On Thu, Jun 30, 2005, Uri Even-Chen wrote about "Re: A new venture - preventing spam": > Thanks for your advice, but I'm curious - how do you know? I didn't > write any details about my idea. If you don't have any details, how do > you know that it won't work?
The theoretical problem with spam prevention is that it is an arms race, the people who do it have a (large) economic motivation, and it is just an example of the broader problem of abuse of power in our society (I see a mailbox? I can stuff my ad there, so why not. I see a wall? I can write my name there, so why not. A computer will do whatever I tell it? So let's see if I can tell other people's computers to format their hard drive). However, in practice, the spam problem *can* be alleviated. And you (Uri) have a good track-record of coming up with ideas that DO WORK well (namely, speedy.co.il), so I wish you the best of luck. Spam filtering, for example, does work. Since spam started, I have received a whopping 100,000 (!) spam messages, and only about 200 got through me home-grown filters (that also use colaborative spam blacklists like RBLs and Vipul's razor). Nowadays I get about 125 spams a day (!). Without spam filtering, I would not have been able to read email at all. In addition to text-based filtering and online up-to-the-minute collaborative blacklists, there are new tricks that aim to fix the fundamental problem of SMTP mail: no authentication and no accountability, which allows not only spammers to prosper, but more alarmingly - "phishers" who are trying to defraud you. SPF is probably the best solution I know of for this problem which still keeps your plausible deniability (i.e., gpg is TOO strong) and allows communication with new people. SPF is already catching some of the spam and fraudulant emails that I get, but it will get better as more major email senders will start adding SPF records to their DNS. And of course, there are techniques which make it more "expensive" (with "postage-stamp" like payments or computationally expensive) to send email, therefore making spamming more expensive and ultimately, not worth it. Unfortunately, I view these last directions as HOPELESS, and I hope Uri that you're not going in that direction. The problem is twofold. First, if emailing is more expensive it will not just harm the spammers - it will also harm operators of legitimate mailing lists, and ISPs with large mail servers. Secondly, and more importantly: spammers have, from the start (and even more so today) relied on shifting the costs to others. They don't need to buy "postage stamps" or make expensive computations if they can break into your machine and have it do the mailing. This makes "postage stamps" out of the question (you'll just steal money from the poor victims), and "long computation" problematic (if it's too short, you'll gain nothing. If it's too long, nobody can run a legitimate mailing list). And last but not least, maybe Uri has a new trick up his sleeve? Why be so negative? -- Nadav Har'El | Thursday, Jun 30 2005, 23 Sivan 5765 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Shortening Year-2000 to Y2K was just the http://nadav.harel.org.il |kind of thinking that caused that problem! ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
