Future of E-Mail 2

[gbaughma]

http://www.msnbc.msn.com/id/14855085

Based on estimates that between 50 and 75% of all e-mail is now spam, do you think there's "another method" on the horizon?

I am *so sick* of my e-mail server being harvested; I'm thinking about setting up "whitelist only" e-mail... only people who I specifically allow to e-mail me will be allowed to.

Of course, this cuts off any communication from long-lost friends, classmates, etc.

*after* going through SpamAssassin, I'm still getting 200+ e-mails per day; 197 of which are spam. Not to mention that it's killing my bandwidth.

So, what do you folks think? E-Mail 2.0? Would that solve anything? Stronger punishments and fines for *anyone* sending out UCE? What about "unlisted" e-mail addresses? Of course, that doesn't stop harvesting....

How can this be stopped? I remember a time when I would be excited to actually get an e-mail from someone... now it's a chore to "sift through" all the junk.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

http://parallel.tzo.com

 

[lionelhill]

There are things you can do. One is to throw away your e-mail address every so often, and start again.

But a definite good thing to do is to make sure that when you include an e-mail address on a website, you do it in a way that makes it hard for a machine to recognise it as an e-mail address; I get comparatively little spam, but most of what I get started only after my e-mail appeared on a web-page.
Plenty of people now quote their name and the place as two separate entites and rely on a human to join the two with an '@'. Or you could make it a picture.

 

[longhair]

gbaughma,
lionlhill's suggestion is a good one as far as how your email address looks visually when you put it in the public domain. i wouldn't go so far as to throw it away every so often. you then need to notify everyone of the new address.
as my personal isp i use earthlink and with their spam filter activated i get very little spam - perhaps about 5-10 a day actually make it through to my mailbox (and my email address is going on 15 years old). but i also report the spam that i get so they can include anything they find in their filters.
another thing that i do is have a few 'junk' (for lack of a better word) email address'. one is used for forums like this one - another is used for when i place online orders. this way if it ever gets out i'll just delete the profile from earthlink and create a new. my 'personal' email address is kept private this way.
regards,
longhaie

 

[LadySlinger]

Both longhair and lionhill have great suggestions to combat SPAM now.
- Have two email addresses, one you post publicly on the internet (forums, online orders, etc) and one that you use strictly for family and friends

- when publicly publishing your email address online, use methods such as gregATdomain.com or NOSPAMgreg@yourdomain.com

- Have the white list you talk about. Post a page that the person wishing to be on your email list can fill out and create an autoreply to this link.

- rotate email addresses every so often.

Right now this works and its a pain. I recently learned that SMTP does have a hole in the coding, BUT the only way SMTP Is going to get upgraded is if pop3 gets upgraded as well. So once SMTP gets upgraded we may see less SPAM for a while.

 

[LadySlinger]

Here, I Just read this...there might be hope after all...

http://www.darkreading.com/document.asp?doc_id=103881&WT.svl=news1_3

 

[Tarwn]

Hmm. I have something like 3-4 active email addresses and over 50 forward addresses...maybe I took the concept a bit far
Basically I have a few generics (orders, bills, etc for companies I trust) and then I create forwarding addresses for anyone I feel a little uneasy about. Anyone I truly don't trust gets a hotmail address that I go in and clean out every 6 months.

On a positive note, this system makes it very, very easy to filter email, since I can filter it on the To address instad of the from address. On the negative side it makes me look paranoid (I actually created a seperate account for my taxes ). Buthey, what else am I going to do with unlimited forwarders. If any of the accounts start picking up too much traffic I just turn it off.

 

[gbaughma]

All good points; but they still won't stop harvesting.

However, the topic was "what's the future of e-mail".

I feel like setting up my server, and giving those people that I want to contact me an address, and just blocking e-mail from the outside.

Sad part of it is, if someone *were* to start a "new" e-mail (say on a different port), it would just be a matter of time before our inboxes were filled again.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

http://parallel.tzo.com

 

[jrbarnett]

The trouble with any sort of punishments and fines is that evidence is needed to track the source back to the sender.
Under the UK data protection laws, email (and postal) addresses are classified as personal information, and as such, the unauthorised use or disclosure of them is illegal.

However, because it only applies within the EU, prosecution can be avoided by sending messages to the UK from outside the country.

There have been successful prosecutions relating to sending of junk email:

http://news.com.com/U.K.+spammer+gets+two-month+curfew/2100-7348_3-6108625.html.

