UCE/spam Solution ? Your help needed
Question:
:[Revised] :I posted this message a couple days before Christmas (maybe not the best time to :post), and although I received a couple of positive comments, I wonder if people :want to discuss and move to finding a solution rather than spending the energy :"talking" about UCE/spam? A particular thread "talking" about UCE/spam has over :100 replies. <SNIP Excellent suggestions. I’d add a couple of things. 1. Advertisers should be required to cull their mailing lists before sending mail, and said e-mail address list providers should share their "remove" lists. Failure for compliance should be grounds for termination of an account/ blacklisting. 2. I’m not sure I’d want to completely eliminate anonymous e-mail, while its something a business should never do, there may be times that it is appropriate, particularly given that encryption/digital signatures could be used for authentication of sensative business communication. Its just one more layer of security. :-Closing Thoughts- 
on’t expect to see an initiative come from major commercial players until they :see their business, especially their profits being affected, which may not :happen for many years. Just look at this months conference in Geneva of the U.N :World Intellectual Property Organization tackling copyright infringements on the :Internet. The music industry (at no surprise), moving to protect against the :potential loss of revenue lobbied and got the conference. :If *we* truly want to solve the spam problem and introduce direct e-mail with :which we can accept and live with, *we* need to come up with the solution, :create a movement (strength in numbers -we have the means to reach millions), :lobbying the players, and drawing attention to the cause (contact the press via :e-mail). I think it will take a concerted effort by e-mail users to get the backbone companies to take action. Both suggestions should be pursued. :My personal e-mail box is pretty much UCE/spam free, but m.b.m.m.’s e-mail box :is not funny anymore. It’s really taking the fun out of moderating, making it a burden. I’ve said before you should charge for advertising in m.b.m.m that will cut down on the UCE/spam posts as they know there is a charge associated, and provide some funds for the purposes of moderating the group. :I haven’t asked for help, but I am asking for help now, as I want to do :something, actions to solving or on the road to solving the UCE/spam problem. Well, what do you want us to do? — J. Patrick McDonald |HOBBES: (reading book report): "The Dynamics of Extension Assistant |Interbeing and Monological Imperatives in DICK & JANE: Kansas State University |A Study in Psychic Transrelational Gender Modes." [Moderator's Note: For starters, as you have done; additional suggestions. Right now it's the brainstorm mode; collect the suggestions and feedback, then discuss the suggestions a bit more, off the NG, if need be. Once we have something that we agree upon, make it known and start lobbying efforts. -JG]
Response:
An additional item that a policy *must* cover, IMO. A private non-commercial mailing list that I am a member of has just been spammed by a "make Money fast" emailer. This is the second time within 2 months. currently the sys-op is trying to find out where the security hole is because it shouldn’t have been possible after the first one. Any sucessful UCE ‘cure’ must address this type of ‘rogue’ person as well as established companies, etc. — Nick Advice & Help with UNIX, PC’s, Year 2000, Databases and Viruses Your pet can’t clean his ears! http://worldemail.com/wetc/brushtec "VET it first" Vet Virus Protection Software Dealer Owner of jam-list, The mailing list for s/w developers using JAM
Response:
Patrick, some excellent ideas. John, do you think you could put together a serious group of people, a small group, that would be interested in brainstorming it out ? Paul [Moderator's Note: Yes, Paul. I have some people from the first time around and am waiting to see if others are interested, then take the brainstorming off mbmm to a listserv. -JG]
Response:
[Revised] I posted this message a couple days before Christmas (maybe not the best time to post), and although I received a couple of positive comments, I wonder if people want to discuss and move to finding a solution rather than spending the energy "talking" about UCE/spam? A particular thread "talking" about UCE/spam has over 100 replies. I’m reposting since I want to "work" on a possible solution to the UCE/spam problem. Please. give me your input so that I can improve this proposed solution. Once the proposal has been sharpened, I will be sending it to various publications, companies, and other relevant organizations. What we could do, if interested, is everyone that supports the final proposal to be listed, signing it, if you will. Although the problem of spam is a global one, any solution should start in one country. To keep this articles to a manageable form, I’ll deal with the US. Getting all online users to "honor" a UCE/spam voluntary solution is not going to work. If a spammer’s account is canceled, he/she simply opens a new account with a different ISP, and the whole thing repeats itself, never ending. Further there’s the problem with the "throw-away" accounts -trials from AOL, Prodigy, Compuserve, et.al. Getting all business – domain – non-ISPs (rouge site) to "honor" a UCE/spam voluntary solution is not going to work. If a business account is canceled, it simply opens a new account with a different ISP and transfers the domain. Getting all ISPs to "honor" a UCE/spam voluntary solution is not going to work. Too many ISPs, of which there are rouge ISPs. If a (secondary) ISP’s service is canceled, it simply obtains service from another primary ISP. Getting all backbone providers to "honor" a UCE/spam voluntary solution MAY work as there are only some nine backbone providers in the US (uunet, Sprint, PSI, MCI, IBM, Digex, CERF, ANS, AGIS). If a primary ISP’s service is canceled, the pool of backbone providers is small. If there is a black list, and an agreement between backbone providers, the rouge ISP will be out of business, period. In a nutshell – the proposed solution is to start with the backbone providers to have a uniform Terms of Service (TOS) for their customers – ISPs. Further, adding (new) headers to e-mail/news software and (new) filter scripts to news servers. Just as the "from" header (regardless if fake or correct) is required, so could new headers. I personally don’t see anything else that will work. Sure, a code of ethics such as International Small Business Consortium is drafting: http://www.isbc.com/business/coe_draft.html will be honored by many, but not by the people who are the problem (the real UCE/spam problem). Certainly, sites where one can "opt-in", by expressing their interests in receiving Solicited Commercial E-mail is a good move but it still does not deal with the "real" UCE/spam problem. So besides receiving SCE, one still gets UCE. The UCE/spam problem is not companies sending their latest offer of jazz CDs, books, vacation packages, office supplies, etc. (I sure don’t receive these types). The "REAL" UCE/spam problem which has us all HOT can be classified in three categories: 1. Chain - Make Money Fast, Get Rich Quick, Send $5 2. MLM - Downline, upline, sideline, all the network offers 3. Pseudo-biz & quasi-biz – Un-targeted offers by new wannabe business people (free reports, IPP, Internet mktg, pagers,etc.) -Legislative Solution- I don’t see legislation making spam illegal happening soon since there is going to be a difficult time defining what is spam and what is not. (please, not looking for a discussion as to definition) Certainly, a proposed law making all unsolicited e-mail illegal can be made but I would guess much opposition would be raised (spam vs direct e-mail). If there is a law making spam illegal, it would apply to the US, and don’t expect to see all the countries of the world leaping to introduce similar law. Just look at the unsolicited fax law. With a law, what’s to stop those from opening accounts offshore? The cost is incremental and this would bring *new entrepreneurs* wanting to fill a new market need. (just look where domestic phone sex is illegal, simply moved offshore). Further, we’d see *new entrepreneurs* offering PO boxes and incorporation offshore, and other ways to circumvent the law. Should we expect the government to come up with a solution? When hell freezes over. The US government has far greater concerns, and for all governments or even the G-7 to tackle the Internet and spam, if it is a priority, is certainly a very low one. But it should not be the government that makes policy and rules for the Internet (CDA), It is time for the *Internet community* to self-regulate itself. For those saying no -the Internet will never be what it was- With commercialization there is a need for rules or standards. Would you rather see the government instil rules and laws for the Internet or have rules and standards developed by the *Internet community*? We see other industries develop rules and standards, worldwide, what’s stopping the same from happening for the Internet? There is the Internet Society (ISOC), funded by major players (more for the purpose of providing salary for governing members so they have a *job*. Also note; mainly from the