Re: Another Nutty Idea about SPAM
Steven Garman wrote:
Once method of combatting the spammers is to use disinformation. For example we use new addresses for their "remove" lists to check on their honesty.
What about attacking the lists themselves with false data? Say you run a site. (snip)
Igor Chudov wrote:
Another nutty idea: to create a database of people who do NOT want to receive unsolicited advertisements, and make it widely available.
Of course. But this does not address the issue of "unscrupulous spammers" which is what Steven was commenting upon.
The obvious problem is that some very uncsrupulous spammers would want to grab this database and use it as a source of email addresses.
This problem has a solution, however: instead of distributing people's email addresses, distribute MD5 checksums of their addresses. For example, an entry for ichudov@algebra.com would be
b51175dae78f25427351d5e3ff43de30
There is no way to guess the original text from an MD5 checksum.
Spammers should be advised to exclude all addresses with MD5 checksums from that database from the recipient list, and include instructions on how to get one added to the database into their spams.
Okay fine. The spammer is "advised" but if he is unscrupulous in the first place, he'll simply ignore the advice and continue bulk-mailing to every address he can grab.
Database maintainers could even provide a email filter-bot that would accept recipient lists by email and send back the same lists, but WITHOUT addresses that wish not to receive spam. This way stupid low-tech spammers (who make up the majority) will be able to process their email lists quickly and easily.
Indeed, stupid low-tech spammers would benefit from such a service if they wish to honor "do not send" requests.
This database may be maintained centrally. Users may be able to sign up for inclusion into that database by email or by filling out a Web-based form. Identity verifications may be done by using cookie protocol.
I like the idea and if I had the resources, I would do it personally. Optimistically, many bulk e-mailers would sign on to the plan. (Ironically, one would probably have to solicit bulk e-mailers to sign up). However, many, being unscrupulous, ignorant, etc. will not be involved. The only way I see to get bulk e-mailers to utilize this service is to offer a positive and/or negative incentive for usage of the service. ie. "What do I gain by elminating people from my bulk mail-outs? What can be done if I don't follow this protocol?" Ideas? Comments? me -------------------------------------------------------------- Omegaman <mailto:omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. --------------------------------------------------------------
Omegaman wrote:
Igor Chudov wrote:
Another nutty idea: to create a database of people who do NOT want to receive unsolicited advertisements, and make it widely available.
Of course. But this does not address the issue of "unscrupulous spammers" which is what Steven was commenting upon.
Surely, you are right. See below, however.
The obvious problem is that some very uncsrupulous spammers would want to grab this database and use it as a source of email addresses.
This problem has a solution, however: instead of distributing people's email addresses, distribute MD5 checksums of their addresses. For example, an entry for ichudov@algebra.com would be
b51175dae78f25427351d5e3ff43de30
There is no way to guess the original text from an MD5 checksum.
Spammers should be advised to exclude all addresses with MD5 checksums from that database from the recipient list, and include instructions on how to get one added to the database into their spams.
Okay fine. The spammer is "advised" but if he is unscrupulous in the first place, he'll simply ignore the advice and continue bulk-mailing to every address he can grab.
In which case the spam-fighting mob will harass him.
Database maintainers could even provide a email filter-bot that would accept recipient lists by email and send back the same lists, but WITHOUT addresses that wish not to receive spam. This way stupid low-tech spammers (who make up the majority) will be able to process their email lists quickly and easily.
Indeed, stupid low-tech spammers would benefit from such a service if they wish to honor "do not send" requests.
This database may be maintained centrally. Users may be able to sign up for inclusion into that database by email or by filling out a Web-based form. Identity verifications may be done by using cookie protocol.
I like the idea and if I had the resources, I would do it personally.
I think that a regular unix account would have enough functionality to implement it.
Optimistically, many bulk e-mailers would sign on to the plan. (Ironically, one would probably have to solicit bulk e-mailers to sign up). However, many, being unscrupulous, ignorant, etc. will not be involved.
The only way I see to get bulk e-mailers to utilize this service is to offer a positive and/or negative incentive for usage of the service. ie. "What do I gain by elminating people from my bulk mail-outs? What can be done if I don't follow this protocol?"
Ideas? Comments?
I think that the incentive for spammers to actually use this service is that spam-fighters can agree not to yank their accounts and not to go after them if they use that "no spam please" database. This arrangement basically makes everyone happy, for obvious reasons. - Igor.
In <199611270037.SAA11474@algebra>, on 11/26/96 at 06:37 PM, ichudov@algebra.com (Igor Chudov @ home) said: ::Omegaman wrote: ::> Igor Chudov wrote: ::> ::> Okay fine. The spammer is "advised" but if he is unscrupulous in the ::> first place, he'll simply ignore the advice and continue bulk-mailing ::> to every address he can grab. ::In which case the spam-fighting mob will harass him. ^^^^^^^^ strange choice of words, when I first read it, my mind read _harvest_. ::> > Database maintainers could even provide a email filter-bot that would ::> > accept recipient lists by email and send back the same lists, but ::> > WITHOUT addresses that wish not to receive spam. This way stupid ::> > low-tech spammers (who make up the majority) will be able to process ::> > their email lists quickly and easily. ::> ::> Indeed, stupid low-tech spammers would benefit from such a service if ::> they wish to honor "do not send" requests. ::> well, I've always figured that people are basically OK until proven otherwise --or their is money involved. then there are lawyers.... -- maybe there is an analogy: militias: "the only way they'll take my weapon is from my cooling, smoking hand...." bubba: "the only way they'll take my executive privileges is to impeach me --IF I consent to leave." <attila>
On Wed, 27 Nov 1996 attila@primenet.com wrote:
well, I've always figured that people are basically OK until proven otherwise --or their is money involved. then there are lawyers....
</devil's advocate mode> That's the crux of my point. The spammer's fundamental motivation is money. People who don't want to receive bulk mailings won't spend money with the spammers. However, many spammers don't see it that way. "What's in it for me?" ie. who's gonna pay the spammer for NOT sending his bulk e-mail just because some folks don't want it. </end devil's advocate mode> me _______________________________________________________________ Omegaman <mailto:omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________
participants (3)
-
attila@primenet.com -
ichudov@algebra.com -
Omegaman