Tom Philois annoyed with . . .

A Simple Solution To Stopping spam

Tom Philo's Idea on a simple, cost effective, and effective way to stop spam

So Simple that it will not be implemented

Putting "spam" in the Marketing Perspective

"spam" is advertising done cheaply and always anonymously to sell a product. People have always tried to advertise as cheaply as possible. However, spam lowered the cost and added in one item that no one could avoid when advertising before: being anonymous.

Legitimate business ALWAYS include valid mailing, phone, web, e-mail in their mailings since they want repeat business and do not want to annoy hugh amounts of people and get a bad public image. Getting a bad image or annoying many people means people will avoid purchasing from their company. It also means they could be sued and in the US that is very easy and could cost them hundreds of millions of dollars in just defending against a few thousand lawsuits. (Think about it, if 5,000 people spent $500 to file a lawsuit against a SINGLE company, how much money would that company have to spend to send a lawyer to show up to defend against each one of them. 2 1/2 million. If they miss just one court date then they get a judgment against them are out a few hundred thousand for that one. Miss a few hundred and out goes 100 million.)

People who send spam don't care about their public image. They are dealing with statistics. Given X amount of people who get e-mail X percent will respond and purchase. Given that it may cost a spammer $50 a month to send out 50 MILLION spam messages, even at .001% response rate (.00001) that means 500 people will purchase a $50 item and that spammer makes $25,000 gross income that month. Even after merchandise expenses that person will likely net $12,000 that month.

Big numbers with small response in the Internet age still means a big income.

What A spammer MUST Always Include in an E-mail

Technological solutions to block the source is laughable — you never will block spam sources since people can tap into an open mail relay or set up an valid e-mail system and make it open to a spammer anyone anywhere in the world.

However EVERY spam message MUST have ONE of THREE possible items in it in order for them to sell their product:

Every solution EVER discussed ignores this simple fact.

Technical Solutions

Technical solutions discussed in the US Congress and elsewhere by "experts" always address and promote technical solutions on how to stop spam AFTER it has gotten onto the wire from being delivered. Spam is a social problem. Using technological solutions to stop a social problem does not work.

Blocking spam via another technology after it has been sent is like making people stand at their home mailbox paying COD charges for each letter before the letter carrier will give it to you. That means YOU are paying to stand there forever paying for the letters, before even being allowed to open them up to see if it is indeed spam. Regardless, the END USER is paying for a solution.

In addition, just by BEING there checking the message means it automatically lets the sender know you exist. If a mail box does not exist the mail would be rejected immediately (bounced) as having no valid address. Since it IS valid, and the spammer does NOT seeing a bounce message within a few hours it CONFIRMS that the e-mail has a 90% chance of being valid. So more will be sent more since they know that mail was either discarded or opened (it did not bounce immediately when sent.)

New ideas have promoted the idea to have the e-mail systems configured to NEVER send a non-delivery message to the sender in order to keep the spammer from finding out valid e-mail addresses. This of course means that if someone mistypes an e-mail and sends it they too will NEVER know if it got there or not.

Course this is valid ONLY if the spammer includes a valid return address. Since they never do, and they don't care, many spammers who have purchased e-mail lists just take the chance that most of the e-mail addresses are valid. Hey, if 1 million out of 20 million are invalid you still can easily make $5,000 a month at .00001 answer rate.

Trusted Sources

White lists, trusted e-mail servers, blacklists, real time black hole routers, and other proposed solutions all require the END USERS or ISPs to spend money and time to create a validated end to end e-mail system. This solution MAY only work once EVERY e-mail system in use all agree to implement it. It ALSO requires that people setting up these systems NEVER allow spammers to have accounts.

If an ISP does allow them to have an account, then the e-mail IS a valid trusted system and the mail is STILL sent. Then what do you do? If 50 million e-mails are SENT from a trusted e-mail system in Togo, but has misleading subject lines and is pitching something totally not wanted what recourse does a user have to go against a system over there? Does the Network cut off the ISP of the nation? The e-mail WAS from a valid trusted e-mail system source. The laws in THAT nation does not prohibit sending spam. Does the UN enforce a no-spam zone on the country (Ah forget that idea, the UN cannot even agree to propose to stop a war or tell a country from embarking on genocide while watching it occur on live TV let alone stop a country from sending spam.)

