I assume that the makework could be enforceable - if the email doesn’t have it’s computed checksum value (which is compared against the sending and receiving addresses, say,) then mail servers will not relay it.
GusNSpot - there have been several schemes for setting up your mailer to require people to “register” with you in some way before your mailer will accept mail from them. I don’t know of one that automates it by sending them a captcha, but it’s certainly doable. If you don’t expect the validation in real time, but simply through mail replies, it can be implemented entirely at the client end. A mail from an unknown person gets stored, and an informational reply sent back, explaining what they have to do to allow them to send you email. The ones I’ve seen present the recipient with the emailer’s request, which has to be manually validated. Once they’ve validated, however the process works, your mail client recognizes them, puts their initial message in your inbox, and allows them to send you future email.
The problem with those is that a lot of legitimate senders you might want to hear from simply say “screw this”, and go away. You also have a problem with automated responses you actually want, like confirmation emails from online orders. You don’t necessarily know ahead of time what the email address from such things is going to be, so you can’t prevalidate them. And finally, a lot of people who jump through your hoop will also respond by sending you a nastygram telling you exactly what they think of it.
GusNSpot’s answer, while a decent one, doesn’t do much to help the massive amounts of bandwidth and space that are being wasted by spam, either.
It’s a great scheme (except the caveats yabob mentions) except now it requires double the work on the SMTP server’s end.
So, great for the user, pain in the ass (and expensive) for the SMTP provider.
When coming up with schemes here, remember the existence of mail lists expanded at the various servers along the way. For instance, for your “checksum penalty”, you don’t want to require that a server expanding an alias for received mail re-do the calculation for each one. That unfairly penalizes somebody who maintains a perfectly legitimate large mail list on their server. I’m on a couple that must contain hundreds of people. But if you don’t do that, your spammer simply sets up huge mail lists on a server that he mails to from his client. The same thing applies if we imposed a costly enough “postage stamp” to deter spammers. People would justifiably not be happy campers if they got a walloping great bill for having mailed stuff to their hobbyist list “model-railroads@hobbyserver.com” because it ultimately expanded to a couple thousand recipients.
So we just have to come up with a scheme that is only prohibitively expensive to people sending more than, say, 10,000 emails per day.
Oh fuck this shit, let’s just send out the death squads to summarily execute all of the spamming cuns (and apparently most of them all live in the same part of Florida so travel expenses would be minimal). You don’t work out how to cure cancer without harming the tumour - you cut the fucker out! :mad:
I have two gmail addresses and only one gets spam - the newer one. I attribute this to the number of characters in my usernames. The newer account has only 6 characters while the older account has 8. If you want to avoid your gmail account being targeted by a dictionary attack, go for a longer user name, and maybe consider putting a number somewhere in the middle.
Once an address begins receiving spam there is no way to stop it. Spammers sell lists of email addresses to other spammers, so once they have yours it’s only going to get worse. The only thing you can do is start over with a new, clean email address.
Worst case scenario for Spam? The pigs figure out what’s going on and start organizing.
Please mind your language when in GQ.
Thanks.
-xash
General Questions Moderator
I thought at first all of you were looking for a way to stop Spain.
Worst case scenario: you learn to nap, work till 8 and eat tapas. What’s not to like?
Sorry Xash, I’ll be good.
Doug - that’s quite funny. As you say, how can you fault a country that gave us polysexual Barcelona? 
This was proposed recently (I forget the company’s name, but they tried to leverage some deal with AOL), and there was immediately a Great Disturbance In The Force.
Incidentally, $0.0001 would be a dollar for ten thousand emails, not a thousand. Do you work for Verizon, by any chance?
Is there a way for the world to stop spam? Of course there is. Ted Kaczynski proposed such a plan, for instance.
I think liberal use of specialized aliases and temporary mail ids would help. Rather than trying to impose filtering, assure that mail addresses likely to be harvested by spammers will bounce.
I’m not using a temporary mail address service, but I use a forwarder at pobox.com as my published email address. They allow me to administer three aliases pointing to my “real” address, and there’s one of them I change every month or so. The current value of that one is what I use for online shopping, or registration with sites that I don’t wish to maintain a permanent relationship with. If I did that more often, an actually temporary address service would be useful. You get the immediate responses you need from the interaction, but when a spammer (or the online retailer who now has a “business relationship” with you) tries it a month later it bounces.
I have a credit card with virtual numbers which I also love. When you hand out a virtual number, not only does it have an expiration interval, but the issuer will only accept charges from the first party that uses the number - ie, the merchant you wished to be allowed to charge on the number. I really like the idea that “flybynight.com” doesn’t get a credit card number that anybody who cracks their DB can actually use, nor will flybynight be able to use it shortly after my transaction with them completes.
