Forgot your password?
typodupeerror
Spam The Almighty Buck IT Your Rights Online

Selling Your Attention to Spammers 307

Posted by timothy
from the sounds-fair-to-me dept.
Dotnaught writes "Can the free market stop spam where technology has failed? As described in InformationWeek, Professor Marshall Van Alstyne of Boston University School of Management has co-authored a soon-to-be-published paper that proposes an "attention bond" -- money put up by email senders that recipients collect only if they consider the message a waste of time. Supposedly, this market-based filter performs better than a perfect technology-based solution, with no false positives or negatives. A company called Vanquish already has a working model. Is selling one's attention the answer to spam?"
This discussion has been archived. No new comments can be posted.

Selling Your Attention to Spammers

Comments Filter:
  • by EggMan2000 (308859) * on Tuesday May 17, 2005 @04:15PM (#12559372) Homepage Journal
    Your post advocates a

    (*) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (*) Mailing lists and other legitimate email uses would be affected
    (*) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    (*) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    (*) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (*) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
    • Wait... the article's

      Supposedly, this market-based filter performs better than a perfect technology-based solution

      ... against your

      Your post advocates a

      (*) technical ( ) legislative ( ) market-based ( ) vigilante

      A "Sorry dude, but I don't think you were reading" is definitely in order.

    • It's nice to see posts like these surviving the lameness filter.
    • you know, people complain about dupe articles, but I never see people complain about dupe comments, no matter how old the joke is... good content works both ways.
    • by booch (4157) <[moc.kehcubgiarc] [ta] [0102todhsals]> on Tuesday May 17, 2005 @04:42PM (#12559697) Homepage
      If you're going to fill out the form, please fill it out CORRECTLTY:

      Your post advocates a

      ( ) technical ( ) legislative (*) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      (*) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      (*) Lack of centrally controlling authority for email
      (*) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      (*) Asshats
      ( ) Jurisdictional problems
      (*) Unpopularity of weird new taxes
      (*) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      (*) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      (*) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      (*) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      (*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      (*) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      (*) Sending email should be free
      (*) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      ( ) Sorry dude, but I don't think it would work.
      (*) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
      • Ya know frankly i only read the comments on new spam filtering techniques to read the automated spam response form. Im not really concerned with the pie in the sky solution in the actual article.
        • Frankly even the best anti-spam idea, possibly the one the world impliments in a few years will have several hits on this list. I don't think its possible to make the perfect spam solution that doesn't require some work.

          Either way has anyone noticed that this list seems to have changed over the years. I swear it has, I'll have to go find some achieves of old versions.
      • by jmv (93421) on Tuesday May 17, 2005 @09:09PM (#12562266) Homepage
        Most importantly, you forgot:

        "Mailing lists and other legitimate email uses would be affected"
        Under this plan, I could just subscribe to a bunch of mailing lists and get paid (by mailing list admin) for declaring the emails as spam.
      • by billstewart (78916) on Tuesday May 17, 2005 @09:51PM (#12562590) Journal
        You've either failed to read the article, or misunderstood it, though you were closer than the first checklist. A well-designed market-based solution doesn't suffer from many of the points you've checked, because it recognizes that it's the recipient's time that matters (though the article incorrectly tries to describe the time as a "property right" rather than a "service", which leads in various non-useful directions.)


