whitelists, of course, make the sender address the token.

Right now, these are good enough.

Spammers are beginning to respond to whitelists, though, and trying to guess sender names. It's only a matter of time before they start using the address books in their zombies to build up lists of probable whitelists, and start sending spam using pairs of addresses from the same address book the way viruses already are.

Sender pays whom? (0)

Anonymous Coward | about 10 years ago | (#9531474)

Any sender-pays system is dis-enfranchising and will ultimately be used to restrict access. Also, the model says that if you, as the sender, pay to send me email, I as the receiver don't have a choice in the matter. It assumes I want to receive you're email.

I already pay to send email and pay to receive it. More payment is not the solution.

The problem is that you need it on.... (1)

jj_johny (626460) | about 10 years ago | (#9531486)

Gosh this is a great idea for .... oh, geeks, but unless the vast majority of ISPs, corporations and users implement THIS system, it is a programming exercise. So when you implement this - your friends get through, the random junk gets dropped and anybody that is new to you gets a very anti-social message about not accepting your mail till you do something wierd. So these folks answer to anti-social behavior on the part of spammers is to be anti-social themselves.

Thanks, nothing says screw off and leave me alone but random automated demands sent from your server.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...