Spam - is there a way for the world to stop it, and what's the worst case scenario?

Factual Questions
1

I use Gmail and am now getting around 100 spam mails a day in my spam box - usually I have a spam mail within 5 minutes of cleaning out my spam box. I was wondering in a hypothetical way, is there actually any way the world (by that I mean non-spam loving people) could actaully stop spam permanently - short of executing the people doing it? (Although, there’s a thought…)

Also, what’s the worst case scenario for the ever increasing amounts of spam in circulation? Is there a point at which the internet could start to buckle under the “weight” of all the crap floating around? Haven’t we already passed the ‘50% of all messages are unsolicited/spam’ point? What happens when that rate reaches 90%? Or 99%?

Grateful for some technical/internet savvy dopers’ thoughts.

2

How the heck are you getting so much? I get maybe 2-3 a day in my hotmail account, and I have the filters turned off!
Have you used the email address for porn sites? Shady message boards? Is it posted on a personal web page somewhere?

I ask this in all seriousness. If everyone else is getting that much spam, I kinda feel left out :frowning:

3

No cite, but I believe the vast majority of email is now spam. I don’t control our mailserver, but I’ve been told we discard over 80% of email as spam.

The only way for spam to end is for people to stop falling for it. Once it stops being profitable, they won’t bother. Unfortunately, that’s tough, because spam costs next to nothing to send.

4

No, no and no. I made the mistake of doing the latter two with my old email address (which didn’t have a good spam filter) and watched my inbox fill up with shit quickly so I haven’t repeated that mistake. I read an article that said spam mail has spiked recently due to a new worm that turns all unprotected PCs infected into spam routers, maybe that’s the issue as I’ve noticed a definite increase in my spam in the last couple of months.

5

I have owned my company’s domain for 13 years. We get 25000 spams per day on average. Of course 99.9% of them are blackholed at the server and never make it. If that is happening for a small firm of 10 people, large enterprises must get hammered by spam!

I was a user of BlueFrog ( Blue Frog - Wikipedia ) which IMO was the only real hope for stopping spam at the source.

Basically what Blue Frog did was go to the spam web sites and fill out the order forms with messages to remove Blur Frog members from their spam list. If you were a spammer selling viagra for example, 2000 bogus orders in your mailbox really slows you down.

It was a great idea. Blue Frog provided an encypted list of email addresses that the spammers could ‘wash’ their lists with, removing Blue Frog members and therefore reducing the bogus orders on their (the spammer’s) sites.

It was so effective that a team of spammers realized Blue Frog’s potential and implemented a DDoS attack against the company which folded and shut down under the pressure.

A new non-centralized P2P application based on the Blue Frog idea is being worked on by the open source community. See http://www.okopipi.org/

6

From a Dallas Morning News article dated Dec 6, 2006 (registration required):

7

I apologize, that’s actually a New York Times article reprinted in the DMN.

8

I have a vague recollection of an idea to reduce spam by making people pay to send e-mails. If you paid for your e-mails they would get priority treatment and be set straight away but if you opted to send the e-mails for free they could take a few days to get there. Of course this is unlikely to deter spammers as they don’t care how long their messages take to be delivered, as long as they get there in the end.

9

The last time I turned off the filters, I was getting about 600-700 spams a day. My filter classifies mail and assigns hash marks (#) according to its estimate of likelihood of being spam. I discard anything marked with at least ###, put into a spam folder anything with # or ## and let the rest through. The primary one gets most of it, I get about 20 or 30 a day in the spam directory (none of which has been real mail in the month since I set this up (before that I used a different–and less effective–filter) and also about 20 or 30 a day that get through the filter.

I am more or less opposed to capital punishment, but I would be willing to make an exception for spammers. One thing I find especially annoying is spammers who spoof my email address on their spams. This gets me nasty letters from sysops all over the world.

And no, I have never looked at a porn site. I have done things like registered at a poker site or similar. But I use several email addresses and the spam comes to all of them, including ones I have never given out to anyone.

10

My thoughts:

[ul]
[li]Probably not possible to complete eliminate spam, and I fear that such a cure might be worse than the disease.[/li][li]My spam attacks come in waves, but I am surely not getting 100 per day.[/li][li]One way to drastically reduce spam is to get your own domain. Use it as your e-mail address for really important stuff. Then get another e-mail address somewhere else and use that address for stuff like registrations on newspaper web sites, and so forth.[/li][li]Accept that if you use free, web-based mail you are opening yourself up to more spam than if you use an ISP’s POP server or your own domain.[/li][/ul]

I don’t like this situation, but I am finding that paying the extra money for a domain and an ISP to forward my mail to me through POP significantly reduces the spam I get.

My idea for fixing spam would be to make strict enforcement of return addresses. Currently, the internet mail “standard” doesn’t enforce any checking of the headers. On a UN*X platform, I can create and send internet mail with anything I darn well please in the headers. To have it reach someone, of course, I have to give it a useful destination address. I don’t have to give it a valid return address, so I can simply put anything I want in that part of the header.

As a result, I can remain completely anonymous. Only a very detailed trace of the mail could tell you where it came from. It’s easy enough to change IP addresses, so even if my IP address is recorded somewhere on a mail server, you might not catch me. I doubt that my MAC address is collected anywhere.

The big problem with my idea is enforcing it. Every scheme I’ve considered requires regulation, registration, or restriction. These are contrary to the current spirit/community of the Internet, and would end up making other things worse.

Even paying for e-mail could be bad. Of course we pay for regular mail, but that’s because we depend on one central distributor. Do you really want to be forced to use one of a small, select group of authorized e-mail distributors? Again, that type of system is ripe for abuse.

