Why is spam still a problem?

  • Why is spam still a problem?

    I just don’t get why spam (both e-mail and snail mail) is still a problem. I’ll focus on the e-mail variety for the moment as it seems to pose a bit more risk lately. I understand that we can’t catch 100%, but why are we even trying so hard to catch it? Why not stop the propagation, before it has entered our servers, and inboxes? It seems that with a simple addition to e-mail server software (maybe even SMTP). All I’m asking for is an option in e-mail server software to not process mail received from a different domain than the sender’s e-mail domain, or (for more security) a little verification/acknowledgement packet to be sent before an e-mail is processed on the receiving end.

    Option 1: If <domain in from address> is not equal to <host referrer> then reject the e-mail (maybe send the sender a response saying why it was rejected) This unfortunately doesn’t allow for relaying, which is why I like the option below.

    Option 2: ServerA receives a message from a sender on ServerB. ServerA then sends verification request packet to ServerB. ServerB then checks its sent mail log for the sent message. If the message was indeed sent from ServerB, Server B will send an acknowledgement message back to ServerA validating the message and ServerA then processes the message. If the message was not sent from ServerB, an acknowledgement message gets send back to ServerA saying that the message is not valid and ServerA deletes the message.

    As far as the SMTP specification allowing for it, it doesn't. My idea would actually have to be incorporated in the receiving end, with an auto-responder. So, ServerA’s POP, IMAP, etc. service received a message. ServerA then auto-responds to the sender’s domain with something like a short XML message stating the recipient’s domain, a messageID (or something from the message header), and the sender’s address. ServerB would then recognize the message format as a request for acknowledgement, process the request, and then send an ack. response. Upon receipt of the response, ServerA either deletes or processes the e-mail. Again, it would have to be done as part of the e-mail server software (like MSExchange, Groupware, etc.) or maybe an extension of the POP3, IMAP, or other receiving protocol.

    Some may complain that it would double or triple the load of an e-mail server, but I would disagree, as the majority of e-mail received is spam, and eliminating it before it has to be parsed by spam detection software would lower the load considerably, not to mention the storage aspects, and client software savings.

    Andy Brown


    Enjoy!

    A Brown

    Manage all of your backups in one simple job using this script.

  • I think usage of SPF(http://www.openspf.org/would solve much of spam.

    lp, BrankoH

     

  • SPf would help.  I don't think it is currently a part of any RFC (correct me if i'm wrong on that front) as it simply lives in the TXT field of a domain record, but I don't really care about that aspect, as long as it works 

    Re: Option 2 - this wouldn't slow down much spam either as a lot of spammers use legitimate random free accounts from services such as Hotmail, yahoo and so on.  So option 2 would still allow the spam in as the hotmail server did indeed send the message.  all we have succeeded in doing in that case is increase network traffic and slow down message delivery while the destination server awaits a reply from the sending server.  Which would also result in increased queue sizes thus increased storage capacity for the mail spool.

  • It's writen down in RFC 4408(http://new.openspf.org/Specifications).

     

  • From what I undsertand, 99% of spam is generated by 200 professional spammers - in all of the whole world. Why we can't get our hands on them and put them in jail is a mystery to me.

  • I completely agree with you here. If anyone does disagree, I would really like to hear why.

    I think the amount of network traffic would be substancially reduced because spammers would quickly find their click percentage drop to 0 as none of their email gets through.

    Of course, they'd probably stop using email and start something else.

     

  • Hunt them down with dogs I say ... They are probably the same guys that sold nukes and WMD to Iraq ...

  • I really don't think the domain check would work for a large number of users, including myself at home. I have a personal domain (.me.uk) which redirects mail to an address at whichever internet provider is being used. All email is addressed from the personal domain so no correspondant ever sees the provider domain, but all sending is done from the provider domain.

    I also act as webmaster for a club which has its own site and have a webmaster@..... address which also redirects to the provider domain. Same applies.

  • Michael,

    IMHO it's ridiculous.. only 200? Any individual that have potentially access to Visual Basic script and databases could do a simple spam application. Any guy that have enough knowledges will do that.

    Any individual which would have access to corporative databases too.

     

     

  • There is an option I read about some time ago. How about this:

    Each time you want to send an e-mail, you have to wait a couple of seconds (1, 2 or 3 should be sufficient). For you, the average user, that's no problem. You have the time to wait two seconds. If you have a bad connection, you won't even notice and if you have flatrate, you don't care.

    A spammer who sends 500.000 mails will definitely have a problem.

    Just imagine: 500.000 mails * 2 seconds = 1.000.000 seconds.

    Or 16.666,66 minutes. Or 277,77 hours. Or 11,57 days.

    For only one spam-job. That would definitely kill the spam-problem immediately. Even if they were able to split the spam-mails to different servers and what the heck - they'd still have to wait an awful lot of time. The amount of spam would definitely break down.

  • Spam is big business - these guys are making lots of $$$.  Somehow make it less lucrative for them and you'll solve the problem.

     

  • But what would stop them from having multiple connections or multiple accounts? if you use 500,000 connections you'd still get them all out in 1 second?

  • These days, I don't even mind seeing traditional unsolicited advertisements anymore. The virus worms and phishing scams are the biggest problems these days and probably comprise the majority of SPAM that is being circulated. The ideas presented here as well as SPF will definitely have a huge impact. The problem is that everyone with a mail server must invest in this technology, which could take decades.

  • Charge everyone in the world sending emails something similar to a "postage fee" in normal postal services mail.

    You can buy "stamps" from your email provider, and every email you send out, one "stamp" is deducted for each recipient in that email.

    The charge should be nominal - something like 1c per recipient.  So if I (a general email user chatting with friends and colleagues using email) send out on average 300 emails per month, with an average of 3 recipients per email, I need to buy 900 stamps for my months' emails - translating into $9.00. 

    I assume a spam-server sends out mails to millions of recipients per day, so their "stamp" bills will be millions of dollars per day.  Which hopefully prevents emails from being a cheap marketing tool anymore.  And in turn hopefully stops the whole spam business altogether.

    I will gladly pay $9 per month to never see a viagra or investment or whatever ad ever again.

     

     

  • the problem with this is what about all those forums you subscribe to to keep abreast of questions...I probably belong to a dozen different forums for various interests.

    $108 ($9 x 12) dollars more a year for something you currently get for free? people switch phone services to save ten bucks a month; cheaper always wins.

    supposed you have posted to the forums here at SSC; someone replies and you get an automated email that someone has replied. so does the other 20 people who also posted to this thread, as well as a couple dozen others who subscribed but didn't post.

    who pays the penny for that email?

    I'd bet the SSC forum sends out THOUSANDS of emails a week, by request, that has nothing to do with spam. Since it's not fair for SSC to pick up that tab, would you be willing to have to pay a couple of bucks in advance to cover any possible email postage?

    Finally, who gets the money collected for the emails? the gumbment? WHICH government? which agency? that penny fee is nothing more than a tax; if we tax email, someone will just use a different protocol to send the equivalent of email for free, and the spammers would  just update their tactics to the new protocol.

    throttling emails by ipaddress to 1 per second or something would definitely impact the spam flow, and all that would be required is an update to the SMTP engine (not the protocol or rules); an exception list of "trusted" mail servers could be used to allow business to send faster than the spam delay rule, so that some of the bigger email players like ebay, SSC or others are not adversly impacted.

    that way, MY email server might accept mail from SCC or microsoft quickly, but yours does not, until they source server gets added to the trusted list.

     

     

     

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Viewing 15 posts - 1 through 15 (of 29 total)

You must be logged in to reply to this topic. Login to reply