I think a mail alias along these lines would be useful as well. A server can hand you a new alias, which you hand out to somebody you are willing to correspond with. The server notes the first incoming email addressed to that alias, and restricts it only to that party. A spammer who gets ahold of that address is unlikely to want to try to figure out who they have to masquerade as to use that address, even if the information was obtainable from the context their harvesting program retained.
It goes without saying that a server which hands you temporary or one-shot aliases also allows you to cancel them manually.
In effect, I think there’s a real need on the internet for a cohesive “one shot” identity, suitable user tools to create them easily, and support on commercial sites to play ball with the idea. That, plus realization by social, blog and messaging sites that they should provide “reply to” mechanisms for their members that don’t expose an email address, or realize that the email address they should use to communicate with you about your account may be different than the one that should be publically displayed to other users and susceptible to harvest. For instance, I could still allow email here by entering one of my “one shot aliases” into my profile. In the infrequent instances that another member sends me mail, I will get it, and that member will continue to be able to send me mail as long as they send it from the same address (or, I may reply to them, and give them my “real” email). I will then enter another one-shot into my profile. A spammer that figures out how to harvest this board will get through once, and then bounced in the future.
People are already doing variants of this informally by using “throwaway” hotmail type accounts when the do something that they think is likely to put them on a spammer’s list. I would like to see actual support for it on mail servers, with enough of a standard for the request that your mail client and browser plugins could provide you a “create alias” interaction. You park on the “email” field on your online shopping site, select “create alias -> temporary”, and “dogwood357@myserver.com” or something like this gets filled in and created as an alias on the mail server. A month later the mail server removes it again, and the vendor you had the interaction with can’t send you annoying notices about their sales.
I disagree that this is a good solution to the spam problem.
I used a temporary address forwarding service called spamgourmet for about two years before finally giving up on it. I have never received a spam email to any of the temporary addresses I set up. Not even once. I occasionally received annoying “update” emails from the website that I gave the address to, but they came with unsubscribe links that worked. I will assume that I missed an autofilled checkbox to opt out of their newsletters when I singed up.
Now, I’m not giving my email address to a bunch of porn or warez sites, so perhaps I’d have different results if I did. But for any normal (even kinda suspect) website that requires an email address, there’s very little risk of spam. Spammers harvest addresses from brute force searches, but not, apparently, from website registrations.
My answer to spam is both simple and boring. At some point, the benefits of a free and open email service will be less than the costs from spam, and we’ll abandon backwards compatibility with the old email standrads in favor of a more regulated service with challenge/response, and some verifiable way of telling who sent the message.
This is a good point. Temporary addresses hark back to a simpler time when spam meant unsolicited email from someone you emailed or signed up with (and perhaps they don’t give you an option to opt-out). Today, this quaint type of spam is a drop in the bucket to the constant barrage of random words and GIF attachments.
This is pretty key. My gmail account is a common last name and I get slammed with hundreds of messages a day. Even before I had ever sent a message with it, spammers probably had my email address on their list. To make matters worse, there are almost a dozen people that have erroneously given out my email address as if it were their own. I get their junk all the time.
150 to 200 spam e mails/day…takes a long time to delete them…
I occasionally purchase things by e mail and I’m certain that some of these sellers sell their lists to the people who send spam. I make changes in my name and sure enough the spam comes in with those changes.
Perhaps getting a new additional e mail address and use it rarely might help.
Just FYI - Pookmail allows you to use temporary email addresses to sign up for things that you don’t want to use your real address for. Rather than going through the set up process for a Hotmail account or similar, you just give (anytextyoulike)@pookmail.com, and then go to the site and log in using that name (no password needed). Any mail received at the address you made up will be deleted after 24 hours. It does seem to have a lot of downtime, so it’s worth making sure it’s working before you use it (I’ve developed a habit of sending a test email to the Pookmail address to see how long it takes to come through).
Some problems I’ve noticed with pay-to-mail schemes:
-
What about listservs and mailing lists? In academia, listservs are entrenched; it’s next to impossible to get a bunch of scholars to move their discussion to a Web-based forum. For lists with hundreds or thousands of subscribers, who pays?
-
Who do you pay when you send mail? If I’m sending mail from my own server, who do I pay? I’m certainly not going to pay AOL.
Demanding CPU time wouldn’t work because much if not most spam is being sent by people’s computers that have been compromised and are secretly controlled by spammers, or at least someone working for spammers.
As far as how your e-mail address gets on their lists, that’s another thing that compromised computers are often responsible for. If you send an e-mail to Aunt Edna and her computer gets infected with a virus or trojan, then your e-mail can get harvested and added to spam lists.