Slashdot Log In
Selling Your Attention to Spammers
Posted by
timothy
on Tue May 17, 2005 03:14 PM
from the sounds-fair-to-me dept.
from the sounds-fair-to-me dept.
Dotnaught writes "Can the free market stop spam where technology has failed? As described in InformationWeek, Professor Marshall Van Alstyne of Boston University School of Management has co-authored a soon-to-be-published paper that proposes an "attention bond" -- money put up by email senders that recipients collect only if they consider the message a waste of time. Supposedly, this market-based filter performs better than a perfect technology-based solution, with no false positives or negatives. A company called Vanquish already has a working model. Is selling one's attention the answer to spam?"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Automated Spam Response (Score:4, Funny)
(*) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:Automated Spam Response (Score:5, Informative)
Your post advocates a
( ) technical ( ) legislative (*) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(*) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
( ) Jurisdictional problems
(*) Unpopularity of weird new taxes
(*) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(*) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(*) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(*) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Parent
Re:Automated Spam Response (Score:3, Funny)
Re:Automated Spam Response (Score:3, Insightful)
Either way has anyone noticed that this list seems to have changed over the years. I swear it has, I'll have to go find some achieves of old versions.
Re:Automated Spam Response (Score:4, Interesting)
"Mailing lists and other legitimate email uses would be affected"
Under this plan, I could just subscribe to a bunch of mailing lists and get paid (by mailing list admin) for declaring the emails as spam.
Parent
RTFA - You're incorrect too. Here's why (Score:4, Insightful)
() Lack of centrally controlling authority for email
-- it doesn't appear to use this - it appears to be recipient's-end charging, which can be deployed in a decentralized manner
() Open relays in foreign countries
-- those don't matter here - if they sender doesn't pay, the recipient doesn't read it, and relays only make it harder to pay.
(*) Mailing lists and other legitimate email uses would be affected
-- you correctly marked "whitelists suck", which is part of why it's hard to implement this one correctly.
(*) Users of email will not put up with it
-- this is the big problem with TMDA, hashcash, and many similar systems
(*) Many email users cannot afford to lose business or alienate potential employers
-- you missed this one too. See previous.
() Requires too much cooperation from spammers
-- not a problem. This one requires cooperation from non-spammers.
() Unpopularity of weird new taxes
-- unless I grossly misread the article, this doesn't apply here - the sender pays the recipient or recipient's ISP, not some third party.
(*) Public reluctance to accept weird new forms of money
-- Yup. Either you need weird new money or old-fashioned real money, and the latter is usually too expensive per transaction.
(??) Armies of worm riddled broadband-connected Windows boxes
-- Maybe. If enough people start using this, and there's a convenient mail-sender interface so senders don't need to pay attention very often, then worms will start to abuse it. Otherwise they won't care, and the five people who still use it will have whitelisted each other.
() Dishonesty on the part of spammers themselves
-- Doesn't hurt the recipient, who sets the price high enough that he's willing to read an occasional Nigerian Herbal Fake Vi***a ad and keep their $5 just to annoy them. This proposal suffers from dishonest recipients, who convince legitimate that they should be willing to pay the money to get the recipient's attention. It's a serious enough problem that it can even lead to "Make Money Fast By Reading Email At Home" spammers inviting you to become a recipient
() Why should we have to trust you and your servers?
-- Because you want me to read your mail. Don't care? Don't send money, and I'll ignore you. If I'm a sufficiently interesting public figure, like Rush Limbaugh or Daily Kos or the Editor of the New York Times or Britney Spears, maybe you'll pay to get my attention. Alternatively, maybe the fact that I'm charging for my attention will make you think I'm some over-inflated ego who's not worth the effort, and my 15 minutes of fame will time out faster.
(*) Sorry dude, but I don't think it would work.