        () Lack of centrally controlling authority for email
        -- it doesn't appear to use this - it appears to be recipient's-end charging, which can be deployed in a decentralized manner
        () Open relays in foreign countries
        -- those don't matter here - if they sender doesn't pay, the recipient doesn't read it, and relays only make it harder to pay.
        (*) Mailing lists and other legitimate email uses would be affected
        -- you correctly marked "whitelists suck", which is part of why it's hard to implement this one correctly.
        (*) Users of email will not put up with it
        -- this is the big problem with TMDA, hashcash, and many similar systems
        (*) Many email users cannot afford to lose business or alienate potential employers
        -- you missed this one too. See previous.
        () Requires too much cooperation from spammers
        -- not a problem. This one requires cooperation from non-spammers.
        () Unpopularity of weird new taxes
        -- unless I grossly misread the article, this doesn't apply here - the sender pays the recipient or recipient's ISP, not some third party.
        (*) Public reluctance to accept weird new forms of money
        -- Yup. Either you need weird new money or old-fashioned real money, and the latter is usually too expensive per transaction.
        (??) Armies of worm riddled broadband-connected Windows boxes
        -- Maybe. If enough people start using this, and there's a convenient mail-sender interface so senders don't need to pay attention very often, then worms will start to abuse it. Otherwise they won't care, and the five people who still use it will have whitelisted each other.
        () Dishonesty on the part of spammers themselves
        -- Doesn't hurt the recipient, who sets the price high enough that he's willing to read an occasional Nigerian Herbal Fake Vi***a ad and keep their $5 just to annoy them. This proposal suffers from dishonest recipients, who convince legitimate that they should be willing to pay the money to get the recipient's attention. It's a serious enough problem that it can even lead to "Make Money Fast By Reading Email At Home" spammers inviting you to become a recipient :-)
        () Why should we have to trust you and your servers?
        -- Because you want me to read your mail. Don't care? Don't send money, and I'll ignore you. If I'm a sufficiently interesting public figure, like Rush Limbaugh or Daily Kos or the Editor of the New York Times or Britney Spears, maybe you'll pay to get my attention. Alternatively, maybe the fact that I'm charging for my attention will make you think I'm some over-inflated ego who's not worth the effort, and my 15 minutes of fame will time out faster.

        (*) Sorry dude, but I don't think it would work.
        -- My conclusions's a bit more positive than yours :-)

  • Like three or four years ago?
  • by TripMaster Monkey (862126) * on Tuesday May 17, 2005 @04:16PM (#12559385)

    I must be missing something...it seems like the same tactics spammers use to evade law enforcement today could be used to evade the imposition of this "attention bond mechanism".

    • Wow, dude, sorry you got hit some moron posting crap at you. I get nervous every time an AC replies to me.

      To answer your question, the reason spammers can't hide from this is that they have to pay money to send messages via this mechanism.

      In the limit case, you can choose to receive messages ONLY from people who send mail this way. Even your friends would pay money to send you email, but since you'd mark all of their messages as "worthwhile" it wouldn't cost them anything.

      You'd get no spam, but you'd los
  • Old news... (Score:3, Funny)

    by grub (11606) <slashdot@grub.net> on Tuesday May 17, 2005 @04:17PM (#12559388) Homepage Journal

    money put up by email senders that recipients collect only if they consider the message a waste of time

    I get that already, it's called "my salary".
  • by Rude Turnip (49495) <valuation@gma i l .com> on Tuesday May 17, 2005 @04:17PM (#12559393)
    I bill triple digits per hour (but still less than a phone sex operator at $4.99/min). Doctors and lawyers charge even more. Unsolicted messages are an uncompensable waste of time and a theft of network resources.
    • by Anonymous Coward
      My time is free! I'll give them all the time they want and then some! They just need to come over to this dark alley... say, have I shown you my baseball bat? Look at these fine details... now just hold still.
    • Then why are you on Slashdot?
    • That's the point:

      An attention market would even be useful in a non-commercial context. An executive like Bill Gates could price access to his inbox to reflect the value of his time. And those who had legitimate reasons to correspond with Microsoft's chairman could rest easy, knowing that he wouldn't cash in the substantial bond required to get his attention.

      In other words, the more you make per hour, the less spam you will recieve - in the true nature of the new corporate owned and controlled Internet(t
      • by wnissen (59924) on Tuesday May 17, 2005 @04:55PM (#12559851)
        In his 1996(?) book The Road Ahead [microsoft.com]. It was exactly the same, the recipient would have the choice to not collect if the message was wanted. For example, if it was from a long-lost friend. So it only took nine years to write a paper on this idea which was published by on e of the most famous figures in the technology industry?

        Walt
        • Heinlein came up with it first -- one of the characters had a doorbell which would only ring after a deposit was made -- refundable if it was agreed that her time was not being wasted. I think someone else here referred to Heinlein doing the same thing with a telephone call at some point or another -- I'm not sure if it's the same reference (and one of us is misremembering it) or if he used the same idea twice (which is really quite plausable).
    • ....your minimum 2 hour per case charge.
  • Sounds dumb (Score:3, Interesting)

    by stratjakt (596332) on Tuesday May 17, 2005 @04:17PM (#12559394) Journal
    Why is a spammer going to put up money when relaying through a zombie net or open relay is easy and free?
    • Re:Sounds dumb (Score:2, Informative)

      by Anonymous Coward
      Because under these monitary-based systems your spam filter would reject unsolicited emails without this "stamp".

