Is there a technical solution to SPAM?

Anyone who believes that SPAM can be solved by technical means should try
googling one of the following:

sms spam
i-mode spam
IM spam

It should be clear that spam is really a social problem, not a technical
one and therefore the solutions will be found in the social, political and
legal spaces, not in network engineering. Some combination of education
and training, new laws, arrests and public trials will be needed to get
rid of it.

I'm betting that we get the biggest bang for the buck out of education and
training. Part of it will come from teaching people network etiquette,
part from teaching them that spam is not a way to make money, and part of
it from teaching website owners how to provide effective advertising so
that website ads can dominate the cheap mass advertising space and
displace the spammers.

In any case, I suggest that we should ban all future discussion of SPAM
and spammers from this mailing list since it is not related to network
engineering or operating an IP network.

I disagree. While you're right that it is a social problem, it is also
a technical problem in that those of us charged with protecting our
networks and equipment need to be able to discuss methods of engineering
our networks to counteract SPAM while the social, political and legal
issues are being played out in their arenas.

And I doubt that career spammers give a rat's ass about proper network
etiquette. Education may help prevent newbies and brick-and-mortar
converts from becoming spammers, but it will take some combination of
legal and technical measures to deal with the career spammers. Laws
alone won't work, because laws have loopholes.

Bob German

Ralsky apparently has a $700K house. I don't. Now explain to me again
the part about spamming *not* being a way to make money?

(Subject line & quotes adjusted to avoid infringing Hormel's trademark!)

Anyone who believes that spam can be solved by technical means

<snip>

is missing the point completely.

Social controls placed on spam by some network operators, and by
recipients, have led the senders to adopt techniques that challenge
the security of the parts of the internet that we have to manage.

An obvious example is the compromising of user machines by viruses
such as Jeem, SoBig-E, etc: by compromising these machines, some of
which are connected (almost) 24/7, with the intention of their being
used to send untraceable spam, has prepared those same machines for
other nefarious use, such as Distributed Denial of Service attacks.

the solutions will be found in the social, political and legal
spaces, not in network engineering.

The solutions may well be found there but will be unimplementable
without much needed support from the operators - particularly the
major backbones - who currently turn a blind eye to protect their
revenue. To see which these operators are, read:

http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=vi1vl24ue5hm72%40corp.supernews.com&rnum=1

Some combination of education and training, new laws, arrests
and public trials will be needed to get rid of it.

None of which will be possible without adduceable evidence. This will
lead to onerous compliance and logging requirements being imposed on
all operators as a result of past non-cooperation by a small subset.
Had that subset co-operated from the start, the extra duties that are
likely to cause us all extra work would never have become necessary.

In any case, I suggest that we should ban all future discussion of
spam and spammers from this mailing list since it is not related to
network engineering or operating an IP network.

That's already the case, but discussion of the security issues that
result from the activities of spammers still seems to be unavoidable.

[snip]

AOL Instant Messenger has a 'warn' function, I wrote a nifty little plugin
for GAIM (A multi-IM-client available for various platforms) that simply
drops messages from unknown people with a warning level >10%.

If only everything else had a 'warn' function. (Although, to a degree razor
serves this purpose along with a whitelist in spamassassin)

Michael,

I'm betting that we get the biggest bang for the buck out of education and
training. Part of it will come from teaching people network etiquette,
part from teaching them that spam is not a way to make money, and part of
it from teaching website owners how to provide effective advertising so

"Accountable" Spammers are willing to work within the rules. In the
absence of rules, they are aggressive. These are the folks of the DMA
and the rest of the real, commercial marketing world. They have, so far,
been entirely resistant to the many, vigorous efforts to pursue
discussion-based education. For these folks, legislation-based
"education" is more promising.

Unfortunately, there is another set of folks that I call "Rogue
Spammers". For various reasons, they cannot be held accountable. Some
work form unaccountable environments. Some are simply crazy or nasty,
so they don't care about making money.

Spammers are like roaches. They are here to stay. They are aggressive.
They adapt.

We need to respond with a variety of mechanisms, preferably coordinated
to maximize the aggregate effect.

d/

Spammers are like roaches. They are here to stay. They are aggressive.
They adapt.

spam is a drug, and spammers will do anything, anything at all, for a fix.

We need to respond with a variety of mechanisms, preferably coordinated
to maximize the aggregate effect.

i still disagree. we need to call smtp a total loss and start over, from
the basic question: how can mutual consent be prerequisite to communication?

the difference between spam and ddos is a matter of statefulness -- but the
motives for sending it are essentially the same: asymmetric benefit to the
sender, and without consent of the recipients.

watching the growth of the anti-ddos and anti-spam industries makes the
internet look like a grade school science fair project run amok.