Proposal to end Spam for good!

[NetTuner]

looks at the history again, and the answer will be obvious, you needing to ask this gets me back to my point that you must be a newbie.

Newbie or not, sometimes it takes new ideas to get the job done. Every new idea is created by a newbie, so thanks for calling me that (I'm honored).

 

[NetTuner]

Let me ask you a question, why don't you just use a whitelist only, challenge response system for your email?

Because new customers will be contacting me all the time who may not want to spend the time going through the hoops for me to get their message. Also, after 10 years in business, I will probably have over 50,000 senders of mail, and think of large corporations and governments, they probably have millions. How much resources would you need to query and manage such a huge database? What if you switch mail server software? What if a sender on my whilelist (i.e. Network Solutions) is forged by a spammer (this has actually happened to me many times)? Think about it, after a while most people in the same industry will probably have one or more of the same domains on their whitelist, and Spammers will use them with a grin on their face.

Under my proposal, all the receiving mail server would have to do is simply make sure each message is sent from the central relay server, and if it's not, reject it. There would be no need for whitelists. Also under this plan, if you put someone on your blacklist, you are really putting them on your blacklist. Right now, you put someone on your blacklist, and they are back sending you e-mail as someone else a day (or a few minutes) later. To succeed getting their mail through under the new plan, Spammers would have only one option, to create fake ID's or impersonate someone to register (and pay for) multiple e-mail addresses and domains, which would would take a lot longer than just making up thousands of random addresses on the fly. Of course they would also be fully accountable for their actions, as their anonimity would end.

 

[theparrot]

You are absolutely right. The only thing is, all e-mail now goes through a public network that is totally accesible by everyone including the government. So e-mail you send now is not private unless it's encrypted.

you contridict yourself here it seems? you say all email is accesible, then you say unless it is encrypted right?

So right now people can use ip/sec , ssh, ssl etc to send email right? They can not do this anymore if everything must be screened by the central point?

With my proposal, everyone can send out encrypted e-mail just like they can now. The centralized system has nothing to do with the content of messages

so s/mime is out the door?

which can be protected any way possible, but only matching the senders' IP addresses to the e-mail address that the message claims it's from. So this

ip addresses are for routing not for verification.

system is no less private than the current system despite how authoritarian and totalitarian it may sound. The only thing the government and the general public would gain is the ability to trace a message to its real sender, content would not be more compromised than it is now.

sure is less private, some place to collect a list of all I send and get mail from is not less private?

 

[theparrot]

Newbie or not, sometimes it takes new ideas to get the job done. Every new idea is created by a newbie, so thanks for calling me that (I'm honored).

ah, but this is not a new idea..... the idea of central hubs/servers is just what the inet displaced....

those who do not learn from history are bound to reimpliment it, poorly

 

[theparrot]

Because new customers will be contacting me all the time who may not want to spend the time going through the hoops for me to get their message. Also, after 10 years in business, I will probably have over 50,000 senders of mail, and think of large corporations and governments, they probably have millions. How much resources would you have to query such a huge database? What if you switch mail server software? What if a sender on my whilelist (i.e. Network Solutions) is forged by a spammer (this has actually happened to me many times)? Think about it, after a while most people in the same industry will probably have one or more of the same domains on their whitelist, and Spammers will use them with a grin on their face.

I see, you can not be bothered to fight your own spam, so their oughta be a law ?


the resources in this case would be less then the worldwide database you talk off after you put in ways to fund it, and deal with the politics and they way they pad the expensives of most things.

and forgery is a different issue, with other solutions.

 

[NetTuner]

So right now people can use ip/sec , ssh, ssl etc to send email right? They can not do this anymore if everything must be screened by the central point?

Sure, why not? As long as the IP the message is sent from matches the return address (From Header) of the message, it's fine.

so s/mime is out the door?

I have no idea what s/mime is (btw, nowhere in my post did I claim to be the authority on e-mail, www, or tcp/ip), but if it's important to users, there will be a way to make it work.

ip addresses are for routing not for verification.

Thanks for the clarification, but when there is an opportunity to use them for something else, why not?

sure is less private, some place to collect a list of all I send and get mail from is not less private?

Your ISP, Hotmail, Yahoo, Web Host, etc. can already do that if they want, so having another trusted source should not make a huge difference. Perhaps part of the law could read that the entity operating such a registry is expressly prohibited from compiling any kind of profiles about senders, or do anything other than route e-mail.

 

[theparrot]

Sure, why not? As long as the IP the message is sent from matches the return address (From Header) of the message, it's fine.




I have no idea what s/mime is (btw, nowhere in my post did I claim to be the authority on e-mail, www, or tcp/ip), but if it's important to users, there will be a way to make it work.



Thanks for the clarification, but when there is an opportunity to use them for something else, why not?

because it does not provide this property, so its use for this gives a false sense of security.

