Hide Techdirt is off for the holiday! We'll be back with our regular posts this weekend.

Reverse Filtering As A Spam Solution

from the the-white-list dept

A few months back someone suggested to me the idea of using global “whitelists” instead of “blacklists” to filter spam. At the time, I didn’t think it was a good idea, because it adds an extra layer of complexity on anyone who wants to receive email. However, I’m slowly being convinced that the whitelist solution is a good one. OSOpinion is running an article suggesting such a reverse filtering solution as a way to get rid of just about all spam – without having to re-engineer the entire email infrastructure. The basic idea is that users create a “whitelist” of “allowed” email addresses that can send them email. Anyone who’s not on the whitelist receives an automated bounce, and then lets them try to add themselves by either requesting to be added to the whitelist, or perhaps just by replying with an additional piece of text (to weed out automated repliers). The article also suggests the possibility of a “global” whitelist of trusted people. This actually sounds like a reasonable solution. I know SpamCop used to offer something similar, and it doesn’t sound like this would be all that hard to create for any individual. The real issue, however, may be cultural. People might not like getting a bounce back message, and having to go through an extra step just to send someone an email (what makes them so special?). So, for it to really be accepted, it would require something of a “marketing” campaign for people to realize that this is simply the best way to deal with spam.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Reverse Filtering As A Spam Solution”

Subscribe: RSS Leave a comment
6 Comments
Chris (user link) says:

No Subject Given

I’ve got to think that the spammers would come up with a way to beat the system pretty quickly. It could work for personal email, but what about a business? They don’t want to hassle customers, potential customers, etc with something like this.
The real reason we have a spam problem is that the cost of sending spam is not incurred by the spammer. Come up with a way to charge for email and the spam problem goes away.
My idea, patent pending ;): Some sort of “registration system” on a mail server, so that mail servers would only forward mail if it knew exactly who was sending it, and had a mechanism to charge the account for the emails sent. If the ISP’s all got together and implemented something like this, legitimate businesses would soon follow, and it would be easy enough to filter “unregistered” email at the server level. Spammers would be cut out of the system. It’s almost a “class” system for email. First class email comes via a registered mail server, and it is the standard by which ISP’s operate. Anybody can simply check the “reject unregistered mail” option on their account and they will never get spam again. Legitimate businesses will send opt-in email to clients and interested parties because it will still be way cheaper than snail mail.

alternatives says:

Re: No Subject Given

It could work for personal email, but what about a business? They don’t want to hassle customers, potential customers, etc with something like this.

Given the ‘hassle’ each Microsoft customer goes through, it looks like business are willing to put up with ALOT.

The real reason we have a spam problem is that the cost of sending spam is not incurred by the spammer. Come up with a way to charge for email and the spam problem goes away.

Simple. Make the ‘ability to send you e-mail’ a contract. EULA as it were. Let the person know that each email is subject to review. Mail that has subjects attempting to sell anything, sex, (etc la) are subject to your service of email analysis. Make that fee 250-500. Then sue them in small claims court.

Your idea about the ISP chargeback is unworkable. Why? the 200-250 messages a day I get, under 10 are mail lists (I block spam with a broad brush) I should *PAY* to have mail lists sent to me? I think not. Who’s going to pay the ISP’s to manage this ‘brave new system’ of yours?

Chris (user link) says:

Re: Re: No Subject Given

Simple. Make the ‘ability to send you e-mail’ a contract. EULA as it were. Let the person know that each email is subject to review. Mail that has subjects attempting to sell anything, sex, (etc la) are subject to your service of email analysis. Make that fee 250-500. Then sue them in small claims court.

Litigating every two bit spam violation has a huge cost associated with it, both in time and in cash. Many states already have a mechanism to sue spammers. However, identifiying the spammer, getting them served, etc all takes time and money. You end up spending 20 hours to recover 500 bucks – thats $25 an hour. My time is worth way more than that. Granted, doing it a few times may reduce your spam flow – but I still don’t see the cost benefit being there.

Your idea about the ISP chargeback is unworkable. Why? the 200-250 messages a day I get, under 10 are mail lists (I block spam with a broad brush) I should *PAY* to have mail lists sent to me? I think not. Who’s going to pay the ISP’s to manage this ‘brave new system’ of yours?

If your receiving some sort of benefit from the mail list then it is perfectly reasonable that you should pay for the service. However, I believe that more likely non-profit listserv costs could be covered by some sort of universal fund, although that admittedly introduces bureacracy and costs into the system. I would envision it working something like this…
Basic ISP services – 21.95/mo
250 emails per day (send / receive) – $1.00/mo

Or however the cost would work out. The email fee would be set by the ISP – they can decide how much margin they want to make, with some percentage of that covering the costs of a non-profit assoc that is responsible for managing the authorization system. (sort of like an ARIN for email) The idea being that the cost, spread over millions of users, becomes a very minor issue for users, but it kills the financial model for spam to be on the “first class” mail network. They can set up their own mail server and spam all they want – but people paying the small upcharge to be on the first class network will never see it. The folks on Yahoo mail will probably still receive it though, although I’m sure Yahoo would quickly introduce a premium service. Given what corporate America spends on mail management already, some sort of tiered fee based on number of employees would probably be a no brainer.

todd says:

Re: Re: Re: re: pricing

I’ve been a fan of pricing on a per-email basis for outgoing mail, but for a very specific reason: it puts ISPs with open relays in a position to recover “stolen” revenue from spammers.

To clarify, if a spammer finds an open relay on psinet.com, uses it to send 10,000 e-mails, he then owes psinet.com some amount of money, say $10,000 (assuming they charge $1/email for non-subscribers; $0.01/email for subscribers).

That kind of pricing-for-crime puts a real price on spammers’ heads!

By the same token, this whitelist concept could be combined with pay-for-email pricing. Say your ISP gives you 1,000 e-mails for free (which is, IMO, about the right number — big enough it doesn’t deter real e-mail, but small enough it does deter spam). If someone goes over that number, they could be a spammer, so perhaps some penalty pricing then applies. But it doesn’t really cost your ISP any money for you to send the extra e-mails, so there is a point of discomfort with this kind of pricing model (e.g., a newsletter sender would face lots of challenges)

But, what if your ISP charged you by the bounced e-mail. You get 5 free per month (maybe 10), but then beyond that, they are $1 each for the next 10, $10 each for the next 10, $100 each for the next ten, etc.

Given that supposed spam, as reported through Spamcop or other filters, costs ISPs real money to track down and adjudicate, this ties pricing to the activity that actually costs money. In that way, it is more aligned than a pay-per-email approach.

Regardless, I believe that until there are pricing mechanisms in place, spam will persist. Once you put a “stolen revenue” number on Spam, a lot of law enforcement agencies will take notice.

Of course this is just my opinion, I could be wrong…

alternatives says:

Re: Re: Re: No Subject Given

Ok Chris. I have a AS number and my own Class C.

I am my own ISP.

How do you propose that AOL, AT&T and the rest of the world negotiate with me for mail exchange?

For the 5 messages a month that DO across AT&T, how is that worth their time to bill me, or mine to bill them?

$25 an hour to make a spammer life painful sounds a WHOLE lot better than your proposal. Because I can see a way to make the spammer’s life miserable. I don’t see how your plan is workable, and all you’ve done is handwave.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Subscribe to Our Newsletter

Get all our posts in your inbox with the Techdirt Daily Newsletter!

We don’t spam. Read our privacy policy for more info.

Ctrl-Alt-Speech

A weekly news podcast from
Mike Masnick & Ben Whitelaw

Subscribe now to Ctrl-Alt-Speech »
Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...