Paul E. Schoen wrote:
> "coyote"
wrote in message
> news:d_adnXl7AqZgQa7bnZ2dnUVZ_t2tnZ2d@giganews.com...>> Paul E. Schoen wrote:
>>
>>> I proposed a penny per email (or post) "tax", which would have cost the
>>> perp in this case only $60. Sometimes you have to give up a portion of
>>> your freedom when someone else abuses that freedom for cowardly and
>>> immature actions such as this.
>> It wont work. People have been proposing this solution for years, and it
>> wouldnt have worked when it was first suggested and it most certainly
>> will not work now.
>>
>> Back in 2004 John Levine wrote this document explaining why not:
>>
http://www.taugh.com/epostage.pdf
>>
>> If you need to look him up:
http://www.johnlevine.com/
>>
>> All the issues he raises are still valid, and the advent of large zombie
>> networks since then make your idea even less useful. The ultimate result
>> of taxing email would be that the criminals get a free ride and people
>> like my mom and dad pay for it.
>>
>
> I can understand some of the arguments and issues about epostage, but it
> still seems incredible that so many imposters and high volume spammers can
> continue to operate without being detected or penalized in any effective
> way.
When talking about email spam, the bulk of the really criminal
operations are accomplished through the use of botnets. These are
organized and paid for by the likes of the Russian Mob. There really
aren't that many criminal spammers out there; the numbers are pretty
much agreed upon to be in the low hundreds. They're very well funded,
very smart, and very organized.
This is why an email tax will not work. The real spammers (as opposed to
merely stupid bulkmailers) send their mail through compromised personal
computers, a few at time to avoid setting off alarms - they can do that,
because their botnets are huge - and thus the cost would (and does
already, though indirectly) devolve onto the end user.
> It seems incredulous that the recipients of email pay the cost.
Incredible, and wrong, but thats what happens when one takes a protocol
that was not designed for the use it is being put to, and keep tacking
shit onto it in a futile effort to fix it. Now its too big to go back
and start over, and do it right.
It is an almost purely reactive war, this fight against spam, it has to
be, and that means the good guys are always scrambling to keep up. They
are hampered by laws, ethics, underfunding/staffing and fear of false
postives. The criminals are quite free of any of these problems.
And the end user pays the price.
Legitimate bulkmailers spend a great deal of time and money trying to
comply with ISP policies. This is made very difficult by the lack of a
cohesive policy, the end result being that each ISP does things its own
way and the senders have to accommodate.
The cost of transporting all the unwanted mail comes straight out of the
ISP's pockets, which means that it comes out of their customer's pockets.
> Actually, email is probably easier to control, with simple means as I have
> seen requiring the sender of each email to register with the recipient's
> spam blocker service.
You'd be surprised how hard that really is to accomplish. It doesnt
scale well.
> Newsgroup spam and flooding are perhaps more serious issues, and are
> fundamentally different even though the mechanics of posting a message are
> similar. AIUI, NG posts are received and stored by a limited number of
> servers, and propagated on the internet until all have been received. It
> should be a simple process for these servers to ask for validation from the
> original sender.
What sort of validation? Most NNTP servers require authentication as it
is. Do you mean an image captcha? Such a thing would never fly.
Then there is the problem that Usenet is worldwide, and getting all NSPs
to follow the same policy is faced with the same issue I was mentioning
above, with the ISPs & email.
> Such a process might involve a few more steps for me to
> post a message, but it would be worth it to clean up this mess.
I understand your frustration, believe me, at least in regard to email spam.
> Also, I don't see why it is so hard to impose a fair "tax" on the sender.
> Users with a paid-for ISP account, such as I have, could easily be
> monitored by the ISP for number of emails and posts sent, and/or volume in
> terms of megabytes per month of data.
Yeah. And most already do get monitored. If Joe Blow user one day
suddenly spikes the numbers of his outbound mail, many ISPs now shoot
first and ask questions later, on the (usually correct) assumption that
his machine is compromised. Many ISPs have mechanisms in place to either
suspend, ratelimit, or otherwise challenge someone sending that much
mail who doesnt really have a reason to.