Your ISP, Hotmail, Yahoo, Web Host, etc. can already do that if they want, so having another trusted source should not make a huge difference. Perhaps part of the law could read that the entity operating such a registry is expressly prohibited from compiling any kind of profiles about senders, or do anything other than route e-mail.

no, my isp, hotmail, yahoo, web host can do none of those things, if they wanted to, unless I let them.

Remember this type of law was made about SSN #'s at first as well, once the abilty is there, again history shows it will eventually be used.

If you want to fight spam I suggest you do more research and/or donate some money to people that are working on this already in ways that make more sense then your proposal.

 

[NetTuner]

no, my isp, hotmail, yahoo, web host can do none of those things, if they wanted to, unless I let them.

Remember this type of law was made about SSN #'s at first as well, once the abilty is there, again history shows it will eventually be used.

If you want to fight spam I suggest you do more research and/or donate some money to people that are working on this already in ways that make more sense then your proposal.

Thanks for your opinions, I appreciate the healthy discussion. That was the point of this post. If there is one person who wants as little government intervention as possible, it's me. Unfortunately, I predict that a true solution to Spam will be created by techies, but will eventually have to be forced by the government in order to work.

Any other opinions out there?

 

[.biz]

I like the idea and it can be implemented if Gov't supports it.

P.S. The Govt recently rejected implementing a much less far ranging and les complex so called Do Not Spam List.

The Do Not Spam List is a very very very stupid idea. Anyone who has a brain would never came out with this. It's like giving out a legitimate address to spammers and these spammers don't care about the law because most of the spamming message are already illegal. Also, those emails from Nigeria, Babedos, etc. How would the law affect them?

 

[Nodnarb]

Again, no more government intervention. Let free enterprice, and the business community figure out how to stop spam. We don't need internet stamps or taxes. The public doesn't need more regulation or something else to pay for. They do need more features from their ISP's to prevent SPAM. The business that figures out the best SPAM prevention method will make the most money solving our problems.

I like AOL's community approach to SPAM. As we AOL users "Report SPAM," AOL assembles a community database of sites that it blocks. Fair enough.

Web Site designers can use PHP/Perl modules to prevent email address mining from html pages. Some of my sites have only a "Contact us" FORM to complete, with no Email addresses posted. That helps.

I wish domain registrar's would stop posting email contact info. That would save a bunch of SPAM.

 

[NetTuner]

Again, no more government intervention. Let free enterprice, and the business community figure out how to stop spam. We don't need internet stamps or taxes. The public doesn't need more regulation or something else to pay for. They do need more features from their ISP's to prevent SPAM. The business that figures out the best SPAM prevention method will make the most money solving our problems.

I like AOL's community approach to SPAM. As we AOL users "Report SPAM," AOL assembles a community database of sites that it blocks. Fair enough.

Web Site designers can use PHP/Perl modules to prevent email address mining from html pages. Some of my sites have only a "Contact us" FORM to complete, with no Email addresses posted. That helps.

I wish domain registrar's would stop posting email contact info. That would save a bunch of SPAM.

Let me share the latest technique spammers use to harvest e-mail addresses with you. The harvesting of addresses from web pages is now old news, and has been for some time. What they do is send messages to thousands of random e-mail addresses at each domain, and ones that don't bounce are recorded as valid addresses, and used again and again, and then sold to other Spammers. That is why you sometimes get messages in Chinese that you can't understand, and wonder how they can possibly make money on you. Well, if you are seing it in your inbox, your address has already been sold to the Spam community, and you can expect more Spam to come. Of course those types of messages are always sent with all fake headers. Our proposal would stop that practice altogether.

As far as having consensus as to which senders to block, how do you decide? The IP of the mail server used, the return address, the domain name, the relay server, etc.? I am sure you could really block some senders that way, but you can also block innocent parties whose servers were either compromised or headers forged. Also, after a spammer is blocked, he/she just moves to another server, address, host, etc.. The only way to win this is to really know who is sending the messages, which can't be done without government intervention. If you think it can, let's hear how.

The problem with using mail filtering or blocking is that the more effective your solution is, the more messages spammers have to send out to make money, which eventually leads to a yet higher volume of Spam clogging up Internet traffic. Like everything else finite, there will come a time when that traffic will be too much to handle and will bring the Internet to a standstill.

 

[funkker]

yeah privacy is the question

 

[adutopia.com]

The simplest solution to spam is this.

Spam is profitable because people buy.
IF people would stop buying from spam emails. Even for one month. Then Spam would stop.

The hard part is how do you get consumers to collectively stop buying from these spams for one month.

The beauty of the internet is that for the most part it is free. I think adding this would cost companies a bunch of money, force out people who are doing this because they love there domain for a 100 different reasons.



One other note.

1) Pass legislation that requires that all email is sent through a
government sanctioned (an organization like ICANN or possibly ICANN itself)
clearinghouse which will relay all mail to its destination after verifying
the sender's identity

Right now if you own a bunch of domains, and get reported as a spammer, the registrar can shut down your site. With all the spoofing of emails, viruses, trojans
and such it would only take one complaint to shut you down. See below

The company I work for had this happen to them. ONE, I repeat one complaint and the registrar took control of there dns. This is an ecommerce site doing over 20k a day. So you can imagine what our office was like.

