OK, I was thinking of ways to stop spam, and I think I have a few ideas. Of course, one of the best, most practical way today is simply to use a service like Mailshell (www.mailshell.com), which lets you just make as many addresses as necessary, and then sends them all to your real address. I used to get a ton of spam, then I changed my address, and I'm careful who I give it to, so I don't get any spam. But if I did start to get any, I'd get MailShell in a heartbeat (no, I'm not affiliated with them, or anything). Still, here are some of my musings:

-How do spammers make money? In the end, it's from two sources: selling addresses, and from people who buy their products. Selling addresses wouldn't really be lucrative if no one bought products from spammers, so how can you stop people from buying products from them? How about a mass media comapign, telling people to, whatever they do, not buy anything from spam ads? The main problem I can see with that (besides getting funding, of course if you got a few companies like AOL and MS together, it wouldn't really be a problem anymore) is that spam only has a purchase amount of like 1/1000 recipients, if that many. That means that it'd be very difficult to reach these people who respond to spam, and on most people it'd be wasted. Still, it may help to make spam less lucrative, maybe even a lot less.

-I remember a while back, I saw a service that blocked spam based on whether your email had false headers. Basically, the idea being that virtually all spam has false headers, and all legit mail has legit headers. It sounds interesting, and in concept it could really work, with extremely low false positive/ false negative rates. Could this actually work, or could spammers be able to trick it?

-A simple idea, which may be done already. You have these programs that filter spam using AI, which as opposed to simple rule-based filtering, determines the probability of a message being spam, right? It's reasonable to assume that most false positives would have a high probability of being legit, but not high enough to get past the filter. So, instead of only either deleting spam or putting it in your inbox, why not have a "possible spam" list as well? Maybe put it on the side, like an MS Office Task Pane, so you can ignore it, or scan it for email when you have the time? This would also let the program have more strict filtering, since having false positives would be less important (assuming most of them go in that list).

Well, that's all I have for now. Any other ideas?

That means that it'd be very difficult to reach these people who respond to spam, and on most people it'd be wasted. Still, it may help to make spam less lucrative, maybe even a lot less.
I have to disagree on this one. There's always a loser. Why else do we get telephone calls and junk mail, as well?

-I remember a while back, I saw a service that blocked spam based on whether your email had false headers. Basically, the idea being that virtually all spam has false headers, and all legit mail has legit headers.
This used to be a very simple way of doing it, and a number of spam checkers do catch false headers. However, spammers are getting better at using legitimate, yet useless headers.

-A simple idea, which may be done already. You have these programs that filter spam using AI, which as opposed to simple rule-based filtering, determines the probability of a message being spam, right?
Already done using Bayesian learning. See Paul Graham's "A plan for spam" (http://www.paulgraham.com/spam.html).

SpamAssassin (www.spamassassin.org) already does the second and third things on your list, and does them very well. 95%+ of my spam is trapped. Note that it's a UNIX solution, although there are Windows implementations.

There are also many other strategies that have been already done, such as Vipul's Razor/CloudMark which computes a digest of the message (i.e., a relatively unique signature) and compares it against a database of known spam.

However, of your suggestions, only the first one really gets at the root of the problem. Legislation will also help. The real permanent solution would be to rearchitect how Internet-based email (e.g., SMTP) works; right now, the recipient pays for the message (in terms of storage, etc.) -- if the sender had to pay, it would shift the economics and solve the problem more-or-less automatically (i.e., reduce it to the cost of junk fax, junk phone calls, junk snail mail). This is not going to happen soon, however.

--janak

I've read about some of that legislation and the optimist in me has hope that this will work.

However I have also read that this legislation still allows for unsolicited contact in certain cases.

I personally would LOVE to see it made illegal to sell a mailing list.

That means that it'd be very difficult to reach these people who respond to spam, and on most people it'd be wasted. Still, it may help to make spam less lucrative, maybe even a lot less.
I have to disagree on this one. There's always a loser. Why else do we get telephone calls and junk mail, as well?

No, I guess I wasn't clear. :) I meant that, since most people don't respond to spam anyway, most anti-spam ads would be wasted, since almost every reader would already not buy from spam.
It'd be very difficult to reach those people who do buy from spam.
However, if we can reduce the number of people who buy from spam (I really don't think we could eliminate it, of course), spam could become less lucrative, and less people would spam. Of course they could simply spam people more, to reach that ever-shrinking population of people who do buy spam products. So it could kind of go both ways. :)

I don't think legislation would be very effective. For one thing, most spammers would be hard to find. And even if we could find all the spammers here, they could just send their operations overseas, where it wouldn't be illegal. And even if most countries enacted similar anti-spam laws, they could just go to third-world countries where laws are often not enforced, like many African countries.

Besides my first idea (the anti-spam ads), I only really see three ways to end spam:

-Make the spammer pay. This could be where people have to actually pay for "e-stamps", which can maybe be refunded by the recipient. They could also have the mailer's PC perform a short mathematical calculation, which wouldn't matter for people sending a few letters, but would cost a lot of time for a spammer. And legit organizations could obtain "permits" to send mail without the calculations. This could have real problems though, as in, who decides who gets the mass-mailing permits and who doesn't? This method really relates to my second way to end spam--

-Make a new email system. Completely rewrite it, so it's extremely difficult to impossible to forge headers (if that's possible). I can't really think of any other specific ideas for this new network, other than just making it really hard to forge headers, and maybe somehow authenticating email. But some implementation of this new system could perhaps stop spammers.

-Mass adoption of services like MailShell. Most people wouldn't have to deal with spam in the first place. And since spammers' email lists would have mostly invalid (temporary) addresses, they'd be very hard to sell. The main problem, as I see it, is that those services can get more "involved" than many people would want to get, especially those who don't get much spam to start out with, so that may slow mass adoption.

I don't think legislation would be very effective. For one thing, most spammers would be hard to find.
But I don't think the worst ones are hard to find. There's been numerous reports about them in the last few years.

And even if we could find all the spammers here, they could just send their operations overseas, where it wouldn't be illegal.
Yes, this might be a problem. We'll have to see. :)

-Make the spammer pay.
Right. The problem is, this won't work with the current email system. There *are* third-party volunteer solutions, though, although I don't know how effective they'll be.

-Make a new email system. Completely rewrite it, so it's extremely difficult to impossible to forge headers (if that's possible).
It is, but not easy. You'll have to use things like digital signatures to ensure the destination is legitimate. This is an active area of research, but no one has been able to solve the "but it'll be hard" problem.

-Mass adoption of services like MailShell. Most people wouldn't have to deal with spam in the first place. And since spammers' email lists would have mostly invalid (temporary) addresses, they'd be very hard to sell.
I agree with you, though, in the labor-intensive solution. While we can do this, we shouldn't have to. :)

If you're bored, check out CAUCE (www.cauce.org). The good news is that there's a lot of people working towards solutions out there.

--janak

But I don't think the worst ones are hard to find. There's been numerous reports about them in the last few years.
You're right, a lot of spammers have been publicized recently. Of course the smaller ones haven't been publicized, but since they say 90% of spam is sent by about 200 people, we wouldn't have to find that many people. So I agree. :)


It is, but not easy. You'll have to use things like digital signatures to ensure the destination is legitimate. This is an active area of research, but no one has been able to solve the "but it'll be hard" problem.
It does show promise, though.

I agree with you, though, in the labor-intensive solution. While we can do this, we shouldn't have to. :)

MailShell actually isn't that bad, but I agree that you shouldn't have to use it at all...