The real way to END (your) SPAM...

[goBigtime]

This solution isn't for the masses because it might be considered too "complicated", but it will work perfectly for anyone here with zero lost emails and nearly no time lost filtering junk mail from real mail.


1. Buy a domain.

2. Give everyone their own custom email.

ie... you have a friend Robert, Jane, Sarah..

Give them:

[email protected]
[email protected]
[email protected]


If you sign up for ebay... give them: [email protected]

If you sign up for dotster... use [email protected]

Never post your email address in plain text somewhere that it can be harvested but not changed (like Usenet or WWWboards)


If any of them get compromised, you can always log into your account and change your email address they have on file & blacklist the old one. If it was a personal contact, just send them like three emails to let them know you have updated THEIR email address for you because you ahve been getting spam on it, and now its [email protected] for example.

It is very easy to blacklist email addresses with Qmail:

Just create a dotfile with the account you want to blacklist:

.qmail-robert

and put: /dev/null

inside it... that's it! No more mail will be delivered from that address.

I found that 90% of my spam mail came from my domain contacts. Luckily I was using [email protected] so all I had to do was update the contact info and blacklist the old domain.

Those domain contact spam lists are very old. It is much harder (but not impossible) to harvest big numbers of whois records for free now... so if you were to update your contact information and blacklist the old address(s) then you would see a huge drop of spam without any collateral damage (lost valid emails)


Does anyone know a similar way to route mail to a specific email address to /dev/null using Sendmail or Procmail?

[lilj]

Pretty good idea hehe helps you keep track too ;)

[jpwhits]

making a special email for sites is a good idea, find out which bastards are spamming

[ldinternet]

I started doing that a while back.

I found that it was impossible to unsubscribe from ARS spam. They denied everything, I had to block the address.

After signing up for their sites, deluxepass, alt.com and hawgscash are mailing me... let's see if they honor my remove requests.

[goBigtime]

Quote:

Originally posted by ldinternet
I started doing that a while back.

I found that it was impossible to unsubscribe from ARS spam. They denied everything, I had to block the address.

After signing up for their sites, deluxepass, alt.com and hawgscash are mailing me... let's see if they honor my remove requests.

If it's someone I'm doing business with, I'll give them a heads up as to who is spamming their list, suggest that they may have security issues that are leaking emails, change my address on account with them & if I start getting spammed again then blacklist them permanently.

If someone can't keep their customer data safe, then they are too much of a risk to do business with.

[=^..^=]

I do that BUT
there is a downside to this:

any webmaster with half a brain knows that if you are assingng emails to each site - that you must have a catch all address.

so suddenly you start getting flooded with emails all going to "[email protected]"

[NetRodent]

[email protected]
[email protected]
[email protected]

Common first names attract spam even if they are unpublished.
You're less likely to get random spam if you use their last names as well.

[email protected]
[email protected]
[email protected]

Quote:

Originally posted by =^..^=

any webmaster with half a brain knows that if you are assingng emails to each site - that you must have a catch all address.

so suddenly you start getting flooded with emails all going to "[email protected]"

Not necessarily, you could alias only the names you need.

[goBigtime]

Quote:

Originally posted by NetRodent
[email protected]
[email protected]
[email protected]

Common first names attract spam even if they are unpublished.
You're less likely to get random spam if you use their last names as well.

[email protected]
[email protected]
[email protected]

Sure.. I was thinking area codes or birth years as well.

But First.Last works too

[Paul Markham]

There is an easier way and one that will stop all spam. Give people the option to pay a cent for every email over 1,000 per month. For large companies with big sites, it could be a free 1,000 per gig on a hosting service.

Businesses like mine that rely on mailing clients would be happy to pay it. Contacts would welcome getting an email instead of hating it. Fewer would get filtered out, therefore increasing profit margins, less time would be spent removing spam.

The big spammers work on sending out millions of emails, let them have to pay out $1,0,000 per million and they would soon disappear. This would also apply to all countries, because the recieving email program could be set to accept or deny free emails. The recpient would soon realise that spam could be stopped dead in it's tracks and turn off free mail services, who would soon conform.

