An Idea To Can Spam
from the close,-but... dept
Everyone’s got ideas these days to try to ditch spam. Here’s the latest (probably unworkable) suggestion. It says that we should rewrite the email infrastructure to require “accept” codes. Thus, when someone emails you, not only do they need your address, they also need your special code. The theory is that you only give out the code to people you trust. For mailing lists, you give out a different code to each one – and if anyone violates a code by spamming you, you turn off that code. This is similar (though, more complex) to the various services that give you throwaway addresses for spam (i.e., they let you give out multiple addresses – all of which forward to a single address. If someone abuses one of those addresses, you just turn it off). There are way too many problems with this idea to discuss them all, but any idea that begins with “first, let’s reconstruct one of the most basic parts of the internet…” is bound for trouble. This system also adds to the work every user has to do just to receive email – which is a recipe for failure. It also doesn’t say how anyone can receive email from someone they haven’t specifically given a code to. What if a friend of a friend wants to email me? Finally, what do you do when one of your trusted “codes” somehow makes it onto a spam list. There are simply too many problems with this idea to make it worth spending too much time thinking about.
Comments on “An Idea To Can Spam”
No Subject Given
I agree with the author on this. It really is a crap idea. I can see no difference between giving out your email address as it is to a “trusted” person/company and it gets on to a spamming list or if you give out your address and a code.
Trusted code or throwaway address?
The problem with throwaway addresses (and a bunch of codes would have this problem too) is that it’s way too much work to set up a new address (or code) to enter for every use. But if you reuse a particular address (eg for random registrations, or for a couple of lists), and just one source abuses it – there’s a tradeoff to be made between receiving unwanted mail, and switching off all the sources that use the throwaway address.
Say you use the address for a list, and some spam bot lifts the address. Do you then unsubscribe from the list, ditch the address and resubscribe? In theory, yes. But in practice, it’s way too much hassle.
I really think that the way to prevent spam is to have a really good filter coupled with tough legislation. And I don’t think that the legislation should just be aimed at spammers, but also at the morons who make sending spam worthwhile. Maybe that’s a bit radical, but surely spamming would become a lot less attractive if responding to it was illegal…
Although, I guess I shouldn’t complain too much since almost none of the roughly 100 spam messages a day addressed to me personally actually make it through the filter.
Its the economy stupid
The people who spam do it because the economy of sending out the spam is cheap.
Get off your asses and sue the clowns in small claims court. Make it more expensive to spam.
Re: throwaway addresses
This may be “Internet 101” for some Techdirt readers, but perhaps the newer-to-the-internet set may find it helpful.
I’ve found that owning my own domain gives me the ability to generate throwaway addresses at will with absolutely no setup time — my “catch-all” address simply routes email that is addressed to an on-the-fly address through spamcop and into my inbox.
Should I get spam from one of those e-mail addresses, I know it instantly (what’s this, firstname.lastname@example.org is sending me spam about Viagra!!!!), and can then put a redirect on my domain to spit the spam right back to the sender (or to the bastard web site that sold me out; in this example kozmo).
So best of all worlds — on-the-fly address creation, with filtering, trackability, and “back-at-you” retribution. All for $35/year.
Re: Re: throwaway addresses
One minor point worth adding perhaps: owning a domain causes a measurable increase in spam (roughly three quarters of all our spam is attributable to spam bots busily collecting whois records).
Re: Re: Re: email@example.com
>One minor point worth adding perhaps: owning a domain causes a measurable increase in spam (roughly three quarters of all our spam is attributable to spam bots busily collecting whois records).
That happened to me, when I registered my latest domain. What is interesting is that my contact email address is “firstname.lastname@example.org” Makes you wonder how much quality control goes into sending out spam.
I also get snail mail spam, well junk mail, addressed to that domain at business address. However, most of these seem to be legitimate businesses.
No Subject Given
This is a negative/hassle factor for all, not just the spammers.
I would rather see an infrastructure change where email servers test the senders email address prior to relaying so that only email with REAL from addresses are allowed period. This would at the very least add a factor of accountability where none exists.
What about PGP?
Your public key could be considered your “accept code.” Personally, I think the idea suggested in the article is quite dumb, but a comparable solution is also slready available — just delete all nonencrypted mail.
Re: What about PGP?
The *WHOLE POINT* about a public key is that it is public – it is entirely useless otherwise. So the spammers just pull your key and encrypt the mail to you.
server-side rule files
This is the solution that I use and it is the only one that really works so far. Set up some mail rules in a .procmailrc file on your ISP’s server (some ISPs do support this). It’s usually not that hard to separate the spam from real mail. The spam is bounced by the server so that it doesn’t take up their disk space or mine. See my procmailrc example at: