use Perl

• I've brought up similar thoughts myself.. (Score:1)

  by WebDragon (1204)

  I'd talked about this earlier in a post to use perl: Pandora Awakens [perl.org].

  Another thought I have had run through what passes for my brain, is that we've certainly spent a whole lot of time tracking down the spammers themselves.. but they are NOT THE HEART OF THE PROBLEM! The heart of the problem is the people and companies paying the spammers .. Anything that actually goes after the companies hiring the spammers in the first place, would make far more sense and I think, be a much more serious deterrant.

  But
  • Re:I've brought up similar thoughts myself.. (Score:2, Insightful)

    by chromatic (983)

    I also agree that the present e-mail system has got to go and preferably be replaced by something far more secure.

    What, specifically, are you going to throw out?

    Much of my job requires being able to receive e-mail from people I don't know yet. A fair chunk of my job means sending e-mail to quite a few people. I want both to be possible with a minimum of fuss!

    Just about every system I've seen proposed seriously has had flaws that would make it much more difficult for people like me to do our jobs.
    • Re:I've brought up similar thoughts myself.. (Score:2)

      by pudge (1)

      If we do keep email (sigh, I can dream!), my thoughts run along the lines of being strict in how SMTP servers are authorized to speak to other servers, sorta like an SSL certificate. If you want to send email to me, you need to send it through an SMTP server that you are authorized to send through, that is certified to talk to another server, etc.
      
      If your SMTP server is used for spam, its certification will be revoked. You can seek certification elsewhere of course.
      
      This system is similar to what we have
      • Re:I've brought up similar thoughts myself.. (Score:2)

        by Dom2 (2981)

        You would be thinking of the recent AMTP [bw.org] proposal? It's flawed, because it doesn't discuss the PKI aspect of using certificates.

        -Dom
        • Re:I've brought up similar thoughts myself.. (Score:2)

          by pudge (1)

          I was thinking of no specific proposal, but yes, something along those lines.
      • Re:I've brought up similar thoughts myself.. (Score:2)

        by Matts (1087)

        Spammers currently use stolen credit cards to buy services. They hijack the computers of innocent victims to send their stuff. They sell illegal goods.
        
        What makes you think they won't extend that to bulk buying certificates? Or hijacking someone else's certificate (as is already happening with some of the smarter open proxy spammers)?
        
        A certificate based email system only hurts the innocent. People like me who run their own SMTP server but can't afford a cert.
        • Re:I've brought up similar thoughts myself.. (Score:2)

          by pudge (1)

          What makes you think they won't extend that to bulk buying certificates?
          
          I see no reason any certificates would need to be "bought" in the first place.
          
          Or hijacking someone else's certificate (as is already happening with some of the smarter open proxy spammers)?
          
          Then those certificates get revoked, and you come up with better methods to prevent such hijacking.
          
          • Re:I've brought up similar thoughts myself.. (Score:2)

            by Dom2 (2981)

            Anybody who thinks that certificate revocation is possible using the current infrastructure should spend a long time reading Peter Gutman's homepage [auckland.ac.nz].

            -Dom
    • Re:I've brought up similar thoughts myself.. (Score:2)

      by ziggy (25)

      Just about every system I've seen proposed seriously has had flaws that would make it much more difficult for people like me to do our jobs.

      Does that include SPF and AMTP? What's wrong with them?
      • Re:I've brought up similar thoughts myself.. (Score:2, Interesting)

        by chromatic (983)

        My comment was ambiguous. I distrust every proposal I've seen for replacing SMTP. SPF goes a long way to solving the real problem: spoofing.

