Reverse Filtering As A Spam Solution
from the the-white-list dept
A few months back someone suggested to me the idea of using global "whitelists" instead of "blacklists" to filter spam. At the time, I didn't think it was a good idea, because it adds an extra layer of complexity on anyone who wants to receive email. However, I'm slowly being convinced that the whitelist solution is a good one. OSOpinion is running an article suggesting such a reverse filtering solution as a way to get rid of just about all spam - without having to re-engineer the entire email infrastructure. The basic idea is that users create a "whitelist" of "allowed" email addresses that can send them email. Anyone who's not on the whitelist receives an automated bounce, and then lets them try to add themselves by either requesting to be added to the whitelist, or perhaps just by replying with an additional piece of text (to weed out automated repliers). The article also suggests the possibility of a "global" whitelist of trusted people. This actually sounds like a reasonable solution. I know SpamCop used to offer something similar, and it doesn't sound like this would be all that hard to create for any individual. The real issue, however, may be cultural. People might not like getting a bounce back message, and having to go through an extra step just to send someone an email (what makes them so special?). So, for it to really be accepted, it would require something of a "marketing" campaign for people to realize that this is simply the best way to deal with spam.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
The real reason we have a spam problem is that the cost of sending spam is not incurred by the spammer. Come up with a way to charge for email and the spam problem goes away.
My idea, patent pending ;): Some sort of "registration system" on a mail server, so that mail servers would only forward mail if it knew exactly who was sending it, and had a mechanism to charge the account for the emails sent. If the ISP's all got together and implemented something like this, legitimate businesses would soon follow, and it would be easy enough to filter "unregistered" email at the server level. Spammers would be cut out of the system. It's almost a "class" system for email. First class email comes via a registered mail server, and it is the standard by which ISP's operate. Anybody can simply check the "reject unregistered mail" option on their account and they will never get spam again. Legitimate businesses will send opt-in email to clients and interested parties because it will still be way cheaper than snail mail.
[ link to this | view in thread ]
Re: No Subject Given
Given the 'hassle' each Microsoft customer goes through, it looks like business are willing to put up with ALOT.
The real reason we have a spam problem is that the cost of sending spam is not incurred by the spammer. Come up with a way to charge for email and the spam problem goes away.
Simple. Make the 'ability to send you e-mail' a contract. EULA as it were. Let the person know that each email is subject to review. Mail that has subjects attempting to sell anything, sex, (etc la) are subject to your service of email analysis. Make that fee 250-500. Then sue them in small claims court.
Your idea about the ISP chargeback is unworkable. Why? the 200-250 messages a day I get, under 10 are mail lists (I block spam with a broad brush) I should *PAY* to have mail lists sent to me? I think not. Who's going to pay the ISP's to manage this 'brave new system' of yours?
[ link to this | view in thread ]
Re: No Subject Given
Litigating every two bit spam violation has a huge cost associated with it, both in time and in cash. Many states already have a mechanism to sue spammers. However, identifiying the spammer, getting them served, etc all takes time and money. You end up spending 20 hours to recover 500 bucks - thats $25 an hour. My time is worth way more than that. Granted, doing it a few times may reduce your spam flow - but I still don't see the cost benefit being there.
Your idea about the ISP chargeback is unworkable. Why? the 200-250 messages a day I get, under 10 are mail lists (I block spam with a broad brush) I should *PAY* to have mail lists sent to me? I think not. Who's going to pay the ISP's to manage this 'brave new system' of yours?
If your receiving some sort of benefit from the mail list then it is perfectly reasonable that you should pay for the service. However, I believe that more likely non-profit listserv costs could be covered by some sort of universal fund, although that admittedly introduces bureacracy and costs into the system. I would envision it working something like this...
Basic ISP services - 21.95/mo
250 emails per day (send / receive) - $1.00/mo
Or however the cost would work out. The email fee would be set by the ISP - they can decide how much margin they want to make, with some percentage of that covering the costs of a non-profit assoc that is responsible for managing the authorization system. (sort of like an ARIN for email) The idea being that the cost, spread over millions of users, becomes a very minor issue for users, but it kills the financial model for spam to be on the "first class" mail network. They can set up their own mail server and spam all they want - but people paying the small upcharge to be on the first class network will never see it. The folks on Yahoo mail will probably still receive it though, although I'm sure Yahoo would quickly introduce a premium service. Given what corporate America spends on mail management already, some sort of tiered fee based on number of employees would probably be a no brainer.
[ link to this | view in thread ]
re: pricing
To clarify, if a spammer finds an open relay on psinet.com, uses it to send 10,000 e-mails, he then owes psinet.com some amount of money, say $10,000 (assuming they charge $1/email for non-subscribers; $0.01/email for subscribers).
That kind of pricing-for-crime puts a real price on spammers' heads!
By the same token, this whitelist concept could be combined with pay-for-email pricing. Say your ISP gives you 1,000 e-mails for free (which is, IMO, about the right number -- big enough it doesn't deter real e-mail, but small enough it does deter spam). If someone goes over that number, they could be a spammer, so perhaps some penalty pricing then applies. But it doesn't really cost your ISP any money for you to send the extra e-mails, so there is a point of discomfort with this kind of pricing model (e.g., a newsletter sender would face lots of challenges)
But, what if your ISP charged you by the bounced e-mail. You get 5 free per month (maybe 10), but then beyond that, they are $1 each for the next 10, $10 each for the next 10, $100 each for the next ten, etc.
Given that supposed spam, as reported through Spamcop or other filters, costs ISPs real money to track down and adjudicate, this ties pricing to the activity that actually costs money. In that way, it is more aligned than a pay-per-email approach.
Regardless, I believe that until there are pricing mechanisms in place, spam will persist. Once you put a "stolen revenue" number on Spam, a lot of law enforcement agencies will take notice.
Of course this is just my opinion, I could be wrong...
[ link to this | view in thread ]
And what about security?
[ link to this | view in thread ]
Re: No Subject Given
I am my own ISP.
How do you propose that AOL, AT&T and the rest of the world negotiate with me for mail exchange?
For the 5 messages a month that DO across AT&T, how is that worth their time to bill me, or mine to bill them?
$25 an hour to make a spammer life painful sounds a WHOLE lot better than your proposal. Because I can see a way to make the spammer's life miserable. I don't see how your plan is workable, and all you've done is handwave.
[ link to this | view in thread ]