[goBigtime]

Quote:

Originally posted by =^..^=

so suddenly you start getting flooded with emails all going to "[email protected]"

You don't use commonly guessed names like support, info, admin, webmaster, customerservice etc...

Instead you would blacklist the commonly used names either beforehand or as they get spammed.

And for your own interaction with customers, always try to protet your address if you can... I need to finish doing that on some of our sites.
Use webforms that don't have the recip email in the source for customer interaction... ie a form that uses input type="hidden" name="email" value="[email protected]"> Is worthless.

This method in this thread can work better than anything else currently out there if you use it right.


I still need to update a lot of our sites to use this... been too busy but its on the todo list

[goBigtime]

Quote:

Originally posted by charly
There is an easier way and one that will stop all spam. Give people the option to pay a cent for every email over 1,000 per month. For large companies with big sites, it could be a free 1,000 per gig on a hosting service.

And how do you keep large hosting companies who have these wholesale rates for larger clients legitimate?

Everyone knows hosting companies can be trusted to help defeat spam

Quote:

Originally posted by charly
Businesses like mine that rely on mailing clients would be happy to pay it.

Why would you be happy to pay for something that should be free?

To help end spam? There are other ways.

What if your business model requires that you do daily mailings, but because of the pay-per-email rule, you are now forced to conduct a monthly mailing? Assume it is for a daily newsletter type of thing that customers actually WANT to receive.

There are a lot of questions that come up about the Pay-Per-email model... #1 being - who gets the money and why? Last thing we need is another Network Solutions type of company being given park place and boardwalk again. And what is to stop it from becoming a pay-per-SPAM model once they get it all into place (ala USPS Bulkmail.)


What about businesses that have millions of legitimate contacts? They should not be burdened financially in ANY way, regardless of how small the amount per email is for them.

Pay-per-email is BS.

[NetRodent]

Quote:

Originally posted by charly
There is an easier way and one that will stop all spam. Give people the option to pay a cent for every email over 1,000 per month. For large companies with big sites, it could be a free 1,000 per gig on a hosting service.

Businesses like mine that rely on mailing clients would be happy to pay it. Contacts would welcome getting an email instead of hating it. Fewer would get filtered out, therefore increasing profit margins, less time would be spent removing spam.

The big spammers work on sending out millions of emails, let them have to pay out $1,0,000 per million and they would soon disappear. This would also apply to all countries, because the recieving email program could be set to accept or deny free emails. The recpient would soon realise that spam could be stopped dead in it's tracks and turn off free mail services, who would soon conform.

Who collects the funds? Who keeps track of whether a "user" has sent over 1000 messages? Who verifies that a message is paid for or not? What about companies who are their own hosts?

[Paul Markham]

Quote:

Originally posted by goBigtime
And how do you keep large hosting companies who have these wholesale rates for larger clients legitimate?

Everyone knows hosting companies can be trusted to help defeat spam


Why would you be happy to pay for something that should be free?

To help end spam? There are other ways.

What if your business model requires that you do daily mailings, but because of the pay-per-email rule, you are now forced to conduct a monthly mailing? Assume it is for a daily newsletter type of thing that customers actually WANT to receive.

There are a lot of questions that come up about the Pay-Per-email model... #1 being - who gets the money and why? Last thing we need is another Network Solutions type of company being given park place and boardwalk again. And what is to stop it from becoming a pay-per-SPAM model once they get it all into place (ala USPS Bulkmail.)


What about businesses that have millions of legitimate contacts? They should not be burdened financially in ANY way, regardless of how small the amount per email is for them.

Pay-per-email is BS.

Who ever thought stopping spam could be done for free is living in a dream world. But not stopping it is costing us all a lot more than a cent an email.

OK if you are a large company and you have a large site you get a bigger allowance. But think about it if a company does not make $1 for a every hundred they send out, they should examine their business model.

If it's a purely informative email then maybe there could be allowances for education. But if you are a business like Adult.com you are sending out emails to make money, not educate people.

As for who gets the money well this is a situation that needs addressing. But with hosting as competetive as it is, if they got more money in one door they could and probably would reduce costs out of another.

And do not forget I said it should be optional, if you choose to go the old route of free emails then fine and you can choose if you want to recieve them as well.

