A great idea to get rid of spam forever! (opinions, please)

[Grousser]

I got a great idea, which may kill spam forever and for everybody!

If all email clients, web based or local server based, add a “reject” button to their inboxes, we may automatically give the spamers a spoon of their own medicine.

Think of it. I see 20 spam messages in my inbox. I will not read them. Instead, I select all messages and click the “reject” button. Result: all 20 senders get a returning email with the message: “Rejected spam”, or any message we choose. If every owner does the same thing, spam senders will be wasted, because of receiving the same quantity of trash emails in their servers. If every “spammer” sent an average of 10000 emails in a day, they will receive 10000 emails back.

I only see one disadvantage, would this duplicate the amount of internet traffic? Rejected messages would not be, of course, greater than 1k.

Do you see this as a good idea? I want your opinions, please, and how could I send this suggestion to Hotmail and Yahoo? (just to start with).

[Joey_P]

I remember a while back that would send a letter back to the spammer. It was a bounced e-mail type letter (MAILER-DAEMON etc…). Supposedly it would make the spammer think it’s a dead address and take it off the list. I don’t know whatever became of it. I think one of the problems may be the complexity of the spoofing and relaying that they use. It makes it pretty difficult to figure out where the e-mail actaually came from.

[Valgard]

Hi Grousser -

There’s a couple of problems:

1. Most spam is sent with a non-existent “From” field. Replying to it won’t do anything but generate tons of traffic to fake addresses, increasing load on already-burdened email servers.

2. Spam is generally sent from a “one-shot” email account - I sign up on AOL or whatever, pay my initial fee, use the account to send a kajillion messages and immediately abandon the account. I could care less what replies I get because I have no intention of using that account after I hit “Send” on my latest load of poop.

3. A lot of spammers have no stake whatsoever in what’s being hawked in their emails - I tell someone who sells donkey porn that “I can present your product to 10 million users for $1000!”. They pay me, I send some spam, I’m done. Whether you reply or not, buy the donkey porn or not, or complain to the FCC, FTC and John Ashcroft (or not) doesn’t have any impact on me the spammer.

Valgard

Who spends many working hours dealing with this stuff

[Grousser]

Thanks, that’s what I wanted, to wake up from my dream: someone who knows those details.

Well, don’t say I didn’t try.

[Avumede]

Not to mention spammers can simply put their enemies in the From field. So instead of retribution on the spammer, you hit an innocent 3rd party, in fact probably someone working against the spammers. Spammers actually do this now.

[Askance]

Not to mention that your strategy requires 100% compliance from recipients. Clearly spammers get some response - I’ve heard 1/1,000,000. That’s all they need; they don’t care what happens to the other 999,999 sendouts.

[ScottHaneda]

I am a system admin, here is some info…

While in theory your idea is good, it more or less is being done. What you are talking about is called a bounce. Email is a transport agent, and with that, comes a expectation of delivery, to ensure that, certain codes have been developed to mark emails with certain properties. For example, “fatal” bounces are coded with a numeric identifier that tells the server how to deal with it. There are many others, some tell the server to retry agian later, some tell it the mailbox was full.

Usually, the general public does not have control over this. However, there are many scripts for email applications that will generate exactly the response you are speaking of. You select a group of messages, select a script to run, and they are all bounced back to the sender with the appropriate error code.

In regards to “spoofed” return addresses, generally, this is not a issue. There are usually two addresses in the email header, the sender, and teh reply-to. it is the reply-to that is easily spoofed, the sender is harder to spoof and most spammers do not do this. This means the bounce messages do in fact get to the correct person.

I filter at the server level, so the spam never gets to my users, and I send the bounce back to the sender, not the reply-to. However, as mentioned, spammers no longer care, they spam untill the account is closed, they only send, they dont even bother to ever pop in and check email. Look at the spam you get, you will see that they are not looking to get you to reply, they are looking to get you to click on a link and go to a website.

There are a few things you can do to help fight the war on spam. First, find a small ISP to do your email, one that does agressive spam blocking. Next, sign up for a free account on spamcop.net and post your spam there, then system admins like me, who run the spamcop filtering tools on our email servers will automatciallu block spam based on the spam you reported. Forward full source copies of your emails to abuse@sender.com where sender.com is the hosting company that the spam originated through. This can take some learning, best to use spamcop.net since it figures this all out for you and also reports the spam to the ISP as well. Finally, report the spam to the FTC or other appropriate agency depending on the content. If it is a nigerian money scam, send it to the FTC.

Oh, one last thing, I bet you have HTML email turned on, almost everyone I know does. When you have this on, graphics are loaded in your email application. This is bad, the spammers will add in links in the email that test whether or not you loaded a graphic, if you did, they know you got the email, they know you exist, and they save your email and resell it. I have heard a good email address is worth a buck. Turn off network access to HTML email.

[Early_Out]

*Originally posted by ScottHaneda *
**Turn off network access to HTML email. **

Would it not be equally effective simply to turn off the preview pane in Outlook? Then, I can just look at the header info on the message in the top pane (From, Subject, etc.), and mark and delete the ones that are obviously spam. As long as I don’t actually open the message with the “phone home” HTML graphic in it, it doesn’t do anything, right?