Consider this scenario, though. You are User A, who has a broadband
connection and leaves his computer on most if not all of the time, like
many people do. User A unwittingly becomes compromised, his machine
zombified and now part of a botnet. Every few days, the botnet tells his
machine to send out 10-15 spams, usually right through his ISP's
outbound primaries, which gives User B a much greater chance of having
his mail delivered. His machine sends them, his ISP does *not* catch it
because the volume is so low, and User A has a small increase on his
monthly bill that he may not even notice.
User B(otnet Guy) has millions of computers like the one belonging to
User A. By rotating through them, he keeps a valuable resource - an
undetected zombie - and pays no cost to send his 100s of millions of
emails a week. Who pays? User A.
> I think incoming mail is already
> monitored,
In most major ISPs, it is closely monitored, yes.
> and I could be charged extra if it exceeds some limit.
> Fortunately my Postini spam/virus filter catches most of the crap and makes
> it easier to trash it.
>
> Unfortunately, most of the spam and abusive behavior probably originates
> from free accounts, or from high level operators who run at a level similar
> to ISPs. I think the providers of free accounts should be held more
> accountable for the actions of their patrons, and I don't see any problem
> with limiting "free" accounts to a reasonable volume of traffic. Free
> accounts are generally driven by advertising anyway, so limiting them IMHO
> is a "good thing".
I dont know about other big freemail providers, but I do know AOL
ratelimits their users' outbound mail, for example. Hotmail does as
well. Id be surprised if the other big guys do not do this, but the
problem is not usually the big ISPs. Its the little ones, and the ones
run in countries that just dont give a fuck (Italy being a great
example. The various Italian freemail services are blocked by most of
the big ISPs, because of the egregious abuse of them and a total lack of
responsiveness from their admins), ISPs that just dont have the money or
staff to regulate their mail, bulkmailers with "free" sending platforms
that only require a valid credit card, etc.
> It seems that abusive behavior has taken a sharp upturn recently, and it
> may have the potential to effectively cripple free communication on usenet.
Nah. Its always been like this, at least on Usenet...you just apparently
havent been in the path of it before. It has its cycles, like anything
else, and the tide will eventually recede, only to return again in the
future. Do you remember all the fun with HipCrime, about 10 years ago?
The same was being said then. Nothing new under the sun.
I will grant you that the problem is being exacerbated by the situation
I described above (lots of perma-connected, compromised pcs on a
broadband connection) but that really seems to be affecting email spam
more than anything. Usenet really stopped being a paying proposition for
spammers a while back. Not enough people read it to make it worth their
while.
Now, if you are talking about the trolls, well....thats not spam (at
least not the way I define it), and there really is nothing you can do
about trolls except ride it out. Annoying people is not a crime, much as
many would like it to be.
> Individual users can take steps to reduce their influx of spam, by changing
> their email addresses and using spam/virus filters. Usenet seems to be a
> "sitting duck", and recent ploys have been effective in limiting the
> usefulness of killfiles and other means. I don't claim to have the answers,
> but I am willing to pay a premium in money or inconvenience to eliminate
> this problem.
"this problem" - which, specifically? You are talking both about spam,
and about trolls, and the two have really no relationship.
Spam, you can do stuff about. Trolls, not so much. As long as there is
anonymity on Usenet, trolls will be around. If they really bother you,
get a better newsreader with more flexibility in its killfiles than
Outlook Express. It's abilities are very limited. Forte' Agent is a good
one, and there is a free version.
> And, if the perps can be detected and tracked down, there should be
> effective punishments and sanctions that will keep them from repeating
> their destructive behavior
What destructive behavior? Being irritating in ASCII is...well, pretty
harmless, and a better newsreader can make them vanish from your reality
if you so desire. Usenet has *always* been like this, and a thick skin,
a sense of humour, and excellent killfiles are necessary if you want to
survive out here with your sanity intact.
Usenet Performance Art (
http://en.wikipedia.org/wiki/Meow_Wars) has been
around for a long time, has many flavours, and it is not going anywhere.
> and be a deterant to others who would like to
> engage in such childish pranks that are, or should be, criminal.
You are saying something that has been said many times before, and being
"childish" remains a non-criminal act.
Most normal NSPs do not care what you do on Usenet as long as you are
not engaging in genuinely criminal behavior (child porn, etc) and dont
nym-shift to get around people's killfiles.
Others are less discriminating and allow pretty much anything except,
again, actual crime.
So it goes.
--
~coyote