To be honest though, I think that unless the protocol is changed to cost sending to make it unprofitable, there will still be a problem.
From a technical perspective, the current system allows sending to any number of recipients, with more on CC and BCC lists, and each of them can represent any number of mailing lists at the server end.
However, to restrict the number of recipients within each header or the number of recipients in a mailing list would inhibit a very useful feature of email that is only misused by a tiny number of people.

The snail mail equivalent of email capabilities is writing a letter, putting two (or more) addresses on the envelope and having the post office sort out getting a copy to each named individual. This is crazy, and until the computer equivalent can enforce this, and bill it appropriately, there will still be a problem. One of the reasons that they do it is sending spam is profitable. Remove the profit, you remove the incentive to do it.

John

 

[gbaughma]

One of the reasons that they do it is sending spam is profitable....

EXACTLY! The only way to STOP SPAM is to get consumers to STOP CLICKING ON IT.

**BUT** It has to also start from big business.

Look at:

http://www.pcworld.com/article/id,118164-page,1/article.html

... and you'll see what I'm talking about. Until companies refuse to accept leads from known spammers, and make it NOT PROFITABLE, it won't go away.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

http://parallel.tzo.com

 

[LadySlinger]

But then would we be paying a service or extra fee for the email?

Think about phone companies and back in the day if you didn't want your number listed, you paid an extra $5 per month (or some one-time fee) to keep your name out of the phone book, and potentially any telemarketer listings. Even then some telemarketers got through.
So you get a cell phone, but then you publish the number more as you use it more and then telemarketers calls.
So then we get on the do-not call list...but then only non-profits can call you for fund raisers and stuff.

So you pay all this money out of pocket just to avoid the dreaded phone calls. Yet still some leak through.

I do agree too with the USERS NEED TO STOP CLICKING ON IT mainly because one guy left here who use to actually believe that the "unsubscribe" link was legit. He left back in June...he still receives an ungodly amount of email.

Perhaps some investigative reporter needs to "expose" big businesses that do some hand holding with spammers to keep the companies a little more honest...

 

[kHz]

USERS NEED TO STOP CLICKING ON IT

It is a battle that can never be won; not as long as people really believe the IRS has sent them an email and they need information about that person.

Or anyone who believes Butterball in Nigeria needs money wired to them and they will reciprocate the gesture by giving the sender part of their $10 million.

Or their bank needs the user to update their account information via the email link sent to them.

For f*&! sake - even if you live under a rock, everyone has to be aware of the scams - and question the questionable email.

But people continue to perpetuate the scams of their own will and will continue to do so.

 

[Sympology]

Spammers are extremely clever. They play on the to most basic human flaws, greed and fear.

Send me £1000 and I'll send you a £1,000,000 in return - GREED

Send us your deatils or we'll delte your account / arrest you - FEAR

It's nothing new. It's EXACTLY how politicians work. No politiction ever got a bill through by saying "Everything's fine and always will be, but could you still sign this for another war".

Until the human race stops being greedy and paraniod, then it will always be around.



Only the truly stupid believe they know everything.
Stu.. 2004

 

[jsteph]

There was a thread here a while ago that dealt with this. The consesus seemed to be that some sort of per email fee--which seemingly had the most hope for effectiveness--would not be practical or even possible to implement.

Barring some sort of world-wide big-brother internet police that had total control over all traffic, it will be difficult to stop this at a high level, so in the near future, the low-level solutions mentioned here seem to be all we've got.
--Jim

 

[LadySlinger]

I remember that thread now Jim...looking back on it, I really disagree with the fee idea, as you still have 3rd parties involved at times within a site. I'll use amazon as an example (although I think because of how big they are they don't opperate this way). You order a rice cooker through amazon, but its really coming from some other company; Amazon is just the liason between you and that company. When you sign up with Amazon, you agree to THEIR privacy policy...but not the other companies. The other company wants to email you a confirmation receipt, in addition to Amazons. So this company has your email address and thus agree to their privacy policy. To opt out, you would have to contact the company specifically. zby then, however, how many times has your email address been sold?

It's just like the phone/telemarketers example I provided above...we may see less of it, but shelling out money is no way to stop it, just deter or slow it down.
The way to resolve this all goes back to 1)Stop clicking on any link in SPAM, and 2) We need to stop making this a profit for spammers.

 

[jrbarnett]

Going slightly off topic, but related, in the UK there are agencies that individuals can register against to stop junk email, post and telephone calls. Organisations are required to remove any details on these lists before contacting the person concerned.