[RogueRacer]

Grousser, you might want to check out a piece of software such as Mailwasher.

[xash]

Grousser, IMHO please. The irony sometimes.

I’m moving this out of GQ.

-xash
General Questions Moderator

[xash]

I use Mailwasher to bounce unwanted mail. While it does a good job of bouncing, I’m not sure whether it’s effective against spammers, for much the reasons that have been mentioned in this thread. I’m still testing it.

One of the stronger anti-spam solutions that I’ve seen is this service that requires that any email sent to you receives an automated reply to which a human must respond before the original email is sent into your inbox. While slightly annoying to the legitimate sender, it effectively reduces spam to the recepient.

[beagledave]

*Originally posted by xash *
**I use Mailwasher to bounce unwanted mail. While it does a good job of bouncing, I’m not sure whether it’s effective against spammers, for much the reasons that have been mentioned in this thread. I’m still testing it.

One of the stronger anti-spam solutions that I’ve seen is this service that requires that any email sent to you receives an automated reply to which a human must respond before the original email is sent into your inbox. While slightly annoying to the legitimate sender, it effectively reduces spam to the recepient. **

Actually the so called “challenge-response” system is more than “slightly annoying” for folks who email mailing lists. If you have hundreds/thousands of people signing up for your mailing list…and you have to manually deal with each sign up…big headache.

http://www.wired.com/news/politics/0,1283,59840-2,00.html

Challenge-and-response systems pose particular problems for newsletters and listservs. These systems try to cut down on fraudulent e-mail by not delivering a message until the sender replies to a confirmation e-mail sent by the intended recipient’s ISP or e-mail host.

“Declan McCullagh of Politech and Dave Farber of Interesting-People can’t do 100 challenge-responses a day,” said Cohn. “That, as a solution, doesn’t scale.”

I use the Mail app for Mac OS that does Bayesian filtering. There are similar apps for other platforms

From the same Wired article…

The most promising new approach is better filters that use Bayesian algorithms to tag spam automatically and move it into a spam folder. The algorithms look at the body and header of an e-mail and judge from past experience whether an incoming message is junk. Users then train the algorithm, by moving misclassified e-mail from one e-mail folder to another.

[xash]

*Originally posted by beagledave *
Actually the so called “challenge-response” system is more than “slightly annoying” for folks who email mailing lists.

Good point.

However, if a “challenge-response” system supports a configurable “allow list” of email addresses/domains, it might reduce the headache to some extent - for the recipient atleast.

The email list owner could just ignore the automated emails coming from the recipient. The recipient will add the list owner’s email address/domain to his “allow list” if he really wants the emails.

I guess spam is a no-win situation.

[beagledave]

*Originally posted by xash *
**Good point.

However, if a “challenge-response” system supports a configurable “allow list” of email addresses/domains, it might reduce the headache to some extent - for the recipient atleast.

The email list owner could just ignore the automated emails coming from the recipient. The recipient will add the list owner’s email address/domain to his “allow list” if he really wants the emails.

I guess spam is a no-win situation. **

One option being currently bandied about is to use RSS feeds in place of newsletters

http://www.internetnews.com/dev-news/article.php/3070851

“E-mail is dead, period,” declares Chris Pirillo, the Internet entrepreneur who distributes about 400,000 e-mail newsletters weekly. “I don’t care what kind of legislation goes through, people aren’t signing up for newsletters anymore. People are assuming that every e-mail publisher is a spammer.”

Pirillo’s Lockergnome has begun actively directing subscribers away from e-mail subscriptions, touting RSS (Rich Site Summary or Really Simple Syndication) instead as a foolproof way to avoid the spam bottleneck

I suspect more and more people are just going to handle individual email via white lists. IOW, unless your email addy is on my white list of “safe addys”, I’ll automatically reject it. Not a great solution…but I suspect that’s where we’re heading.

[Grousser]

*Originally posted by beagledave *
**I suspect more and more people are just going to handle individual email via white lists. IOW, unless your email addy is on my white list of “safe addys”, I’ll automatically reject it. Not a great solution…but I suspect that’s where we’re heading. **

It’s sad but true. Exactly the same system used by Hotmail and Yahoo messengers.

[Ximenean]

I like Bob X. Cringely’s version of the whitelist approach, in which email first goes through a micropayment server. If the sender is on your approved list, their email goes through free of charge. If not, their mail is bounced back with an invitation to pay a trifling amount, say 5c, to you via the payment system, which would be something like PayPal. 5 cents shouldn’t put off or upset genuine email senders, but it will sure concentrate the minds of people sending 10 million emails.

[Ximenean]

Forgot to add that the sender could of course pay the 5c up front to avoid having to go through the reject-pay-resend cycle.

[alterego]

*Originally posted by AndrewT *
**Not to mention that your strategy requires 100% compliance from recipients. Clearly spammers get some response - I’ve heard 1/1,000,000. That’s all they need; they don’t care what happens to the other 999,999 sendouts. **

I’ve heard 1 in 40,000 is profitable.