But the biggest problem to my idea is the dream that the Internet is free. It never was and never will be. Somebody somewhere has to pay for it and that is the consumer.

Think about all the people who are scared to join a site because they fear getting spammed by porn sites, think about all the people who wil think Bush is right to fight porn becasue they get it in their email box?

All at a cost to us.

Quote:

Who collects the funds? Who keeps track of whether a "user" has sent over 1000 messages? Who verifies that a message is paid for or not? What about companies who are their own hosts?

All fine tuning. No host will allow a million emails to go out with out the money paid up front. The massage has to be tagged as a paid one or not, this is programming violaters would face massive fines. Companies doing their own hosting would have to be charged. Don't forget the key is to tag the email and then the reciever opts if he wants free mail or not.

[goBigtime]

Gate's idea for a small computation problems to be the "currency" is great... for low volume personal email.

But that of course will introduce a need for a solution for high volume enterprise mailer - and that solution will cost $$$... straight into the pocket of M$ or whatever goverment agencies is in on it with them.

It's not right, but It's definitely the future of email.

I knew for a long time that email would eventually be a target.... I can't begin to imagine the financial hit the USPS has taken due to people using email.

[Paul Markham]

Quote:

To help end spam? There are other ways.

So give us some ideas. I'm not saying my way is the best but until I hear of a better one I'm sticking to it.

The problem with the spammer is he's sneaky and will try to evade blocks. This idea requires him to pay up or send it out free.

Trying to hijack the system is stealing and a criminal act.

[Paul Markham]

Quote:

Originally posted by goBigtime
Gate's idea for a small computation problems to be the "currency" is great... for low volume personal email.

But that of course will introduce a need for a solution for high volume enterprise mailer - and that solution will cost $$$... straight into the pocket of M$ or whatever goverment agencies is in on it with them.

It's not right, but It's definitely the future of email.

I knew for a long time that email would eventually be a target.... I can't begin to imagine the financial hit the USPS has taken due to people using email.

As you say nothing is free, the USPS will tell you what emails has cost them.

We all have to pay for everything. Be it as we buy it, taxes or even charity has to paid by someone.

What charging per email does is makes the guys sending out millions a day pay the true costs.

[ztik]

you know they randomly scan ip's / domains searching for valid emails now. You'll still get spam eventualy. And if you make them like "bob" and "jane" you'll get alot more. You would need to make random numbers and letters to avoid that.

[NetRodent]

Quote:

Originally posted by charly
All fine tuning. No host will allow a million emails to go out with out the money paid up front. The massage has to be tagged as a paid one or not, this is programming violaters would face massive fines. Companies doing their own hosting would have to be charged. Don't forget the key is to tag the email and then the reciever opts if he wants free mail or not.

No, the key is there is nothing to stop the sender saying a message is paid regardless whether it is or not. Good luck trying to track down the spammer to fine him.

[Paul Markham]

I just thought of the beauty of this and if it could be instigated why it would work.

90% of spam is aimed at private/domestic. They set their email programs to accept only paid for emails and you would hurt the spammers percntages so much they would go down. They work on fine margins, reduce their target market 25% and increase their costs and they are gone.

What is it worth to you to get rid of spam is the real question?

[goBigtime]

Quote:

Originally posted by charly

Who ever thought stopping spam could be done for free is living in a dream world. But not stopping it is costing us all a lot more than a cent an email.

I guess the OpenSource & FreeWare communities have it all wrong then. Alot of really good, high quality solutions for things are created, improved on, and supported by the opensource communities - Including your own server OS, HTTPd & mail daemons.. among other things I'm sure.

You can get commercial versions of things that offer alternative features or functions, but to say that you're living in a dreamworld if you think spam can be resolved for "free" isn't a very intelligent statement... especially when you consider all the things that have been done for "free" on the internet.

Hell, this thread alone basically tells you how you can resolve your personal spam issues for free.

Quote:

Originally posted by charly
OK if you are a large company and you have a large site you get a bigger allowance. But think about it if a company does not make $1 for a every hundred they send out, they should examine their business model.

Maybe that company is a non-profit organization?