      When your friends send you email or when you join mailinglists you can of course whitelist them; and if a friend sends you a stamped email you don't have to collect.

      The system makes some sense; but it's too complicated. The right answer to stop spam is to not give your email address to spammers.

    • Why would a spammer put up a bond? Because without it, the mail would be blocked. No bond, no mail.
  • tax? (Score:2, Insightful)

    by Reignking (832642)
    money put up by email senders that recipients collect only if they consider the message a waste of time

    Sounds like a fancy way of taxing the internet...
    • It is. Bonds are often required by government in areas that they can't legally tax.

      Car insurance, for instance, is really just a bond. Government can't prohibit your right to travel, so they use liability to require a bond that is effectively a tax.

      Looks like freedom of speech is going the same way. You put up a bond to be able to talk. If you say something people don't like, you lose money. If they make the bond high enough, normal people will have to lease their bonds through insurance companies, e
  • by vidarlo (134906) <<ten.xestib> <ta> <olradiv>> on Tuesday May 17, 2005 @04:18PM (#12559402) Homepage
    Either it will be so easy to cash out, that anyone will do it all the time, and noone will use this system of that sole reason.

    The other thing that can happend is that it is so hard to cash out this money, that noone will bother, since it'll be likely to take twice the time of hitting delete, or the sum has to be big enough to be worth the hassle ($1?) which agains brings us to the first point, people will cash out on every email.

    • Exactly. People will say "Hey this is [insert big company name], they can afford to give those [insert appropriate number of cents] to me !" Or it could become a more powerful weapon than boycotts. But I don't agree that it could be too much an hassle, people would write automated tools to collect the money.
  • Human Greed... (Score:3, Insightful)

    by Ochu (877326) on Tuesday May 17, 2005 @04:18PM (#12559410) Homepage
    I'm sorry, the whole "fee" idea just doesn't work for me... What is to stop someone signing up for a whole load of mailing lists, and then claiming that they were all a waste of time? The only time anyone would not bother taking that cash is if there was someone they knew on the other end, getting pissed off.
    • The mailing list maintainer should consider the request to sign up a waste of time, and unsubscribe people who declare mailing list messages a waste of time.
  • by lukewarmfusion (726141) on Tuesday May 17, 2005 @04:18PM (#12559412) Homepage Journal
    It sounds like a good idea, but it's not a solution any more than CAN-SPAM. Spammers will not cooperate if it's just going to hurt them. Until you crack down on spam in the same way that the telemarketer do-not-call list has, you won't see any improvement. And that's not even realistic given the ease with which email can be masked or forged.

    It's similar to the argument that gun rights advocates make - stricter gun control laws or programs will hurt legitimate owners, but the real problems will still lie with the criminals who don't abide by those laws anyway.

    Crack down on spammers. Make spam outright illegal and make penalties for ISPs that fail to comply.
    • You cant fine foreign ISP's, but you can block them. If all of american ISP's blocked a particular foreign ISP for a month, that ISP would lost a lot of customers (therefore money).
      • Unfortunately, it would also hurt a lot of legitimate businesses that rely on services or traffic from those ISPs.

        I still think the best solution overall is to starve spammers - don't ever respond to unsolicited emails, even if it's a really great deal.
        • Unfortunately, it would also hurt a lot of legitimate businesses that rely on services or traffic from those ISPs.

          I don't think that makes it a bad idea. I mean, maybe you want to warn ISPs first in order to give them a chance to rectify things, or maybe you want to make it easy for them to get access again when they do cut off the spam, but the GP is right, there isn't much in the way of legal action you can take to shut down foreign spammers. If it hurts legitimate businesses, hopefully those businesse

    • It's similar to the argument that gun rights advocates make - stricter gun control laws or programs will hurt legitimate owners, but the real problems will still lie with the criminals who don't abide by those laws anyway.

      Moreover... while the gun owners just want their toys, spammers and advertisers in general want you. 'Coca-cola' would be writ large on your windshield ...except that you'd crash before reaching the mini-mart.

  • by grahamsz (150076) on Tuesday May 17, 2005 @04:20PM (#12559436) Homepage Journal
    While it'd be inconsequential to me to put up 10c to send each message (or probably even $1 if my employment related emails didn't count) it doesn't scale well between different countries.

    Third world countries will find that sort of money a huge barrier to entry for sending email.

