Charging for e-mails would kill e-mailing, and it wouldn't do a thing to stop spammers. There would still be jurisdictions out there where they'd be able to set up a server to spew the stuff, or they would simply hack into existing web servers to accomplish the task (they do this already), thereby avoiding the cost.

Its a misguided idea by people who don't understand the technology.

I'm working in a spam-killing add-on for MS Outlook. Basically it works with the following algo:

[blue]if[/blue] (unvalid_address(from_field)) [blue]then[/blue]
kill email
[blue]end if[/blue]
[blue]if[/blue] (is_spam(email)) [blue]then[/blue]
asnwer(Re-spam.txt)
[blue]end if[/blue]

So, first I check the address from where the mail comes from: if it's not valid, then it is always (in my case) something like asdfg@hotmail.com, so it's spam.
If the address is valid, but the filters detect it as spam, then I answer with a pre-made message with a 4mb file attached.
If it skips my filters and comes in, then I see it as spam and answer with the same template.
In any case, nobody wants to have the server processing an incomming e-mail message of 4mb. If everybody did something like that, spam would die ;)
If someone want to collaborate with this project, sticky me. I accept any suggestion, and share all sources ;)

Greetings,
Herenvardö, the SPAMicide

Herenvardö, how do you know where the spam comes from? You seem to think that spammers are honest folk and give their true addresses in the from field.

I'll let you into a secret: spammers aren't honest and they don't reveal their email addresses.

In any case, if you respond to a spammer, you're revealing that your adddress is live. Unless, of course, you're planning to use spoofed from fileds as well...

I think the "email stamp" or pay-for-email is a terrible idea. There are a lot of other ideas already out there for improving the SMTP protocol to cut down or prevent the abuses used by spammers. They haven't been implemented because of the impracticallity of having everyone in the world update their SMTP servers. That is, if the new protocol can accept email from the old, then it would be ineffective at stopping spam.

Implementing a pay-for-email method will essentially require an upgrade or replacement for the current SMTP protocol. And for the same reason, everyone would need to adopt the new standard at the same time. If we're going to go through the hassle, then use one of the viable, free methods.

Herenvardö, another problem with your idea is that a lot of spammers use valid email addresses as the From: line on their spam, and they picked up those email addresses from some source like a website. I see it all the time, where I get bounced emails with one of my email addresses on the line as the original sender. I'd really hate to receive 4mb files constantly because somebody was using my email address on their From: line in their spam. In fact, if that did happen, I might start to think you (or whoever was using your program) was spamming me (with huge emails I didn't request).

There's a simple way to deal with Spam, on a regulatory level, but for some reason, legislators don't seem to want to take it on. Its called "follow the money."

Basically, don't go after the spammers, go after the people who profit from the spammers. All the viagra merchants and porn sites that rely on spam as an advertising method. These aren't the people who do the spamming, but they sure are the ones who profit form it. It would be way easier to track them down and prosecute. Just follow the money. Currently, we're directing all our efforts at the people who create the spam, and its a waste of time. As long as there are people out there willing to pay some script kiddie a few hundred bucks to fire up a mass mailing program, we're gonna keep getting spam. Fine the end businesses who profit from it into oblivion, and spam will stop.

And there's legal precedence for it too. Baiscally, you prosecute people for "receiving the benefits of a criminal activity," a well established rule in RICO. Spam is, by and large, now termed a criminal activity. So go after those who receive the proceeds of the crime.

Herenvardö, how do you know where the spam comes from? You seem to think that spammers are honest folk and give their true addresses in the from field.

I don't need to konw: if it comes from a false address, then the address is not valid and I simply delete the message. But there are a lot that do not care in cloacking their address.

Also Herenvardo, as I think someone mentioned earlier in the thread, what about those that hijack other's valid email addresses to use to spam/spread viruses?

People who respond to spam (or perceived spam, as "flagged" by some software via heuristic checks), especially trying to naively "retaliate" "replying with with a 4mb attachment" are just magnifying the problem for all of us.

Just like those stupid auto-responses by some antivirus software "you have just sent me a virus, please run an antivirus sw" blah-blah, WHEN AT LEAST THE ANTIVIRUS SW AUTHORS KNOW VERY WELL THAT SENDER FROM: FIELD IS A-L-W-A-Y-S spoofed since several years.

Let me give you some perspective: Estimates are that there are over 500.000 "hi-jacked" PCs all over the world, connected via DSL or cable, which send spam and serve porn WITHOUT THEIR OWNERS KNOWING ANYTHING ABOUT IT.

Rsponding to spam is just STUPID, plain and simple. Recently I read a report that 70% of all email received by AOL is spam.

