North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: anybody else been spammed by "no-ip.com" yet?
I've been roasted privately and called naive in thinking that pay-per-mail is a valid solution. Let me first say that the $0.02 I pulled "out of the air" was derived simply by taking the $80/hr I bill to clients and dividing that by 3600 (number of seconds in an hour) thus $0.022. I'd say that about 1 second per email is probably real in relation to my time. Let me explain why I've come up the pay per message as an answer. I realize that this has got issues with it - such as abuses of the micropayment system, etc. etc. etc. Anyone who thinks that government can pass a law and this will go away is hopelessly naieve. The spammers will go overseas. Besides, if you look at the content of a lot of the spams I receive I doubt the senders care much about the law. The junk fax law, in my opinion, worked primarily because sending faxes from locations outside the us jurisdiction cost more and there were few things you could provide from overseas which were marketable via fax. Anyone who thinks we're going to be able to educate people and make them all close their open relays is going to make the problem go away is hopelessly naieve. There are just too many admins out there, most of which are of the "I think running my own mail server is a good idea, but I really don't have much of a clue about how the mail server REALLY works" variety. It's not possible. That leaves technological measures. Spam filters are a good idea, but spam is a very moving target. I run spamassassin (highly recommended) on a couple of mail servers. When I first install a newly-released version of spamassassin it is nearly perfect. Over a couple of months it gets less and less effective, at which point I install the newest version, which improves effectiveness again. Occam's razor is good, but in reality only catches spam if it has been reported to the razor. rbldns lists are effective only against the worst offenders, as the rest don't get reported until it is too late. and so on. I think the only other methods I can think of are best described as some sort of "web of trust" type method. These are essentially whitelist systems. In order to send me mail you have to *do* something. The first option is a traditional "If you send me email and I don't know you, I'll bounce the message and you have to reply with a specially formatted mail message in order to get your mail through". The main problem with this model is that in circumstances where bulk mailing is necessary (such as notifications of credit card payment due, etc.), you run into a problem. The other thing is that eventually, spammers will learn how to respond to these messages automatically. The second is more of a secure-smtp model, in that each mail server is "Certificated" in one way or another and that you only accept mail from "Certificated" mail servers. One of the conditions of being "certificated" is verification of anti-spam technological and other measures (such as being able to identify spammers, etc.). In a small internet, this is a perfectly workable solution. In a globally sized one, it seems to me that the likelihood of spammers being able to work around the system is as close to 100% as you can get. The pay-per-message system I proposed was an outgrowth of the "certificated" option. In essence, my theory is that if you paid *something* for each message you send, than everything should equal out in the long run. Generally, other than mailing lists and spam, I send about 1 message for every one I receive. A spammer sends tens of thousands of messages for every one he receives. There are a whole new set of problems caused by this which I think have mostly been mentioned - to summarize, they mostly relate to the technical problems with doing this, plus the possibility of abuse of the system, etc. etc. etc. Someone pointed me to a discussion of camram at http://harvee.billerica.ma.us/~esj/camram.html. I initially *like* something like this option. In short, it forces the sender to spend a lot of CPU cycles for every message they send. Need to send a lot of email, well, spend a LOT of cpu cycles. The point I was trying to make with the pay-per-message is that the real cause of spam is an economic one. That is, the cost of sending the spam is less than the profit the spammers make from the spam. If we can increase the cost of sending the spam, then we will lessen the profitability of sending it, and the problem will diminish substantially. Remember almost 100% of the spam is driven by greed, and if we can't satisfy the greed of the spammers, they will go elsewhere. - Forrest W. Christian (firstname.lastname@example.org) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/