    Similarly this will be open to google ad type exploitation. People will set up email addresses and sign up to all sorts of solicited and unsolicited email just to collect the cash. Again for people in poorer countries this might be a practical job.

    • it'd be inconsequential to me to put up 10c to send each message

      Good for you. I run a few mailing lists, some of which have thousands of members. A 10c charge is most certainly *not* inconsequential. Up with that I would not put.

      Besides which, I must have missed the part where it was explained how spammers would be forced to play along with the system. Another system that only keeps the honest people honest. File under bee one en.

      • Perhaps the first charge between a sender and receiver could be waived.

        So if someone claims your message as spam, you can be informed, you can remove their address from your list and get off without paying.

        But that's now a new way to abuse the system.

        Also spammers can put up bonds with stolen credit cards...
  • So, I can just sit home and subscribe to mailing lists, flag them as spam, and watch the checks roll in? And if that doesn't work, how many EULAs will I have to click through to get a business to send me any email at all?

    We would need someone to police this system, and that someone would need legal power in every country from which email is sent. No one has such legal authority. And we're back at square one...
  • by bigtallmofo (695287) on Tuesday May 17, 2005 @04:22PM (#12559456)
    What's to stop someone from signing up for every mailing list everywhere and setting up an automated application to flag it as spam so the money starts rolling in? Three or four thousand such flags per day, even at a few cents each should start to add up fairly quickly.

    • by merdaccia (695940) on Tuesday May 17, 2005 @04:48PM (#12559763)

      RTFA. The premise is that once you mark an address as spam, the sender will no longer send you messages because it's against his economic interest to pay you again. Therefore, you only receive payment once per mailing list, which will be too small to make it a feasible source of income.

      Unfortunately, this system will only work if you only allow incoming mail from a server that supports it. This reduces the whole setup to a glorified whitelist, and dooms it to failure. Spam can't be stopped because the current infrastructure allows spammers to send mail without reprimand, and no alternative will work until the current infrastructure is still in place.

      • Interesting point, but one that could be avoided if the mailserver has an address book with a pricelist. Presumably you would need to transfer some form of electronic payment at this point anyway. You would mark mailing lists, friends etc. as free in your address book. The mailing list would then refuse to send you email if it had a cost.
    • Hell, I'd be collecting on every e-mail sent to me. Friends, family, I don't care.
  • How many times is this idea going to come up before it finally goes away? Nobody is going to put up any amount of cash to send their legitimate email. Nobody will use a service that requires such a fee.

    It's a simple concept really... the only solution that will be accepted is one which requires the masses to do nothing different than what they do now. People will not change their ways, even if it meant a spam-free environment. When it comes to computers, most users are lucky to remember one way to do t
  • by cinnamon colbert (732724) on Tuesday May 17, 2005 @04:24PM (#12559482) Journal
    the only field where you can get a nobel for being wrong
  • by pcraven (191172) <(paul) (at) (cravenfamily.com)> on Tuesday May 17, 2005 @04:24PM (#12559485) Homepage
    I'd like to try this on Slashdot. I can collect money for articles that I think are a complete waste of my time. Then this money can be used to post messages like this, which are a complete waste of other people's time.
  • by PCM2 (4486) on Tuesday May 17, 2005 @04:25PM (#12559490) Homepage
    I don't get it. This kind of "disincentive" has already been implemented in just about every business plan on earth in a much less logistically challenging way. When you advertise, you have to pay for it. Let's say you advertise too 1,000 people, it costs you two cents each, and only one person is receptive to your message. That person buys your product for $50. Great! Your ad campaign was successful. On the other hand, if nobody bought your product, you'd be out $20.

    This is pretty basic stuff. The problem with spam is that spammers are continually finding ways to pay nothing to advertise. If one person in a thousand replies to a message you paid nothing for and sends you $50, you've made almost double the profits vs. if you had to pay 2 cents per recipient. That's always going to be an attractive market for people with useless crap to sell, because the real rate of return on crap might be considerably less than one in a thousand.