And I agree it's the biggest problem. I used to receive 50-100 spam per day, until 2001. Then it suddenly jumped to 300-500 spam per day until mid-2002 when I finally installed RBL and several procmail filters.

Long term solution: Implement some authenticated SMTP method, e.g. SPF [spf.pobox.com ]

In the meantime, use RBL (realtime block-lists) in your mail software, use forms instead of leaving your email on your webpage and inform everyone you know about using a firewall and antivirus software.

Problem is that they are so many BROKEN software, e.g. Lotus Notes, used in corporate servers, that will never get fixed. Now, if you run a server for yourself and a couple of friends, you can be as restrictive as you want. But if you have to deal with third parties extensively, as any biz does, it's not so simple.

My $0.02

Dimitris

Herenvardo, I have a collection of 60'000 (sixty-thousand) bounces collected over the last year or so, from spam sent to other people with sender addresses faked to be from one of my domains. Those are all technically valid addresses, and as a recipient of that spam, you wouldn't have the slightest chance of figuring out whether they are legitimate or "false".

Your approach of filtering is completely useless in the real world, and may easily cause damage to other people.

SPF is the only reasonable solution that I am aware of. In the mean time, smart (bayesian) filtering is a workable stop-gap measure.

have a collection of 60'000 (sixty-thousand) bounces collected over the last year or so, from spam sent to other people with sender addresses faked to be from one of my domains.

Same here, I had a joe-job on one of my hosts in one of my domains (ie fake emails of the form randomname@myhost.mydomain.tld) in February and despite removing the host from DNS asap, my server still rejected 800.000 "address unknown" bounces from all over the world.

In my estimates, the spammer must have sent maybe 20million spam emails with such addresses @myhost.mydomain.tld , of which 5m were rejected by received servers (like AOLs) as undeliverable and my server received 800k mail-delivery notifications.

Not a pretty situation I can assure you, but in retrospect, they could have used one of the hostnames I wouldn't be able to just delete from DNS to protect the rest of the network.

D

These last few posts bring to light a very good point, and one that is doing my own site a lot of damage.

With the "spoofing" of e-mail addresses that viruses and spam use, a couple of the key addresses I use for my site are being labeled as spam-addresses now by a lot of filtering software.

And it blows, because the "frontage" of my site is maybe 10% of what the domain is set up for. The rest has to do with information aggregation and transfer between writers/copywriters. So when my mails bounce because of automated filtering, it isn't because I spam, but because my address is on a lot of people's mailing lists, and thereby gets apropriated by viruses and spamware trojans. For this to happen, my own home machine or my mail server don't need to be hacked, just any one of the couple hundred people with my addy in their address book, or several thousand with it in their web cache need to be hacked.

And I get "bounce-back" all the time now from people I've never sent an e-mail too. (Its gotten a lot worse since the Netsky, MyDoom, Bagle outbreaks).

Even worse, most of the time I get no bounce back or notification at all when my e-mails don't go through, just an angry e-mail a week or so later that runs along the lines of "Where the f*ck is my info?"

wops! Thx for telling the bugs in my algo (even when I posted only a very summarized version ;)) Then I'll have to improve it.
I said

I'm working in a spam-killing add-on for MS Outlook

, so I've to continue working.
There are some ways to recognize legitimate senders and spoofed ones: if the mail server from where the message comes is h0tmail, yah0o or any other well-known public free service, then it will be probably spoofed...
But it can be even more accurate. And reading your posts I've taken a lot of ideas ;):
- Checking the e-mail body for the most common spam themes and words, such as genner1k vi@gra, with some variations, makes very easy to detect most of the spam.
- Also, in the e-mail body normally appear a lot of unsense characters... this is another good way to detect spam, but I will have to care that sometimes such sequences could make sense.
- Most of spam try to send you to some webpage... it will be good to keep a list of their URLs and to check for them (and variations) in the incomming mail. Also, the domain name in that URLs can be compared with the one appearing in the from field to check if the address is spoofed or real.

In any case, I'll tell you how do I normally deal with e-mail: Outlook dischards the most konwn spam without problems: I've put it not very agressive. I've a folder called suspicious, where are put all the messages that could be spam but also could be interesting mail, an the clean mail (from known people, for example) comes directly to the "new mail" folder. The suspicious messages are checked manually and use to be all spam.

In any case, I won't put to work the automatic response system until I'm sure it will work fine ;)

Greetings,
Herenvardö

PS: Most of the spam I get tell me that they can me 20 years younger... the funny thing is that I'm 18 :P
Would it help if I told it to spammers? ;)