-- My conclusions's a bit more positive than yours
Parent
Re:Automated Spam Response (Score:3, Insightful)
Re:Automated Spam Response (Score:3, Informative)
From the article:
Imposing a cost on spammers isn't exactly unheard of. Return Path Inc. uses financial bonds to improve message delivery and deter spamming. The difference is where the money goes. If a parti
Re:Automated Spam Response (Score:5, Funny)
So it performs better than perfect? How does that work?
Parent
Re:Automated Spam Response (Score:4, Funny)
Parent
Re:Automated Spam Response (Score:5, Funny)
Parent
Re:Automated Spam Response (Score:3, Informative)
How is this a solution again? (Score:4, Insightful)
I must be missing something...it seems like the same tactics spammers use to evade law enforcement today could be used to evade the imposition of this "attention bond mechanism".
Re:How is this a solution again? (Score:3, Insightful)
To answer your question, the reason spammers can't hide from this is that they have to pay money to send messages via this mechanism.
In the limit case, you can choose to receive messages ONLY from people who send mail this way. Even your friends would pay money to send you email, but since you'd mark all of their messages as "worthwhile" it wouldn't cost them anything.
You'd get no spam, but you'd los
Re:How is this a solution again? (Score:3, Informative)
Old news... (Score:3, Funny)
money put up by email senders that recipients collect only if they consider the message a waste of time
I get that already, it's called "my salary".
Can they really afford my time? (Score:5, Interesting)
They can afford me! (Score:3, Funny)
Re:A rhetorical question (Score:4, Funny)
I bill four digits an hour while reading Slashdot.
Unfortunately, there's a decimal point involved....
^_^
Parent
Ironically, Bill Gates proposed this very scheme.. (Score:4, Informative)
Walt
Parent
It comes from way before Gates. (Score:3, Interesting)
Sounds dumb (Score:3, Interesting)
The one big problem... (Score:3, Insightful)
The other thing that can happend is that it is so hard to cash out this money, that noone will bother, since it'll be likely to take twice the time of hitting delete, or the sum has to be big enough to be worth the hassle ($1?) which agains brings us to the first point, people will cash out on every email.
Human Greed... (Score:3, Insightful)
Yet another misguided solution (Score:5, Insightful)
It's similar to the argument that gun rights advocates make - stricter gun control laws or programs will hurt legitimate owners, but the real problems will still lie with the criminals who don't abide by those laws anyway.
Crack down on spammers. Make spam outright illegal and make penalties for ISPs that fail to comply.
Different financial cost (Score:4, Insightful)
Third world countries will find that sort of money a huge barrier to entry for sending email.
Similarly this will be open to google ad type exploitation. People will set up email addresses and sign up to all sorts of solicited and unsolicited email just to collect the cash. Again for people in poorer countries this might be a practical job.
Should be a money-maker (Score:4, Interesting)
Re:Should be a money-maker (Score:4, Insightful)
RTFA. The premise is that once you mark an address as spam, the sender will no longer send you messages because it's against his economic interest to pay you again. Therefore, you only receive payment once per mailing list, which will be too small to make it a feasible source of income.
Unfortunately, this system will only work if you only allow incoming mail from a server that supports it. This reduces the whole setup to a glorified whitelist, and dooms it to failure. Spam can't be stopped because the current infrastructure allows spammers to send mail without reprimand, and no alternative will work until the current infrastructure is still in place.
Parent
Re:Should be a money-maker (Score:3, Insightful)
I did reread his comment, before posting, and I read it to mean receiving multiple messages from one list. I thought he might have meant what you said too, but I was sure he meant what I addressed. Hence the clarification.
But for what it's worth, the alternative that you tried to explain doesn't work either. What exactly makes you think that you're only on the receiving end of this system? If I ran a mailing list, I would make damn sure that you can only sign up for it using email, and not through a web
typical of economics (Score:3, Funny)
Let's try it out on Slashdot (Score:5, Funny)
Re:Let's try it out on Slashdot (Score:5, Funny)
Parent
Why not just make them pay? (Score:3, Insightful)
This is pretty basic stuff. The problem with spam is that spammers are continually finding ways to pay nothing to advertise. If one person in a thousand replies to a message you paid nothing for and sends you $50, you've made almost double the profits vs. if you had to pay 2 cents per recipient. That's always going to be an attractive market for people with useless crap to sell, because the real rate of return on crap might be considerably less than one in a thousand.