    This plan gives people the warm fuzzies because it sounds like each individual will be able to profit from unwanted advertising, but in reality it would never work that way. On the other hand, you'd get the same "punitive" effect on spammers if you just found a way to force them to pay to send spam.
    • When you advertise, you have to pay for it

      But should I have to pay to send you an e-mail you just asked for (i.e., "I forgot my password")? Or should my brother's e-mail of a link to pictures of my niece's birthday party cost him money to send? And, who's collecting? The point is that you'll be unable to make the distinction between commercial and private messages. It's not the same as buying an ad in the yellow pages.
      • I doubt it would be all that difficult to identify bulk mail messages from single-use ones, even a small mailing list to friends and family. Second, there could be a legal test to differentiate between commercial and private email. This kind of distinction is already made in "free speech" arguments. Unfortunately, I find myself bringing the lawyers into the picture, but that seems to be the only way.

        The problem, of course, with any kind of law about spam is enforcing it. A law that doesn't get enforced is
        • doubt it would be all that difficult to identify bulk mail messages from single-use ones, even a small mailing list to friends and family

          But I've built systems for my customers that send out 10-20,000 messages at a time, and each one is substantially different (different subject, altered body, different reply-to). Totally legit, completely solicited by the recipients, but definately marketing-related and sales driven (invitations to an event sent to all the members of a trade association, for example, o
    1. Create a few thousand random email addresses.
    2. Vigorously seize the bonds on all spam messages (write a script).
    3. ???
    4. Profit!
    5. When spam messages start to drop off, abandon the email accounts and start over.
  • Yet Another Pay To Send Mail Scheme

    These show up on /. like clockwork. They all have the same problem: unless everyone uses them, they hurt the ones who do more than the ones who don't (network effect).

    Go ahead -- demand a bond before you accept mail. Yes, you won't get any spam. You also won't hear from Hotmail, GMail, Yahoo, or your (ex-) customers.

    All of these schemes depend on every government on Earth legislating them into existence, simultaneously, and somehow miraculously not adding enough

  • This approach only seems to work for legitimate companies (or those that care about repeat customers). I don't see that strange web site selling V1aG4r@ participating in this system. I also don't see the Nigerian scammers participating. Or the phishers. I already don't get spam from L.L. Bean or Citibank. Has this professor even looked at who is sending spam to him?

    And how do you handle international transactions?

    I think I'd need to be able to specify a lower or higher cost to specific individuals as well
  • by btempleton (149110) on Tuesday May 17, 2005 @04:30PM (#12559551) Homepage
    While it's not a great idea, it's a fairly obvious one. Papers on this go back decades. I was one of the earliest to propose it in the Unix community almost a decade ago, but later denounced my own ideas [templetons.com].

    But what amazes me is that like clockwork, somebody will publish an article on this "great new idea" for dealing with spam, several times a year it seems. They have clearly read none of the spam literature, nor done a search. And on top of that, journals and magazines also think it's new and publish the items, even slashdot publishes them.

    What gives?
  • Ah! (Score:4, Insightful)

    by Anonymous Coward on Tuesday May 17, 2005 @04:30PM (#12559553)
    Ah, I see...
    Professor Marshall Van Alstyne of Boston University School of Management

    That pretty much explains it.
  • Make it illegal for solicitations not to have how they obtained one's e-mail address. In other words, require how one obtained your e-mail address at the bottom of the e-mail message. Such as, "Your e-mail address _____ was obtained from ______." Something like a $500 fine for not having that in the solicitation, and a $500 fine for lying in the "disclaimer" too.
    • Well, someone already posted the "standard reply form". I advise you to fill it out for your suggestion yourself. This way you'll probably find out where the problem is.

      Or maybe it would already help if you just copnosider the following questions:

      * Who's the spammer? And how do you find out?
      * Where's the spammer? And how will an US law affect him?
      * And what if the spammer truthfully writes "Your e-mail address foo@bar.xy was obtained from a list of e-mail addresses bought from an e-mail address trader"?
  • 1) Once the system is broken, open the mass media valves and let it be known that it's the spammer's fault.

    2) Angry lynch mobs wielding torches and pitchforks will take care of the rest.

    3) Rebuild a spam-proof email infrastructure.
  • I'm not so sure I want to support a program that turns "My $.02" into a literal statement. Seems that even when you get a "penny for your thoughts" you're still taking in only half as much as your spending.
  • by Animats (122034) on Tuesday May 17, 2005 @04:41PM (#12559682) Homepage
    Spamhaus points out that 200 known spam operations are responsible for 80% of spam. [spamhaus.org] They have names for most of the key people involved. Most of them are in the US, even though "bulletproof web hosting" services in China and money laundering in some tax haven may make them appear to be offshore.

