[extropy-chat] About SPAM again

Alan Eliasen eliasen at mindspring.com
Fri Jan 23 02:47:30 UTC 2004


Emlyn O'regan wrote:
> I've said this before here; the way to stop spam is to clog up the reply
> channel. Real people need to use the method given by the spammers of
> replying, and reply, posing as real customers, but never actually
> purchasing. So the spammer has to waste time dealing with "potential
> customers" who never actually buy anything.

   There's a program that does this in an automated fashion, "Unsolicited
Commando."

http://www.astrobastards.net/uc/index.jsp

   It's designed to fill in web-based response forms with pretty-good-looking
data that buries the valid responses in with tons of invalid responses that
the spammer has to manually validate, making it economically infeasible to
continue with this business model.

   There is also a "hashcash" system similar to the "Penny Black" system
mentioned by Robert Bradbury.  It requires the sender to expend some computing
resources to generate a hashcode for the message.  This is trivial for someone
sending a small number of e-mails, prohibitive for mass-spammers.

   http://www.hashcash.org/

   I think that a scheme like this is a reasonable way to prevent unsolicited
e-mail.  Heck, it could even be used for good.  Let's say that your hashcash
challenge is something like "find the factors of this number" or "sieve these
prime candidates" or something beneficial and similar.  The spammers'
computers would turn into a vast distributed computing project, and somebody
could potentially benefit from it.

> Now this doesn't work for spams that point to totally automated bogus
> websites. These just need shutting down in the standard way (unless you can
> break them somehow).

   I've... um... heard that some of them can be broken, or their databases
corrupted.  This is actually a well-known problem known to those building
secure web-based applications.  For more information, take a look at some of
the tips I give when talking about security, especially point 7.  These are
actually tips designed for the good guys, but good guys are susceptible to the
same attacks that bad guys are:

   http://www.mindspring.com/~eliasen/security/

   It's probably best to just block spam, though, and not waste your time on
it.  I have recommendations on this if anyone's interested.

-- 
  Alan Eliasen                 | "You cannot reason a person out of a
  eliasen at mindspring.com       |  position he did not reason himself
  http://futureboy.homeip.net/ |  into in the first place."
                               |     --Jonathan Swift



More information about the extropy-chat mailing list