This plan gives people the warm fuzzies because it sounds like each individual will be able to profit from unwanted advertising, but in reality it would never work that way. On the other hand, you'd get the same "punitive" effect on spammers if you just found a way to force them to pay to send spam.
Re:Why not just make them pay? (Score:3, Insightful)
But should I have to pay to send you an e-mail you just asked for (i.e., "I forgot my password")? Or should my brother's e-mail of a link to pictures of my niece's birthday party cost him money to send? And, who's collecting? The point is that you'll be unable to make the distinction between commercial and private messages. It's not the same as buying an ad in the yellow pages.
What is it with the money-for-email idea? (Score:5, Insightful)
But what amazes me is that like clockwork, somebody will publish an article on this "great new idea" for dealing with spam, several times a year it seems. They have clearly read none of the spam literature, nor done a search. And on top of that, journals and magazines also think it's new and publish the items, even slashdot publishes them.
What gives?
Ah! (Score:4, Insightful)
Professor Marshall Van Alstyne of Boston University School of Management
That pretty much explains it.
The problem with spam is weak enforcement (Score:5, Interesting)
The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.
If we had an FBI director who made this a priority, most spam could be eliminated in a year. Just divert some of the FBI Baltimore people who do child pornography [fbi.gov], who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.
In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.
Re:The problem with spam is weak enforcement (Score:5, Interesting)
why does the casual observer allow objectivity and reasonable thought to fall by the wayside when dealing with the very things that require them the most?
I was a sexual abuse victim when I was young, and I dont see whats so bad about the parent post. Child pornography department just fills in the vacant slot or two and the experts train the newbies. Thats how it should be done
There doesn't seem to be much motivation to put that kind of knowledge on spam enforcement, but I think the parent poster is right: why isn't there? Obviously spam isn't nearly as bad as child pornography, but judging by some of the porn sites they advertise via unsolicited spam, the industries certainly intertwine. Its not like a potential victim becomes a stupid slut who made her own decision to sell her body the second she goes from non-legal to legal age. I've seen enough stuff in my lifetime to know that claiming you're a consentual adult isn't exactly 100% true if somebody is pulling your strings.
Parent
This has already been done (Score:3, Informative)
Robert Heinlein invented this (Score:5, Informative)
Robert Heinlein in one of his stories required that telephone callers post a bond before the hero would answer the phone. If the hero agreed that the phone call was worth it, he'd reverse the charges.
Final Ultimate Solution to the Spam Problem (Score:3, Interesting)
Right.
People flag list traffic for which they subscribed as spam all the time. What is so special about putting up a financial bond that will cause people not to flag mail they requested in March as spam in May, or accidently marking mail from aunt Mildred as spam. I just don't see it.
This fails every test of an anti-spam proposal I can think of, including the most important: It doesn't stop spam.
--OgThe answer tp the spam problem is... (Score:3, Insightful)
If we educate the users/unwashed masses(what every you want to call them) that BUYING from the SPAMMERS is A BAD IDEA(TM) and only makes the problem worse, the users might not buy cheap tobacco/blue pills/radio controlled cars/fake rolexes from the adverts.
Would the small minority please stop supporting this crud, then maybe I wouldn't stop one week fighting trojans nd the next fight the spam they've started spawning (Sober.o/p and sober.q).
The Only Solution (Score:3, Interesting)
SMTP is an outdated, insecure protocol which is ill-suited to modern email.
We need to replace it with a protocol which is authenticated at both ends. A friend and I came up with the following; which although not perfect and probably subject to a few tweaks is a step in the right direction.