    The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.

    If we had an FBI director who made this a priority, most spam could be eliminated in a year. Just divert some of the FBI Baltimore people who do child pornography [fbi.gov], who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.

    In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.

  • by Thuktun (221615) on Tuesday May 17, 2005 @04:41PM (#12559692) Homepage Journal
    Wallace [annonline.com] & Rines [www.exn.ca]' revamped [wired.com] spambone [com.com] was to do just that. It didn't pan out [wired.com].
  • So your recently stolen creit card not only includes charges for a weekend trip to Vegas you didn't take and life time subscriptions to "websites" you swear wouldn't interest you, but now you get socked with a million micro-payments for spamming yourself!!!
  • Fraud Potential (Score:2, Interesting)

    by erlenic (95003)
    If I understand correctly, which I might not, this is how it will work: spammer sends me an e-mail, I mark it as spam and receive money, spammer gets a notice so he can remove me from his list.

    What's to stop me from biting the cost of a large mailing, collecting all those notices, and reselling them to other spammers as a list of verified active addresses? My customers could use the lists in a country not on board with the idea, since this will require legislation to enact (which is a problem too obvious t
  • by alw53 (702722) on Tuesday May 17, 2005 @04:49PM (#12559777)

    Robert Heinlein in one of his stories required that telephone callers post a bond before the hero would answer the phone. If the hero agreed that the phone call was worth it, he'd reverse the charges.
  • Any user of "free" webmail service sells their eyeballs - hotmail, gmail, Yahoo, all of them charge money to advertisers to place those banners above, to the right of, and to the left of every page those users view. Nobody seems to kick too terribly hard about that. There *is* a web-based email service that shares some of those revenues with its users - while nowhere near enough to quit one's day job, extra income can be very nice, especially if it costs nothing.
    My email address is un-obfuscated for a rea
  • by Caveman Og (653107) on Tuesday May 17, 2005 @04:55PM (#12559857) Homepage Journal
    "...with no false positives or negatives"

    Right.

    People flag list traffic for which they subscribed as spam all the time. What is so special about putting up a financial bond that will cause people not to flag mail they requested in March as spam in May, or accidently marking mail from aunt Mildred as spam. I just don't see it.

    This fails every test of an anti-spam proposal I can think of, including the most important: It doesn't stop spam.

    --Og
  • by Anonymous Coward
    Attention bonds don't work, as described here in more detail [sooke.bc.ca]:

    * Creates opportunity for traffic monitoring by people we'd rather not have doing that

    * Creates money trail alongside email trail, making legitimate anonymity almost impossible

    * Makes trolling a profitable business model

    * Participants who are poor, or not allowed to form legally binding contracts (such as children) can't have email anymore

    * If only applied to email, moves the spam problem to other media without solving it

    * Creates obligation
  • Since spam is fundamentally an economic problem, not a technical problem, economic solutions are at least the proper tool. However, I think the cost should be up front, so legitimate businesses will see it as normal advertising costs and spammers will be unable to divide by zero mo matter how they lie.

    That said, the ultimate system I want would involve auctions for my time. I would specify how much advertising I'm willing to see, say 15 minutes worth per day. I would provide some personal information to a

  • Suppose smtp was modified by version + 1 to include the following in the the negotiation process:

    USER user
    PASSWORD password
    AUTHENTICATE user@emaildomain.com

    Before the SMTP server responds to the authenticate, it contacts emaildomain.com (as part of version + 1 protocol) and inquires about the sender user. From there, several interesting thing can happen. The server at emaildomain.com can do an email name query cache to determine if a user is being used abnormally. Hundreds, thousands of hits per second, e
    • No practical, I know of lots of ISP's with 100,000's of email addresses. Any global register would have to handle thousands of updates per minute. Even more than DNS...your idea is SPF on steriods, and that doesn't work.

      Not to mention privacy issues...would I want an ex-boyfriend/girlfriend with a grudge being able to query this info on mass etc etc

      Also most spam-ware has it's own SMTP engine and sends direct to the MX address (or secondary is quite popular too).
  • This still places the burden of dealing with spam on the recipient. That is, always has been, and always will be unacceptable. The stuff should never have existed to begin with.