A Solution

Attack spammer at THEIR revenue end — not end users.

Instead of blocking delivery take the other approach — yank the methods the spammer must use to make a sell - block the advertiser from ever getting a response.

A Lawful Solution

What is needed is a law — and very fast methods to react to spam — that makes the spammer / business lose access to customers immediately (or at most in 24 hours after the initial spam has been sent) by shutting off ability for anyone to get to them — block their phone numbers, web addresses and mailing addresses.

Anonymous Monitoring

Have a small staff in an agency (maybe 60 people) who create and monitor lots of e-mail accounts for spam. Have these people create accounts, post a few messages onto boards and wait. If that e-mail account starts getting spam from sources never associated with those posts then that alone means the messages are likely spam.

Then if they have a 1000 accounts and 800 all get the same message pitching a product with invalid subjects, random e-mail return addresses and other similar hallmarks of spam mailing it pretty much means it is spam.

The final one that can of course can determine that it is spam is when the web site, phone number or mailing address that the spammer MUST include in order to sell that product all is traced back to the SAME location — then they know it is spam.

This could take maybe 30 minutes to find out.

What Happens Once spam is Confirmed

Once it is determined that this was indeed valid spam this agency / department has the authority to have the post office put a block on delivery of all paper mail delivery to that address and have it seized under existing laws, the Telcos (at least in the US) to suspend the phone number - again under existing laws - or block all calls originating in the USA trying to dial to it — and have the Net/ISP provider block the IP/URL address and disable the account: all on the same day of detecting spam (again, we cannot control access in other countries but we can block all access to it FROM the USA thereby not violate treaties or interfere with access to those places from elsewhere. We can block any traffic passing THROUGH any device IN the USA (or any company doing business in the US) which is allowed under international law. Other counties could easily enact similar laws that does the same thing.

Have the US Congress Pass This Law

In the US have a simple federal law to set up a central spam Detection Agency ("spam Duh") within the Federal Trade Commission or Commerce (FBI, or some other agency that has the power to do administrative judgments, the law has to be written forcing the agency to do this within 60 days, on their own any agency will spend a few years to decades before doing anything), funded by ISPs (it is in their interest to stop spam since they have to put in hardware and software to handle the volume) with more money provided by fines on those companies / people sending out the spam. Have a hefty $50,000 fine per occurrence levied against senders each time they send out a spam set. This applies to the spammers and people who hired the spammers to send people to their web sites: do any or all actions permanently barring them from obtaining any 800 number (or any phone number), web address, net accounts in the US after the third time — by them or any known or suspected associates. Have them also post a $100,000 bond before they can get any type of net account if a fine is ever levied.

Note: Make all this an administrative action: like that of a traffic ticket — guilty until proven innocent. Access is blocked till they pay the ticket ($50,000). Once the ticket is paid the blocks are removed and if they challenge the ticket then a court date is scheduled. Do not use a formal grand jury or legal charges environment. Blocking first means that these people MUST come out in the open and challenge the administrative ruling in an administrative court.

Put the burden on THEM to prove that they have not sent out the spam or contracted with a spammer to pitch their product in order for them to get their fine back. This is what happens in traffic court.

And have all fines indexed to inflation. This will solve 95% of it.

This central FTC group (or whomever it is assigned to in other countries), after they detect a mass mailing of spam, would have INSTANT authority to contact the Telco who owns the number, The Post Office to seize mail and the ISP/Internic to shut that site immediately. (And if ISPs will not shut down abusers in their domains / web site then the whole ISP is cut off from access to the Internet at the DNS root server(s)).

This will also enforce the ISPs who sell domain names to ensure that those people have valid phones, addresses, e-mail accounts before they sell a domain name. Else that whole ISP is shut off after x% of the domains they registered have proven to be spam accounts or marketers.

Legitimate business will not have to worry about this since they ALWAYS provide valid return mail addresses, ways to opt out of mailings (and honor it), valid postal addresses, customer service phone numbers etcetera. These firms also do not resale people's e-mail who are on their mailing list (unless noted in their valid privacy statements.) Spammers never do these things.

This attacks spammer at THEIR revenue end — not end users.

If their firm or site can NEVER be contacted then they will go out of business real fast. Only then will these people stop sending billions of spam messages a year.