In short, you’re already paying for e-mail, free web pages/videos/music/pictures and so forth. You pay for it with annoying pop-ups, spyware, malware, and spam. The good news is that you can get free software and settings that help reduce the cost.

11

To be fair the spam I get isn’t really a problem, it just requires me to occasionally go into my spam box and hit the “delete all spam” button which isn’t exactly onerous. I don’t even need to do that as gmail kills mails older than 30 days in the spam folder automatically, and they don’t count towards your mailbox limit.

It’s more the effect of spam on the net and life generally I was talking about - it seems that if things continue they way they are then spam could pose a genuine threat to the integrity of the net and email (possibly making it necessary for us to do things like pay for emails, which I really don’t want to have to do).

12

The idea about paying for email is that you only pay if your mail is not opened. This would greatly discourage spammers without affecting ordinary, private emailers in their wallet - much.

13

Note that signing up for things with your gmail address and stuff isn’t the only way to get spam.

Spammers will just come up with lists of millions of random names @domain.com. The difference between Captain_C’s amount of spam and Iluminatiprimus’s amount of spam could just be that Iluminatiprimus’s address is easier for a program to guess than Captain_C’s is.

14

The worst-case scenario is that e-mail becomes unusable as a reliable means of business communication, and IMO it might come to that if the only viable means to fight it (through politics not the search for an elusive technical fix) isn’t finally pusued.

Case in point: I work in an engineering company. Staff consists mostly of some 30 engineers who exchange a lot of important technical information with customers and suppliers via e-mail. We communicate with a lot of people (because we also do tech support to corporate end users), and apparently what with worms on our customers unpatched PCs that read their Outlook address books and share the goodness, some web sites who require registration and then leak their data, etc., it seems after a year or two a staff member’s e-mail address seems to be well distributed in the spamming community. Also some people here have first/last names that spammers using name directories often hit on.

Of course we have server-side spam filtering, and that makes the spam manageable for the individual staff member, but the downside to that is there have been documented cases (found later on investigation) where bona fide e-mails with vital information have been dropped by the spam filters.

Fortunately our main customer has read messages on request enabled, so we don’t need to ask them if they have received an e-mail of ours. But for a lot of other recipients we have to call and ask if they don’t respond in a timely manner to a moderately important e-mail - that’s how unreliable non-internal e-mail has become with the necessary implementation of spam filters everywhere.

The true cost of the spam phenomenon is not only

a) end user’s time in dealing with spam that gets through
b) the cost of installing and maintaining spam filters

but to a very significant extent in my estimate

c) the opportunity cost of the loss of e-mail as a reliable means of communication (where users can rely on an e-mail either reaching the e-mail box of the recipient or being returned with an server’s error message, not silently dropped by a spam filter)

What has not been used: the obvious legal solution. “You have sent > $threshold_number e-mails within $timeperiod that are neither a response to a query, nor part of an established business relationship, and neither can you show a record of the recipients having explicity agreed to receive e-mails from you specifically? Off to prison with you.”

15

Another way is to make it so that whenever you send an e-mail, your computer has to perform a complex calculation. This would take maybe half a second for each individual e-mail you send, but spammers, with their massive volumes, would be severely limited.

16

Thanks tschild - I’ve been trying to come up with an anti-spam campaign slogan but you’ve just given me a better one than I could ever have come up with. :slight_smile:

17

I suspect a small charge paid by the sender, of perhaps $0.0001 per email (so you pay a dollar to get 1000 emails) regardless of if it’s to a valid address may help.

Free email programs can let you jump trough some hoops, like viewing some advertising and answering some questions to get you started with 50 or so free emails.

The only other way is when people have had enough, and a reasonable alternative comes up which is secure.

IMHO

18

Could there be set up a system that works along the lines of the registration pages that require one to type in random sets of numbers that are hard for a machine to see or use?

The way packets are sent back and forth anyway when using the net, you send me an email for the first time and you get a bounce back window that requires you to enter your name, email address, and the random number which will either open a new email that will come through or allow your original one to come through after the email address you provided accepts a short auto test return?

After that, with the cookie set or something, you can send me emails without verification until I am outed enough that spam is coming through and I reset so that any one sending email to me has to redo the verification.

So I send out 25 emails of a cute kitty picture to to myself with friends and family all BCC’ed and I get 5 ‘Mailer-Demon’s’ and they show that I need to do or redo my cookie for that address. Which I do and resend to those addresses.

It would not be as easy to use as email is now but it would / should really crimp the spam bots.

AOHell used to send me nasty notes and / or lock my account until I contacted them if I sent too many emails at once. I have not done more than 30 -40 at a time for a long time so I don’t know if they still do that.

Of course, AOHell has the least spam through-put of any mail client that I use.

Gmail is easy to clean out but has no filters. I have my other 6 screen name email accounts at AOHell blocking all mail.

I do not use my satellite provider’s email as I have that in reserve.

It seems to me that this idea would also work pretty good for businesses that need to accept unknown emails as it would not only block spam but ensure that a valid return address is present.

Logging the bounce backs would also provide a way to prove that the emails got to you and that you have an good return. If all had this, then the phony header problem would also be harder to implement. Right?

Just trying to think outside the box.

19

Athelas has already mentioned the long-standing proposal that, rather than going to all the trouble of setting up a workable micropayment system, instead we require anyone sending an email to tie up their CPU, doing some makework such as encrypting something before they can send it. That would be equivalent to charging them a tiny sum per message, which would amount to a problem for spammers while not troubling most legitimate emailers.

20

Surely all that would happen would be the emergence of a black market in computers that don’t do that.