AOL and Yahoo's new Pay-to-Spam service

How is something like this going to affect The Phoenyx?

http://news.bbc.co.uk/1/hi/technology/4684942.stm

> AOL and Yahoo plan to charge fees of up to one cent (US) per message
> to those that sign up for the service.
> 
> Paying the fees means that messages will not go through spam filters,
> are guaranteed to arrive and will bear a stamp of authenticity.
> 
> Both AOL and Yahoo said they would start offering the service within
> the next few months.

I can't help feeling this is not going to be a good thing.  Not only 
will it mean most end-users receiving *more* spam, only this time from 
big business rather than small-time crooks, but it could easily make 
life a lot harder for small mailing list operators such as The Phoenyx.

AOL and Yahoo's new Pay-to-Spam service

On Mon, 6 Feb 2006, Tim Hall wrote:

TH>I can't help feeling this is not going to be a good thing.  Not only 
TH>will it mean most end-users receiving *more* spam, only this time from 
TH>big business rather than small-time crooks, but it could easily make 
TH>life a lot harder for small mailing list operators such as The Phoenyx.

I've been watching the stuff with a mixture of amusement and sadness.  I 
doubt it'll fly, but if it does, no worries:  bypassing spam filters is 
*way* easier than writing them.  And I'm very, very, very good at writing 
them.

Plus, the average AOL/Yahoo user will be inclined to use the web-forum 
version anyway.

-- 
Karen J. Cravens  silver@phoenyx.net

AOL and Yahoo's new Pay-to-Spam service

--- "Karen J. Cravens"  wrote:

> On Mon, 6 Feb 2006, Tim Hall wrote:
> 
> TH>I can't help feeling this is not going to be a good thing.  Not
> only 
> TH>will it mean most end-users receiving *more* spam, only this time
> from 
> TH>big business rather than small-time crooks, but it could easily
> make 
> TH>life a lot harder for small mailing list operators such as The
> Phoenyx.
> 
> I've been watching the stuff with a mixture of amusement and sadness.
>  I 
> doubt it'll fly, but if it does, no worries:  bypassing spam filters
> is 
> *way* easier than writing them.  And I'm very, very, very good at
> writing 
> them.
> 
> Plus, the average AOL/Yahoo user will be inclined to use the
> web-forum 
> version anyway.

Phoenyx has a webforum version?

Andrew
 
> -- 
> Karen J. Cravens  silver@phoenyx.net
> 

AOL and Yahoo's new Pay-to-Spam service

On Mon, 6 Feb 2006, Andrew Janssen wrote:

AJ>Phoenyx has a webforum version?

Firehawk, the current software, doesn't.  (It just has the Mhonarc 
archives, such as they are.)  Gamehawk, the in-progress version, does.

Apropos the subject line:  if I hadn't had to spend so much time fighting 
spam, Gamehawk would have been finished about five years ago.  We wouldn't 
be having to buy a new server just to cope with load, either.

-- 
Karen J. Cravens  silver@phoenyx.net

AOL and Yahoo's new Pay-to-Spam service

Karen J. Cravens wrote:

> I've been watching the stuff with a mixture of amusement and sadness.  I 
> doubt it'll fly, but if it does, no worries:  bypassing spam filters is 
> *way* easier than writing them.  And I'm very, very, very good at writing 
> them.

I've always maintained that the only way to stop spam would be to nuke 
Florida.

Since it's claimed that the spammers are concentrated in one or two 
places, it might not be necessary to take out the whole state....

AOL and Yahoo's new Pay-to-Spam service

On Mon, 6 Feb 2006, Tim Hall wrote:

TH>I've always maintained that the only way to stop spam would be to nuke 
TH>Florida.
TH>
TH>Since it's claimed that the spammers are concentrated in one or two 
TH>places, it might not be necessary to take out the whole state....

A small EMP in/over Clearwater would take out most spam AND most scams, 
yes.

The original residents, though, have done such a valiant job of trying to 
hang onto their town, though, that I'm rethinking the actual nuking thing.  
It's not their fault the whole Sender: thing got neglected.  (Really.  If 
Sender: had been enforced, and mail clients had actually paid attention to 
it, things would never have reached this point.)

-- 
Karen J. Cravens  silver@phoenyx.net

AOL and Yahoo's new Pay-to-Spam service

Karen J. Cravens wrote:

> The original residents, though, have done such a valiant job of trying to 
> hang onto their town, though, that I'm rethinking the actual nuking thing.  
> It's not their fault the whole Sender: thing got neglected.  (Really.  If 
> Sender: had been enforced, and mail clients had actually paid attention to 
> it, things would never have reached this point.)

What's the whole Sender: thing, and what would have happened had it not 
been neglected?

I've always wondered whether the proliferation of spam is partly because 
there are a lot of companies making money out of spam filtering, who 
would all go out of business if anyone devised a magic bullet to prevent 
spam.

AOL and Yahoo's new Pay-to-Spam service

On Mon, 6 Feb 2006, Tim Hall wrote:

TH>What's the whole Sender: thing, and what would have happened had it not 
TH>been neglected?

Spam was successful because the From: line is easy to spoof.  Period, full 
stop.

Initially, that was a feature, not a bug.  You were supposed to be able to 
send mail from, say, a friend's house, and have it still say "From: 
Me@my.house"  But to indicate where it really came from, you were supposed 
to say "Sender: Friend@friends.house"  *That* was the address that was 
always, always supposed to be legit.  But nobody bothered checking it, in 
two senses:  neither friends.house nor the recipient ever checked to make 
sure the outbound mail had a proper sender attached, and the recipient's 
mail software never bothered to indicate "Hey, this says it's from Tim, 
but he sent it from a friend's house."

Now, even if Sender was enforced it would be quite possible to forge From: 
lines... but because the whole thing was so horribly, horribly lax it gave 
spammers a huge head start before anybody really realized just what a 
scale it was happening on.

TH>I've always wondered whether the proliferation of spam is partly because 
TH>there are a lot of companies making money out of spam filtering, who 
TH>would all go out of business if anyone devised a magic bullet to prevent 
TH>spam.

Oh, definitely.  Not just spam filtering, but pink contracts... providing 
connectivity to spammers is *very* lucrative.

There's gotta be some serious bribery involved in the FTC/FDA, too... most 
spam is fraudulent, and plenty of vigilantes have tracked spam back to its 
source and had the agencies go "Yeah, so?"

-- 
Karen J. Cravens  silver@phoenyx.net

AOL and Yahoo's new Pay-to-Spam service

> I've always wondered whether the proliferation of spam is partly because
> there are a lot of companies making money out of spam filtering, who
> would all go out of business if anyone devised a magic bullet to prevent
> spam.

There is no magic bullet but, yes, the anti-spam companies (that is, the
ones that are *solely* anti-spam) do have a vested interest in keeping
spam going.  And there have been some verified links between them and
spammers, links that are usually hushed up very quickly.

Back in 2000 or 2001 my then boss found and verified that at least two of
commercial black-list services were funded by and/or provided funding to
spammers.  He brought this up at a computer security conference, the
reactions  ranged from "We suspected as much." to "Yeah, we found the same
stuff.  Can't do anything about it."

-- 
Michael Feldhusen
mike_f@io.com
caulay@gmail.com

AOL and Yahoo's new Pay-to-Spam service

On Mon, 6 Feb 2006, Michael Feldhusen wrote:

MF>Back in 2000 or 2001 my then boss found and verified that at least two of
MF>commercial black-list services were funded by and/or provided funding to
MF>spammers.  He brought this up at a computer security conference, the
MF>reactions  ranged from "We suspected as much." to "Yeah, we found the same
MF>stuff.  Can't do anything about it."

I have to admit, I've gone as far as thinking "Dang, I've learned a *lot* 
about spam filtering.  I could make good money crossing over."  I'm sure 
both sides consider that, and that it's not uncommon for it to actually 
happen.

Had I acquired my spam knowledge for an employer instead of defending 
something I love, that might actually be a temptation for me.

Oh, amusing aside:  Gizmodo doesn't have too much to say in the article 
that isn't in the headline, but I like the picture:

http://www.gizmodo.com/gadgets/software/aolyahoo-email-tax-to-stop-spam-why-it-wont-work-152917.php

-- 
Karen J. Cravens  silver@phoenyx.net