Complaining About Spam
Dean
I've had people tell me not to complain about spam, if I don't like it I can just hit the "delete" button.
I'm often amazed at this attitude. Is it that some folks are just lucky?
I have a folder set aside to catch spam. It currently has 3,108 pieces of spam in it, all from the last 30 days. That is an average of over 110 pieces of spam per day--and that's the stuff that's caught automatically. I still get between 10 and 30 pieces every day that I have to delete by hand.
I have a hard time taking the "just delete it" line seriously when that much of my time and energy is taken up fending off spam. This isn't free speech, it's harassment.
I've long thought there was one easy fix for the problem though: those who run mail servers ought to set up protocols that verify that a piece of mail has a legitimate and working return address. Yes, it would add to the overhead of mail processing servers, but at this point it couldn't be much more effort than dealing with the glut of spam infecting systems all over the world, could it?
One simple technique that works quite well is for your mail server to wait 30 seconds or so to send its SMTP "ready to receive mail" prompt and to disconnect and temporarily ban (for, say, 24 hours) any server that sends anything before the server sends the prompt. Most spam is sent by infected Windows boxes with really simple SMTP servers that have a goal of sending mail as quickly as possible. Thus they'll either time out or jump the gun with this kind of server behavior at the receiving end. Whereas legitimate mail servers that have been developed to deliver mail reliably will reliably wait for the prompt like the RFC tells them to. This results in a 30-second delay for the receipt of mail, but that's a small price to pay for cutting your spam in half.
Blacklisting also works well when combined with a challenge-response (i.e., if you are sending through a server that recently was reported as a source of spam, you have to resend your message to a special address in order to get through). I also have a special e-mail address for my whois that only lets mail from my registrar through (everyone else gets the resend notice). I've been ready to change the "resend" address for ages, as I'm actually sending it back to everyone who spams it and if any spammer actually did resend their spam they'd be on my whitelist and would be able to spam me anytime -- but nobody has!
Most days I do not get any spam in my inbox at all; it is all blocked on my server, much of it before the mail is actually sent.
--|PW|--
Although I have pretty much resolved any problems with spam for my own purposes, I realize it takes a toll in bandwidth across the net. But I don't know what can be done about it.
When I'm out of the office at work I turn on my autoresponder with full knowledge that spammers love it.
Bryan: I use Gmail.
If they tell you to just delete, ask what they would think if you forwarded all the spam to them. If they don't want it, ask them why not? And if they stick to their guns, actually forward a day's worth to them. I'll bet they'll cry uncle.
No more DEL key. No more spam. Works for me.
Arnold Harris
Mount Horeb WI
TMDA is one example of software that does this.
I used TMDA for a while, but recently gave up on it. Reason: the confirmation messages are just too annoying for everyone else. See, for example, this criticism.
Unfortunately, the process you describe is extremely unlikely to happen, because most mail server admins are paranoid about leaking mail addresses to spammers.
There's something else, called greylisting, that works in a similar manner to what Jerry suggested. Basically, any unfamiliar SMTP server is given an error the first time it tries to deliver mail that indicates that your server is temporarily down, and continues to do so for a short time afterwards. Most spam/virus/zombie boxes don't do true queueing and retries, so they just disconnect and go to the next one; proper servers, however, will queue the mail and retry, at which time the mail is delivered.
When the SMTP server sends mail, it contacts the POP server and says, "I have an email for you--and I verify that the sender is a legitimate account on my system."
The POP server accepts the mail, then sends a separate contact back to the same SMTP server and says, "Did you just send me a letter from so-and-so?" If the sending server doesn't acknowledge the account, it discards the mail.
Of course extra security work needs to be done. The sending server could say "No I don't have any such account" or it could just say, "No, I haven't sent you any mail in the last X minutes, I don't know wht you're talking about."
No, this would not stop all spam. But it would cut it down vastly, and would empower spam recipients to demand that certain senders go away, or delete with prejudice from that address or even that entire domain.
This would increase bandwidth requirements obviously but at this point it can't exceed what the spam itself is doing.
There are a number of proposals out there to do things very similar to what you describe, and it's widely agreed by the technical experts that they'd help tremendously with the problem. In particular, Microsoft and AOL both have proposals on the table, and both of them look pretty decent from where I sit, although they are technically different and, of course, incompatible.
In case you didn't know, Bill Gates' e-mail account gets over four million spam messages each day, enough that Microsoft has an entire team devoted just to cleaning the spam out of his mailbox. Steve Ballmer (#2 at Microsoft) gets about 2 million a day, too, so they've definitely got an incentive to get on the problem.
The problem is that an approach like that only really works if everybody (or a significant portion of everybody) adopts it, and it's radically different from the wide open protocol currently used by every e-mail program on the planet. That's why there hasn't been any software based on it yet - they're trying to hammer out an agreement on a standard so that they can convert everybody over to it. Even then, it's going to take some time to filter down the chain.
The problem of spam is a natural result of taking a small network that was originally only open to professionals (and designed by and for people who wanted everything to be easy, from a technical standpoint) and scaling it up to the masses. However, I really do think that a technical solution isn't too far off. Have hope and hang in there!
Oh, and I feel your pain - my spam bucket is about as bad as yours.
I see something like this being adopted pretty quickly if it's an open standard. Because an awful lot of us will move very quickly to adopt it--and yes, we'll just happily live with the fact that it means some people can't email us anymore. At this point I hate spam enough that I'm willing to forego getting mail from anyone on a non-secure--i.e. irresponsible--mail server. I'm sure there are millions like me.