Where's The Backup Plan For Stopping Spam?
from the plan-B? dept
Normally, if you’re trying to solve a difficult problem, you have a few different plans. If something doesn’t work, you need to be ready to move onto plan B. I’ve been asking since the CAN SPAM bill was passed, how is the government planning to measure how successful (or not) it’s been – and what’s plan B? Now that it’s becoming increasingly clear that CAN SPAM hasn’t been even remotely successful – and has basically done nothing to slow down the rise of spam, I want to know again, what is the government’s plan B? They were so proud of themselves for passing CAN SPAM, yet they included no money for enforcement, no way to measure how successful it was, and no plan B. In other words, yet another law that makes for a good press release, and a good sound bite at election time, but does nothing to solve a problem.
Comments on “Where's The Backup Plan For Stopping Spam?”
uh, hate to be the cynic here ... but
… whatever made you think that the CAN-SPAM Act had anything to do with the government reducing spam?
This act is nothing more than a “how-to” guide for the slimeballs at the Direct Marketing Association which guides them in “best practices” for ensuring they can’t be sued by companies forced to spend thousands of dollars and man-hours stopping the theft of hard disk space and bandwidth, not to mention employee productivity.
Laws passed by any nation have no effect on the Internet anyway; laws “outlawing” spam in the United States have no effect in other countries.
The only way SPAM will ever be reduced is for the blacklist community to blackhole entire ISPs once it has been proven that they are friendly toward spammers.
Once that occurs, the price an ISP pays for not monitoring the use of its resources by its customers and enforcing its terms of service will guarantee spammers have no homes from which to operate.
I have an idea...
I have mostly stayed out of the, “what to do about spam” debates because I don’t know too much about TCP/IP and mail protocols, but I just had an idea:
What if we used a simple keyword system, where, in addition to your email address you would hand out a random sequence of characters as a passkey. This passkey would be embedded into a header field in the email. You could have as many of these passkeys as you like. Coworkers could have one, friends and family could have another. You could generate new ones for each mailing list you were on. If an email arrives without a passkey, you could safely ignore it. If a passkey is sniffed or leaked, you could change it without changing your email address.
For unsolicited emails, your web server could have a simple request system, either as a web-form or as a system like mailer daemons, wherein you could send it a request and it would email you back a one-off passkey for me. After that one email is sent, we would accept no new emails from that passkey.
This way I could still cold-email someone (by sending a request to them or their server,) and getting permission to email them, but everyone else I wanted could be preapproved.
I haven’t spent much thought on this idea, so I haven’t spotted all of the possible holes in it, but here are the advantages and disadvantages I see:
Advantages:
1) Minimal network and processor overhead.
No significant change in CPU usage as we are just checking a passkey. The only increase in network overhead would be on requests for one-off passkeys, but I think this would be more or less minimal.
2) Doesn’t require implementation at an ISP level. This scheme could be handled entirely in the client, although ISP level implementation would probably make things a bit faster and easier.
I haven’t heard of a suggestion like this yet, but if anyone is interested, I make this idea public domain, and promise not to patent it or sue anybody 🙂