Coffeehouse Thread

9 posts

A method to stop spam

Back to Forum: Coffeehouse
  • User profile image
    Loadsgood

    Hi to anyone who reads this. I have a method to stop spam in Hotmail, but if I tell it to you all, a spammer will see it and then the method will be invalid. Also I think that this method could also work with any other email application ie. yahoo and POP3, IMAP and any other way you can check your email. This definatly is not an ad. And there is no need to spend any money to use this method. You can share it with your friends (as long as they're not spammers) and there is no ad-filter needed. The only thing is I need help. Can someone tell me how to tell people about this method but without all the spammers finding out?

    It will help me and you if someone can help. Thanks Smiley

  • User profile image
    JParrish

    Not to burst your bubble.. but if your method requires the spammers not finding out... it is not worth implementing.

    However bayesian filtering products that allow the user to continually "redefine" what they consider spam seem to do a good job despite what the spammers do to get around it.

  • User profile image
    eto

    Best way to stop spam is to not use email. It is outdated, and no amount of hacking will get it to a sufficient level of security, because of the main principle of email (to allow anyone to send anyone an email). Best bet is to use Instant Messaging and a) create an open standard for everyone to implement (and interoperate with), and b) implement it. Either that, or re-write email from scratch... but heck, there's no point. it's a lost cause IMHO. People are getting frustrated about it (spam & virii), and if something isn't done SOON, people will turn away from email and go back to phone & fax. I know a few people already at this stage, and it's kinda depressing. Cheers, Curtis.

  • User profile image
    JParrish

    Just bare in mind that the reason E-Mail is still popular is that unlike most instant messaging platforms, E-Mail will queue up and wait for the user to come and ask for the messages. That is a vital feature that only a few IM protocols are implementing.

    And just to entertain the idea of everyone going to 100% IM for online communication, do you expect everyone to only allow their current "buddy list" to message them? What happens when they sign up for a new service, and what now if spammers get access to these IM directories and appear to be valid senders?

    I see two sides here, either bayesian filtering allowing a flexible definition of what is "junk" or total PKI, which is still a ways off from reality imo.

  • User profile image
    Jaz

    i have 2 hotmail accounts, one has never had a peice of spam ever.

    I think hotmail is pretty good.  the one that get's all the spam, keeps the spam in the spam box, i mean yes sometimes i get messages that i need in the spam box too but i can put up with that.

    It's just annoying when i go away for 2 weeks with no net access my account tends to bulge.

  • User profile image
    Manip

    I think the only true method to stop spam is by using clients. I mean most anti-spam solutions rely on the server bouncing spam and that is clearly not working because the spammers just adapt. This is what I personally would do:

    SG = SpamGuard / SpamGuardian

    Remote SMTP->Email->Local SMTP->POP->Client
    Remote SG<-Client

    It is essentially simple. On the remote server the 'SpamGuard' adds a random unique ID to the e-mail. It then gets sent to the client normally. The Client (Outlook, Hotmail.com etc) then goes to the domain's SG server and sends the unique ID + sender and the server either says "I sent it" or "I didn't".

    The great thing about this is the client is in control of what happens to spam. But as I see it you have three settings -

    Delete non-confirmed email (Allow confirmed, no SG)
    Delete non-confirmed + no SG (Only Confirmed)

    This allows slow integration into the current e-mail system. It doesn't slow down the ACTUAL e-mail server (much). And keeps the user in control of what e-mail they do or do not get.

    Format

    Client: SG
    Server: SG Version X.X
    Client: js4Ijm3K Someone@Domain.com
    [8bit UTF-8 hash] [Sender Address]
    Server: Confirmed
    [Or like '200' || '203' HTTP Codes]

    This means low bandwidth costs. I would suggest keeping the database of sent e-mail with its hashs for around 5 days stored like this -

    Hash     / Email hash
    kI43jI2l / k23Lsma9k
    s4lOksAp / iK12lmIsn
    Z32LpOqu / Slm3lsowN
    Ns943Ols / 02NMskL08
    Las93Klg / Ismnc8Kls

    This means a database with 8000 entries will be exactly 16000 bytes (excluding header info etc). The Email hash COULD be generated on either the clients or the SG server.

    I would also have a client 'Status' command.. If the server takes a while searching the database the client can poke at it with 'Status' and the server replies 'Searching' / 'Finished' etc. All in HTTP code type format.

  • User profile image
    OldManCoyote

    I have had my HotMail account since it went beta, before it was cool and way before Microsoft bought it.

    On average, it gets about 400-500 spam emails a day, and that wasn't even advertising with it.  It was just longevity that has made it a hot item so to speak. The account is on virtually all spam lists that are out there now.

    By just checking the return address, Microsoft could easily eliminate the majority of my spam. 

    But reading about the pay-for-email group at Research, its going to fly either. Why would anyone pay for email when it was free since BBSes where around in the 80s?

  • User profile image
    OldManCoyote

    I think the only way to really stop spam is for ICANN to institute a .mail TLD. It would require features such as DNS, IP, etc athentication and throw in encryption for good measure.

    I know its in the planning stage, but who would pay $30,000 for a .mail TLD for email?  It should be a nomimal fee.

  • User profile image
    Manip

    No, because my method involved none of that, my method + domain black lists would successfully stop spam. You haven't really explained how or why that would stop spam so I conclude you don't know anything. And are just repeating what you heard by the fountain.

    The entire .Mail TLD is just a big money pit.. features this, features that.. and encryption to stop spam is moronic, simple as that.

    My method relies on two things
    1. Verify the domain source.
    2. Block bad-sources.

    And is compatible with current anti-spam laws in both the UK and USA. It also does so is a cheap way that can be rolled out on part or all of the infrastructure. As an added advantage it can be used firstly on clients and then later on servers.

    When I say cheap I mean from everyone's point of view, it couldn't get much simpler and cheaper. And the simple solutions work.

    You might all be thinking, well can't spammers use real accounts? Well yes. But when they do and the owner gets complaints they can be assured that their servers did actually sent those emails and can react on it. At the moment the From info could be completely fake.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.