    I have better things to do with my time than click through a pile of crap in my E-mail. Outlaw spamming, period, no matter how much the asshats at the DMA [the-dma.org] may scream about it (they screamed about the Do-Not-Call list as well, if I recall). It would be easy enough to do simply by extending the reach of the existing Junk FAX law. [cornell.edu]

    In
  • by martin (1336) <{maxsec} {at} {gmail.com}> on Tuesday May 17, 2005 @05:23PM (#12560151) Journal
    Education.

    If we educate the users/unwashed masses(what every you want to call them) that BUYING from the SPAMMERS is A BAD IDEA(TM) and only makes the problem worse, the users might not buy cheap tobacco/blue pills/radio controlled cars/fake rolexes from the adverts.

    Would the small minority please stop supporting this crud, then maybe I wouldn't stop one week fighting trojans nd the next fight the spam they've started spawning (Sober.o/p and sober.q).

  • The Only Solution (Score:3, Interesting)

    by _Hellfire_ (170113) on Tuesday May 17, 2005 @06:06PM (#12560666) Homepage
    The only solution to spam? Replace SMTP.

    SMTP is an outdated, insecure protocol which is ill-suited to modern email.

    We need to replace it with a protocol which is authenticated at both ends. A friend and I came up with the following; which although not perfect and probably subject to a few tweaks is a step in the right direction.

    J Random Hacker/Company/Joe Sixpack leases a domain name from J Random Registrar. Let's call it jrh.com

    That registrar provides a private key and a public key pair based on the domain name.

    The CMTP (or Complex Mail Transport Protocol - I made that up) server on jrh.com wants to send an email to target.com. It signs the outgoing message with the private key (ie puts a hash in the header - and you could base it on time and date or other arbitrary data to make sure there's no forgery) and then connects to target.com. target.com then asks jrh.com's registrar for jrh.com's public key (either that or it's propagated over DNS). If the pair match up, the email is accepted. If not it's dropped at the door. No questions asked.

    During the phase in period, SMTP traffic could be configured for a 15 minute delay on each target server, whereas CMTP traffic is dealt with immediately. I compare it to how Telnet was slowly phased out in favour of its more secure replacement, SSH.

    So, if a spam zombie Windows box is spewing out SMTP traffic in a CMTP world, most servers would drop it at the door. The spammers can't go to CMTP because:

    1) They can't use a private key they made up because it's checked against the public key held at the registrar.

    2) If they use the private key of a domain they hold (ie install it as part of the worm infection) when people get even 1 spam from them (yes 1 spam - it would be that unusual) the server just ignores mail sent with that signature.

    The solution works because the motivation would be there for companies to prevent spam on their networks. As soon as they switch to CMTP, they get no spam over it. And eventually they will get no SMTP email at all. Just as nobody uses Telnet anymore, SMTP will die out if replaced with something better. You can make all the laws you like but at the end of the day, the SPAM solution is a technical one.
    • Re:The Only Solution (Score:3, Informative)

      by Zone-MR (631588) *
      Some potential problems...

      If you get spam from user1@gmail.com you most likely won't block the whole gmail.com domain, just user1. If you get spam from abcdef-1032@uber-leet-viagra.com, you'll want to block the whole domain.

      If honest Joe Bloggs mail client can send email via his ISP, so can any malware installed on his PC. So what happens when you start getting 1000's of emails from [randomuser]@gmail.com. You can't block the whole domain without impacting legitimate mail. You can block each of the aliase
  • by anthony_dipierro (543308) on Tuesday May 17, 2005 @08:00PM (#12561677) Journal

    Bill Gates put this idea in The Road Ahead back in 1996. Basically, in order to send an unsolicited message, you have to attach some e-cash to it. If it's just a message from some long lost friend presumably you won't actually redeem the attached e-cash.

    Anyway, like a million other ideas about solving spam, it'd work if you could just convince everyone in the world to adopt it. Convincing everyone in the world to switch over to the new system is left as an exercise for the reader.

  • by NivenHuH (579871) * on Tuesday May 17, 2005 @10:30PM (#12562877) Homepage
    Hehe.. Just kidding.. ;)

    (I hope I didn't just sign a death-wish for my karma...)
  • I'm game (Score:3, Funny)

    by StikyPad (445176) on Wednesday May 18, 2005 @08:20AM (#12565296) Homepage
    I have absolutely no problem with this. I'd love a second income, and I'd be more than happy to sell my att.. oooh, shiny!

If a listener nods his head when you're explaining your program, wake him up.

Working...