J Random Hacker/Company/Joe Sixpack leases a domain name from J Random Registrar. Let's call it jrh.com
That registrar provides a private key and a public key pair based on the domain name.
The CMTP (or Complex Mail Transport Protocol - I made that up) server on jrh.com wants to send an email to target.com. It signs the outgoing message with the private key (ie puts a hash in the header - and you could base it on time and date or other arbitrary data to make sure there's no forgery) and then connects to target.com. target.com then asks jrh.com's registrar for jrh.com's public key (either that or it's propagated over DNS). If the pair match up, the email is accepted. If not it's dropped at the door. No questions asked.
During the phase in period, SMTP traffic could be configured for a 15 minute delay on each target server, whereas CMTP traffic is dealt with immediately. I compare it to how Telnet was slowly phased out in favour of its more secure replacement, SSH.
So, if a spam zombie Windows box is spewing out SMTP traffic in a CMTP world, most servers would drop it at the door. The spammers can't go to CMTP because:
1) They can't use a private key they made up because it's checked against the public key held at the registrar.
2) If they use the private key of a domain they hold (ie install it as part of the worm infection) when people get even 1 spam from them (yes 1 spam - it would be that unusual) the server just ignores mail sent with that signature.
The solution works because the motivation would be there for companies to prevent spam on their networks. As soon as they switch to CMTP, they get no spam over it. And eventually they will get no SMTP email at all. Just as nobody uses Telnet anymore, SMTP will die out if replaced with something better. You can make all the laws you like but at the end of the day, the SPAM solution is a technical one.
Re:The Only Solution (Score:3, Informative)
If you get spam from user1@gmail.com you most likely won't block the whole gmail.com domain, just user1. If you get spam from abcdef-1032@uber-leet-viagra.com, you'll want to block the whole domain.
If honest Joe Bloggs mail client can send email via his ISP, so can any malware installed on his PC. So what happens when you start getting 1000's of emails from [randomuser]@gmail.com. You can't block the whole domain without impacting legitimate mail. You can block each of the aliase
Your idea is so 1996 (Score:3, Insightful)
Bill Gates put this idea in The Road Ahead back in 1996. Basically, in order to send an unsolicited message, you have to attach some e-cash to it. If it's just a message from some long lost friend presumably you won't actually redeem the attached e-cash.
Anyway, like a million other ideas about solving spam, it'd work if you could just convince everyone in the world to adopt it. Convincing everyone in the world to switch over to the new system is left as an exercise for the reader.
I am an open proxy, ban me!!! (Score:3, Funny)
(I hope I didn't just sign a death-wish for my karma...)
Re:Possible way to cash in... (Score:4, Funny)
Great...three people managed to post this bright idea before me.
Last time I answer the phone at work!
Parent
Re:Why is it so difficult to stop spam? (Score:3, Insightful)
Not to mention privacy issues...would I want an ex-boyfriend/girlfriend with a grudge being able to query this info on mass etc etc
Also most spam-ware has it's own SMTP engine and sends direct to the MX address (or secondary is quite popular too).
Re:brilliant, but complicated (Score:4, Insightful)
Overly complex, ineffective, and useless.
Who collects and distributes these (micro)payments?
Who enforces that the mailserver supports this?
In the event of someone getting zombied, who is liable? Especially in the event that the zombied box is fully patched.
How does a 13 year old from a dirt poor country send an email from the shared village PC to a uni professor in London or NYC? Where is his escrow acct?
What about anon email accts? How is my bank/paypal/whatever tied to that? (Not that I want it that way)
How does a free, but popular mailing list afford the escrow acct needed to cover new recipients?
There are a host of other problems that we haven't even begun to consider.
Parent
Re:Obligatory (Score:3, Insightful)
Spammers aren't going to pay money. Spammers profit by stealing resources. It's a tremendous leap of faith to assume that any significant percentage of spammers would buy into such a boneheaded idea, but then again, coming from a college professor (who likely has very little real world business experience), it's not surprising.