There's room here for an entire essay, but I will confine myself to a few points.
(1) You write, "The law won't make much difference to this unauthenticated medium." Given that the machines have been hijacked, there isn't any authentication mechanism that can't be hijacked from the machine.
In other words, once a spammer has control of a hijacked machine, many of the client-based remedies will not work. If you charge for email delivery, the spammer will cheerfully use your email account and run up your bill. If you require authentication, the spammer will cheerfully bypass or hijack your authentication mechanism.
(2) My antispam filters are in decent shape. Pobox.com is my first-pass filter; anything that gets through is looked at by spam assassin. This weekend I received at least 250 spams -- 80% of my email is spam -- and about 5 got through. And I was very annoyed by those five, mind you; spamasassin can do better.
I think technology, including whitelists, will be a big help. Spamassassin is so accurate that at this point I have started to let the two-layer system dump all spam automatically. And I frankly don't understand why higher-level systems aren't dumping spam. Then again, since RCN can't even get So.Big worms out of their servers, apparently, I don't expect them to tackle a hard problem like email.
(3) I have said it before and I will say it again: we must attack the spammers' business models. For example: some spammers charge for click throughs. I'd cheerfully have an automated system do a click through for every piece of spam I get -- it wouldn't be hard, just wget and follow the href's. If implemented on a wide scale, auto-clickthrough would destroy the utility of both their payment schemes and their traffic-validation schemes.
Hmmm... what's that, about 30 minutes worth of Python coding? The hard part would be parsing the HTML...
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Agreed, but slightly missing the point
Date: 2003-11-23 09:11 pm (UTC)(1) You write, "The law won't make much difference to this unauthenticated medium." Given that the machines have been hijacked, there isn't any authentication mechanism that can't be hijacked from the machine.
In other words, once a spammer has control of a hijacked machine, many of the client-based remedies will not work. If you charge for email delivery, the spammer will cheerfully use your email account and run up your bill. If you require authentication, the spammer will cheerfully bypass or hijack your authentication mechanism.
(2) My antispam filters are in decent shape. Pobox.com is my first-pass filter; anything that gets through is looked at by spam assassin. This weekend I received at least 250 spams -- 80% of my email is spam -- and about 5 got through. And I was very annoyed by those five, mind you; spamasassin can do better.
I think technology, including whitelists, will be a big help. Spamassassin is so accurate that at this point I have started to let the two-layer system dump all spam automatically. And I frankly don't understand why higher-level systems aren't dumping spam. Then again, since RCN can't even get So.Big worms out of their servers, apparently, I don't expect them to tackle a hard problem like email.
(3) I have said it before and I will say it again: we must attack the spammers' business models. For example: some spammers charge for click throughs. I'd cheerfully have an automated system do a click through for every piece of spam I get -- it wouldn't be hard, just wget and follow the href's. If implemented on a wide scale, auto-clickthrough would destroy the utility of both their payment schemes and their traffic-validation schemes.
Hmmm... what's that, about 30 minutes worth of Python coding? The hard part would be parsing the HTML...