academic, Internet old guard, and programming world.) which seems more concerned with implementing new top level domains (TLD) than dealing with commercialization and the problems it brings. It has not addressed spam as it seems to not be concerned with it. The ISOC has been responsible for lobbying the implementation of existing protocols but their concern and knowledge is from the technical side. If the ISOC were to reorganize it’s governing board to include individuals from the commercial sector, there might be progress, but it appears the mentality is purely old guard Internet -Internet Industry Association (IIA)- I propose we start by creating the IIA. We see various fractions around the world (mainly local ISP associations), but we need to have one main organization, that sets standards (not just protocols) to follow. The Internet has standards; HTML, NNTP, SMTP, POP, etc. which were developed and implemented by the academic arm. But the existing standards, just as HTML has, must be upgraded to deal with the problems commercialization brings, has brought. Is it up to the academic arm or ISOC to take the initiative? I don’t think so, as nothing has happen. Rather, we, the commercial and consumer users need to start the process. Further, those large companies who are Internet players need to tackle the problem. This IIA must include the major computer industry players; software (MS); and hardware (SUN, IBM, etc.); telecommunications (ATT, MCI, Sprint, including those backbone suppliers who are also ISPs), other backbone providers (UUNET, CERFNET, etc.)and from the Internet; representatives from moderators (a moderator’s union is another need), anti-spam movement, EFF, and other non-commercial Internet organizations. The purpose of the IIA is not to be a *governing body* but only to develop standards so that we keep some order otherwise we will see chaos. -Proposed IIA Agenda- 1. Upgrading SMTP (send mail) 2. Upgrade POP (receive mail) 3. Standard Terms of Service agreement for both end users, ISPs, and hosts Any software or technical solution for spam must deal with e-mail spam and Usenet spam, fake-forged e-address and correct e-address. As the concern here is e-mail spam, I will not discuss a possible solution to Usenet spam (very similar to e-mail spam solution). I will just say that I strongly believe anonymity posting to non-moderated and allowable moderated newsgroup is something that should prevail. However, I don’t believe anonymity should apply to e-mail as e-mail is a one_to_one, private dialogue. 1. Upgrading SMTP (send mail) Just as there is authentication needed for user login and for POP ( retrieve mail), and for some news feeds, there should be authentication developed for SMTP (sending) Fake e-mail address (SMTP) If someone tries to send e-mail with a fake e-address, the mail server verifies that e-address and password match, otherwise, it rejects the out going e-mail. Have a default on the mail server as to how many *CC* and *BCC* can be sent with e-mail. For mailing lists, those using Listserv or Majordomo, an attribute would be added on the mail server to the account. For those doing a manual mailing list (BCC), the user sends a formal note to the ISP and the ISP adds an attribute. Correct e-mail address (SMTP) If someone decides to spam, it is of course with his correct e-mail so there’s no problem in identifying and warning the poster with copy to ISP. Maybe, a *3 strikes* policy could be used here as there would be limitations of CCing and BCCing in place. 2. Upgrade POP (receive mail) IMAP4 is expected to replace POP and the new protocol will give end users more control over their incoming e-mail. It works very much like news readers with filter ability. Based on one’s set filters, an IMAP4 e-mail program will download e-mail subject -author header into the appropriate mailboxes set with the filters. One can then download the messages one wants and delete those message of no interest. So spam does not make its way to the users PC, which is a step in the right direction but it still does not solve the problem of all the spam flying around the backbones. taking up bandwidth between hosts. 3. Standard Terms of Service agreement for both end users, ISPs, and hosts. The TOS ISPs have for their users is fine but is not uniform. The problem is, it only applies to *their* users. Spam is like cancer, in that one can fight it where found but it will come back unless the source is isolated and killed (a bit extreme of an example, but not that far … read more »
Response:
Filed under: Lobbying
Leave a Comment
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
TrackBack URL | RSS feed for comments on this post.