What if your mail client, silently and in the background, fetched every URL that appeared in a spam message? Indeed, what if it did it a hundred times? And everyone else’s did the same? The bandwidth costs of spammers would go through the roof. Oh, and your modem attached to your PC would autodial any free 800-style numbers, to drain the spammer’s business further.
I guess the fatal flaw is that you can’t be certain each URL or phone number is the spammer’s. So just like the inclusion of random standard innocent texts in spam to defeat Bayesian filters, spammers would start to include random third party links and numbers, making the social cost unacceptable.
Oh well.
UPDATE: And another fatal flaw is that spammers have taken to using hijacked PCs etc. as the front ends to their web sites. At least the idea isn’t as stupid as Microsoft’s, which is to pose computationally expensive mathematical problems to mail servers before accepting a message (causing excessive CPU cost). All that does is kill every mailing list on the planet.
PS - See my original essay on the true solution to spam here…
Posted by Martin Geddes at 02:14 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/102.
Curious, what are your thoughts on this guy's approach to facilitating mailing lists? In a nutshell, he proposes that the answer to the "computationally expensive puzzle" be made invariant to the sender's IP address.
http://www.w3.org/2003/10/acquaintance-protocol/
(see esp. the section "Mailing Lists")
-S
Posted by: at January 26, 2004 08:13 PMErrr, it's totally stupid. Here's why. So you impose a computational 4-minute penalty the first time a mailserver tries to contact me. And then, for convenience, you always allow unhindered messages from that server to me. So you aren't adding overhead to every spam message, and their claims are therefore rubbish. All it takes is 4 minutes to become a permanent spam nuisance again, and that cost can be amortized over all spams subsequently sent. The more spams, the lower the cost. Not the incentive you were aiming for.
Plus it makes a mass mailing from a new legitimate sender uneconomic. What if a government agency computerizes a system and wants to swiftly send out a few million messages? Bad luck. What if Coke run a prize campaign and want to tell everyone if they won or lost? Oh dear, sorry, too expensive to send all those messages in a reasonable time frame.
Even worse, it would actually encourage more spam. Even if it worked and diminished the amount of penis extension and mortgage fraud spam, the rest that got through would be even more lucrative. Even at one cent her 'hit', it's much cheaper than postal mail. You would encourage a whole new bunch of businesses into spam, for whom the brand damage is now relatively less important given their messages can get through with less surrounding noise.
Posted by: at January 26, 2004 09:56 PMOr, to put it another way ... you only want to impose the penalty on spammers, so you're back to square one of having to decide what is spam -- but without any benefit of knowing even who is trying to message you or what they're saying.
And lord help the admins at places like Hotmail who would have to deal with massive issues every time they updated an IP address or tweaked their network config. What would happen to Hotmail if they had a big outage and a cold backup site picked up the load? I hate to even think about the unintended consequences of this nonsense.
Posted by: at January 26, 2004 10:09 PMTo be fair, the author does (barely) address the need to blacklist some sending addresses, in the short "security" section, following.
I'd agree that the need to administer any kind of blacklist sullies the elegance of his proposal... but taken as part of a 1-2 punch (with some server-side blacklist technology like brightmail or declude) I think it's worth a shot.
Although no one can agree on the definition of spam, your remaining counter-examples (Coke and the govt) are exactly the kind of spam I hope to avoid. :)
I like the way you cite the cost of (physical) postal junkmail, as a basis for determining what spammers would be willing to pay for a low-noise medium. So many people overlook that.
Keep up the good blog...
-S