Or a mailing list for a OS distribution like Linux, FreeBSD (Competitors of M$)... or Apache webserver... The Opensource community relies a lot on high volume mailing lists between its contributors. They make minimal amounts of money, much less than $1 for every hundred they send out.

Quote:

Originally posted by charly

If it's a purely informative email then maybe there could be allowances for education. But if you are a business like Adult.com you are sending out emails to make money, not educate people.

Why should Adult.com have to pay money to M$ and/or the government send out it's daily newsletter? That newsletter has extreme value for the people who get and read it -- they give away ~$150-$200 in daily prizes in that newsletter.

So you think they should have to spend an additional $100/day to shoot it out? Maybe they would have to remove their daily prizes then -- and that would mean that this wonderful spam solution just decreased the value of the service and community that is GFY.

Lensman already pays to be able to deliver high volumes of mail -- he pays his host for bandwidth & the recipients pay their hosts for internet access and/or bandwidth.

It's already been paid for see?

Quote:

Originally posted by charly
And do not forget I said it should be optional, if you choose to go the old route of free emails then fine and you can choose if you want to recieve them as well.

Oh most definitely... it SHOULD be optional.

But like I said, M$ controls so much of the worlds computers, they would probably try to enable their method of email scrubbing by default... either actually having it enabled, or using a biased one-side view of why they should enable it.

And once that happens, everyone else just has to fall in line...
like it or not.

Quote:

Originally posted by charly
But the biggest problem to my idea is the dream that the Internet is free. It never was and never will be. Somebody somewhere has to pay for it and that is the consumer.

You need to do more research into the history of the internet and the services it replaced.

Quote:

Originally posted by charly
Think about all the people who are scared to join a site because they fear getting spammed by porn sites, think about all the people who wil think Bush is right to fight porn becasue they get it in their email box?

Definitely valid points. But just like the Diebold election boxes - there are other viable options that aren't being considered for the mainstream because they can't be controlled and taxed.


Anyway, I think if someone wants to join a porn site, they'll join

Most people I know have throwaway email addresses they use for this puprose.

There are also free services like http://www.spam.la
(just use [email protected] for a throw away email)

[cayne]

sounds good.

[Wilber]

Quote:

Originally posted by goBigtime
If any of them get compromised, you can always log into your account and change your email address

Change your email address to block spam? Your admin skills are brilliant.

[eroswebmaster]

spam doesn't really bother me that much...I just delete it.

[goBigtime]

Quote:

Originally posted by charly
So give us some ideas. I'm not saying my way is the best but until I hear of a better one I'm sticking to it.

"Give us some ideas?"... See thread.

So what you're saying is, you will do nothing and take a passive stance when there are currently perfectly good options available to you, because you would rather wait for M$ and/or the gov to come up with a commercial solution for you?

Quote:

Originally posted by charly
The problem with the spammer is he's sneaky and will try to evade blocks. This idea requires him to pay up or send it out free.


Trying to hijack the system is stealing and a criminal act.

The problem with the proposed solution (as I understand it) is that will be far too taxing on legitimate businesses.

[goBigtime]

Quote:

Originally posted by charly
As you say nothing is free, the USPS will tell you what emails has cost them.

I never said "nothing is free", in fact I have nearly stated the opposite ... that plenty of good things can be created for "free".

Quote:

Originally posted by charly
What charging per email does is makes the guys sending out millions a day pay the true costs.

Imagine GFY has a million members.

They don't, but they very well could...

Now Lensman has to pay hundreds or thousands of dollars a day to be able to mail his legitimate mailing list.

He may not be able to afford the charges for a daily frequency anymore so he has to scale back to weekly, monthly, or worse.

Charging for high volume emails will effect legitimate businesses and their legitimate business models and promotions.

[goBigtime]

Quote:

Originally posted by NetRodent


No, the key is there is nothing to stop the sender saying a message is paid regardless whether it is or not. Good luck trying to track down the spammer to fine him.

Oh you can count on there being new mail server specfications and closed source mail authentication modules that people will basically be forced to use if you wish to communicate with the world.

Wouldn't that be interesting... having M$ created closed source software on your FreeBSD or Linux servers.

[goBigtime]

Quote:

Originally posted by Wilber

Change your email address to block spam? