Will certified e-mail stop spam? (was: unsubscribing... etc)

Peter plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org
Mon Apr 17 18:16:02 UTC 2006 

On Mon, 17 Apr 2006, CLIFFORD ILKAY wrote:

> If someone leaves their computer unpatched, runs without anti-virus
> software and their computer is compromised and used for nefarious
> reasons, as far as I'm concerned they only contributed as much as
> Ontario Hydro, Future Shop, their employer, HP, Rogers, or any other
> entity that could peripherally be involved in having that computer
> on-line so that criminals and other miscreants could exploit it.

You are right, *but* once the phenomenon becomes rampant people are told 
by their sheriff, employer, car maker, and other authorities, to lock 
the g*d d**n car up already or start paying fines made specially for 
people who leave cars unlocked. That time is now.

>> So the onus would be on the person initiating the suit to show that
>> they had suffered serious monetary losses, and that the owner of
>> the computer should have taken measures to prevent its
>> misappropriation.
>
> Who's going to decide which measures are sufficient? I hope we never
> see the day that we see such lawsuits for it will only hurt everyone,
> through higher fees for Internet access, computers, insurance, more
> hassles, more bureaucracy, the general tendency to over-regulate
> everything, concentration of power in the hands of larger players,

I was proposing a *voluntary* system where ISPs participate. No 
obligation on any side. Users can always take their business elsewhere. 
But users and ISPs in such an arrangement will save money because much 
less of their bandwidth and virus filter load, and mailbox sizes, will 
be clogged with spam. With present day numbers, in many places this may 
mean halving the size of user mailboxes.

> What if the OS in question is Linux? Who are you going to sue then? I
> would not be surprised if most of the spam on the Internet today
> originates from a Linux server that hasn't been compromised and is
> doing exactly what it was designed to do, pump out lots of mail
> reliably, something which the Linux bigots claim Windows can't do
> reliably anyway. In other words, to cop a phrase from the gun debate,
> "Operating systems don't send spam. People send spam." :)

True. But port 25 incoming has nothing to do with spam sending. Current 
botnets send spam by forging packets or so it seems.

> issues. All this zeal to find fault with the owners of machines that
> are supposedly turned into spam zombies is really just a proxy for
> Microsoft bashing that is all too common amongst Linux bigots, which
> is silly, since there is no proof whatsoever that the majority of
> spam originates from Windows machines anyway.

Nobody said anything about specific operating systems. I wrote that it 
may be better for clueless users to have qualified people secure their 
systems, instead of their friendly neighbor using an illicit copy of 
norton av or whatever. And if so, better install a Linux version since 
it seems to be easier to secure and stays up longer. After all, this is 
a linux user list, no ?

> How are these spam zombies supposedly sending out mail now that most
> ISPs are already blocking port 25? I suspect that the majority of

Port 25 has nothing to do with it on the sending side. The packets are 
forged, header, origin port and everything.

> obtained via identity theft. Most spam has a profit motive behind it.
> The way to reduce or eliminate the profit in spamming is not with
> these misguided "certified e-mail" schemes that any spammer with half
> a brain can circumvent easily but to attack them at the source, by
> prosecuting the spammers for their criminal activities. That is
> easier said than done when many of the players are adept at evading
> the authorities, located in jurisdictions where their activities may
> not be considered illegal, or located in jurisdictions where it is
> easy to buy off the authorities.

This is not about certified email, it is about an idea I had to charge a 
minimal sum in escrow, by the ISP, for sent mail. If a 5xx response is 
not seen in a week, the fee is waived. Additionally there would be a 
quota of 'allowed' spam to cover unintended mistakes. This would give 
ISPs a small button to push to make users keep their systems clean.

About your idea that Unix machines send the majority of spam, I do not 
agree. The largest spam-originating countries are well known, USA is one 
of them, and due to the low penetration of Linux it is logical that the 
majority of spam comes from something else. The mahority of 
installations are Windows machines. Spam origins vary widely enough to 
eliminate the idea that they come from a few machines.

Peter
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list