 

[NetTuner]

The simplest solution to spam is this.

Spam is profitable because people buy.
IF people would stop buying from spam emails. Even for one month. Then Spam would stop.

The hard part is how do you get consumers to collectively stop buying from these spams for one month.

The beauty of the internet is that for the most part it is free. I think adding this would cost companies a bunch of money, force out people who are doing this because they love there domain for a 100 different reasons.



One other note.

1) Pass legislation that requires that all email is sent through a
government sanctioned (an organization like ICANN or possibly ICANN itself)
clearinghouse which will relay all mail to its destination after verifying
the sender's identity

Right now if you own a bunch of domains, and get reported as a spammer, the registrar can shut down your site. With all the spoofing of emails, viruses, trojans
and such it would only take one complaint to shut you down. See below

The company I work for had this happen to them. ONE, I repeat one complaint and the registrar took control of there dns. This is an ecommerce site doing over 20k a day. So you can imagine what our office was like.

Ah, but the beauty of our proposal is that there would be absolutely no way to spoof anyone's domain or e-mail address. Therefore this type of abuse would end, and so would Spam!

 

[LeadTransfer]

There is always a way! Spam will always be around, as getting junk in your mail at home or getting annoying phone calls. People can implement whatever they want but it will not stop it. Do the police stop crime?

 

[legal]

A registrar taking control of a domain for one complaint that you didn't even get a chance to defend right?

Sounds like GoDaddy

There's several CRIMINAL complaints in AZ about GoDaddy due to their 'spam' policy

It's not a spam policy, it's BLACK MAIL

Anyone complains to them you have content they don't like or that you sent them email (even through an opt in email list) they will pull your domain name

They give it back after one offense, provided you PAY THEM A RANSOM FEE

There is nothing in Icann to give them this power

There's a class action forming over it

If you want more info PM me

Spam sucks, but GoDaddy is trying to force larger domain name owners to pay huge fees if anyone ever makes even one complaint

If you use GoDaddy, you better find a new registrar if you plan on using your domains

Their CEO is ex Military and he founded some bible software program years ago

He's on a crusade to clean up spam, you're guilty if you get even one complaint, warranted or not

I tried to put this info in the Wild West section, but the owner of the board removed it, that's his choice

Wild West is part of Godaddy and the one complaint and you lose your domain UNTIL YOU PAY OUT is what GoDaddy is doing

GoDaddy is losing accounts over this

Since someone mentioned the tactics GoDaddy is using, I thought this was a thread to warn others of GD and WW

The owner said I could put this info in other places outside of their offer for you to join WW

WW and GD needs to be avoided like the plague in my opinion

DNF doesn't need them and there are other companies to partner with that aren't ripping innocent people off

So consider it a heads up on WW and GD

 

[jberryhill]

There is nothing in Icann to give them this power

So what. If you don't like the terms of their registration agreement, then use another registrar.

 

[legal]

Their TOS doesn't give them such a right either. I have a problem with them. I don't like the way they operate. I moved hundreds of domains from them when I found out what they do.

They send you links saying you agreed to this or that, and guess what the links are not in their TOS. They are commiting blatant fraud.

They are bullying people around, some deserve it some don't.

Anyway, letting others know what they are doing is my right.

And I hope others do use other registrars once they find out what GD and WW does.

Their abuse of power is not in their TOS and Icaan doe not authorize such abuse.

If you had hundreds or thousands of names with GD would you want to know they are doing this stuff?

 

[jberryhill]

Their TOS doesn't give them such a right either.

I suggest you read Section 7 "restriction of services; right of refusal" of the GoDaddy registration agreement:

http://www.godaddy.com/gdshop/legal...&se=+&from_app=&prog_id=GoDaddy&pageid=REG_SA

[...]

Go Daddy may also cancel the registration of a domain name, after thirty (30) days, if that name is being used in association with spam or morally objectionable activities. Morally objectionable activities will include, but not be limited to: activities designed to defame, embarrass, harm, abuse, threaten, slander or harass third parties; activities prohibited by the laws of the United States and/or foreign territories in which You conduct business; activities designed to encourage unlawful behavior by others, such as hate crimes, terrorism and child pornography; activities that are tortious, vulgar, obscene, invasive of the privacy of a third party, racially, ethnically, or otherwise objectionable; activities designed to impersonate the identity of a third party; and activities designed to harm minors in any way.

If you had hundreds or thousands of names with GD would you want to know they are doing this stuff?

If I had hundreds or thousands of names with GD, I would certainly have looked at their registration agreement before saying it doesn't allow them to do exactly what you object to them doing.

 

[dtobias]

I've got some domain registrations with GoDaddy, and don't use them intentionally for spamming or anything else illegal or immoral that I know of, but that clause is still rather scary... it seems like they could cancel my domains based on highly subjective criteria any time they felt like it.