The Post Office offers a "Door to Door" delivery service which lets organisations get items delivered to all houses in an area. Mostly it gets used for local shop advertisements and charity donation requests.
It is possible to opt out of this, although the means to do this isn't nearly as well known as the telephone, faxing and email preference service.

A recent story details a postman who was disciplined for telling the people on his round how to opt out of it and reduce their junk email:

http://news.bbc.co.uk/1/hi/wales/south_east/5304702.stm

A quote from the article above is "if we do not deliver this mail then rival companies will".

To turn this quote into computer terms, perhaps ISP's could limit the amount of SMTP traffic flowing through their systems from specific accounts. Obviously they could get around this by changing SMTP servers after x messages, but if enough ISP's implement this, then we'd crack down the bulk transmission ability.

ISP's could enforce the use of their own servers by limiting the addresses that they accept incoming traffic to transmit from to be their own server farm (clients use their servers).

John

 

[jsteph]

Ladyslinger,

We need to stop making this a profit for spammers.

This is true--you are preaching to the choir--but it also has it's challenges. For instance, most of the spam-products are legal. Maybe not very useful, but still legal.

The problem then becomes: who's actually buying this crap?

Human nature being what it is, I think a certain percentage of men will always think that certain 'enhancements' will fill their dance card faster than a good personality or a daily bath.
--Jim

 

[Sympology]

One way to reduce spam, would be if all ISP's had compulsory anti Virus polices. No AV, no access.

The provider I was with (currently house moving) gave away a pretty good free AV / AntiSpyware / Firewall package totally free (you could upgrade if you wanted to). They provide the updates for free, so as long as you use their service. What's in it for them? Well lower bandwidth requirements, less hardware, less cost / user, so quite a bit really. If all ISP's did this, it would massivley reduce spam, as these days, most of it is done via bot-nets.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[LadySlinger]

Bwa-ha-ha...thanks for the laugh Jim in that last sentence of yours.

Unfortuntaly too we have to touch into Affiliate Marketing when it comes to spam. I.e. if Company A that we ordered from amazon decides to email us information on the latest and greatest rice cooker, they are then targeting us based on what we bought in the past. To the average user, may be considered spam. it's not...it's call affilate marketing (or another way to legally refer to spam).

However if I start to receive emails about enhancing my male size, then that's spam...as I never bought male enhancements, nore do I ever intend to...

Stu, as nice as that sounds, the ISPs would be getting a lot of user complaints...they probably would complain that they don't want to use software provided by the ISPs, that they want their freedom of choice for AV/Firewall/Anti-Spyware. Plus they would need to go top of the line, raising the prices of internet access, and goig with a Checkpoint or Symantec solution (or higher) otherwise you wind up making yourself sound like AOL.

 

[gbaughma]

You know, in reference to AV stuff....

I mean, good LORD... I'm almost anal about keeping my AntiVirus up to date, as well as Windows Defender... then I occasionally run Trend Housecall just to get a "second opinion". If I see my hard drive going nuts when I don't think it should be, I start to look.

Are people really that oblivious that they think they don't need ANY anti-virus? (Obviously they are, or we wouldn't *have* all those spam-bots running out there).

College campuses are prime targets for spam-bots, too.... high speed network, computers always connected, etc. etc.

The other problem I see as well is that the laws are *NOT* strict enough when we *DO* catch someone writing virus software.

I remember another thread on here, where some guy who got caught spamming got 5 years... thread717-1228846 ... and others who thought that was too long.

Well, the spammer was using compromised machines. Personally, I think that people who WRITE the viruses/spambot software should be charged with X counts of criminal computer tampering, where X is the number of computers affected.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

http://parallel.tzo.com

 

[LadySlinger]

Are people really that oblivious that they think they don't need ANY anti-virus? (Obviously they are, or we wouldn't *have* all those spam-bots running out there).

I don't think its that...I believe they see the prices of some of the AV software out there and don't want to pay the price. Most don't know of AVG free version or choose some off-market software (if they choose any at all) that may not be able to up to par to prevent or deal with a lot of the viruses out there.
Others may feel intimidated with the idea of AV software, so they just avoid it because its "too complex".
Finally it could just be the everyone out there can be trusted according to these people.

Oh yea, and my favorite -a spin off topic- the little windows update button...one of my users refused to click on it because she thought that was a virus...so picture my fun when she DID get infected.