        (By identifying spoofed senders easily, server-side filtering can drop messages. If spammers can't spoof anymore, they can be traced. That's when fraud charges come in.)
• Spam is not email (Score:2)

  by rafael (2125)

  Suppressing email won't suppress spamming. As long as you have publicly available contact information, allowing people you don't know to leave you a message directly and cheaply, you will get spammed, no matter what the media is. The only way to cut it down is to make it expensive (in time, space, CPU or money) to send bulk messages.
  • Re:Spam is not email (Score:2)

    by pudge (1)

    The only way to cut it down is to make it expensive (in time, space, CPU or money) to send bulk messages.
    
    If you are talking about pay-to-send email, then that will effectively kill email as a killer app. Kill email to save it? I think not.
    • Re:Spam is not email (Score:2)

      by rafael (2125)

      "Expensive" has many meanings. I a spammer has to deploy huge resources in CPU or connectivity to send thousands of messages, spamming won't be an effective business anymore. It works with the current model of email because all the difficult work is done by the mail relays -- they work out which messages are deliverable or not, they route them, they bounce them, etc. etc. but the spammer may as well stick random characters in his To: and From: fields. Impose some constraint on those fields and spamming will
      • Re:Spam is not email (Score:2)

        by pudge (1)

        Yes, I am all in favor of making it harder/more expensive. I am just unwilling to extend that to an actual bill for sending email for normal users, even if it is only a "small amount," which is, in my experience, normally what people mean when they talk about making email "expensive" for spammers.
        
        Also -- not that I feel bad for these people -- but who is going to pay the bill for virus spams, if we have pay-to-send email? People who are unwittingly sending out thousands of emails a day are not going to w
        • Re:Spam is not email (Score:2)

          by rafael (2125)

          OTOH if spamming via mail becomes less effective, will this open the door to comment spam [incutio.com] ?
          • Re:Spam is not email (Score:2)

            by pudge (1)

            Yes. But that is easier to control, on a given site. For Slash, we could add a Spam moderation reason, and use Bayesian analysis -- once those moderations are meta-moderated to be Fair -- to recognize future Spam comments.
      • Re:Spam is not email (Score:1)

        by drhyde (1683)

        Have you read about Hashcash [hashcash.org]?
  • Re:Spam is not email (Score:2)

    by jdavidb (1361)

    Actually, I find slash-style moderation to be the most effective method of separating wheat from chaff. I love slash message boards far more than email for communication, for this reason. There's all kinds of spam and trolls on slashdot, but I never see them because I browse at +4.

    --
    J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
    • Re:Spam is not email (Score:2)

      by rafael (2125)

      For informal discussion, slash has proven to be more effective than, say, Usenet. But I mainly use email for getting work done; that involves archiving, attachments (patches), search, classification, off-line availability, etc.

      On the other hand I read lots of perl.org mailing lists via NNTP -- the ones that I don't need to archive or search carefully. NNTP newsgroups, requiring some authentication to post, would be an effective replacement to SMTP mailing lists, if the From: header is carefully replaced by
      • Re:Spam is not email (Score:1)

        by drhyde (1683)

        Slash more effective than Usenet? Maybe for you, not for me. I still use Usenet every day, and I see little in the way of spam or other abuses. I find Usenet far easier to use than Slash-based websites. No doubt it depends to a large extent on the groups you read.
• "Freedom of Speech" must die... (Score:2)

  by jhi (318)

  I think one fundamental reason why FBI hasn't already descended upon Baton Rouge in black helicopters isthe "direct marketing" lobby in DC who says that it is their constitutional right to take up my time and my disk space and my network bandwidth.
  
  • Re:"Freedom of Speech" must die... (Score:2)

    by jhi (318)

    Uhhh. Sorry, Louisiana... I meant Boca Raton. It really is Friday, earlier today I called what is commonly known as "blue" as "red"...
    
  • Re:"Freedom of Speech" must die... (Score:2)

    by pudge (1)

    Yeah, but the number of politicians who accept this lobby's money^Wline of reasoning is rapidly shrinking, as literally everyone who is online is being deluged by this menace. There's widespread support for SOME legislation to curb the tide ... though we've still yet to see any significant action.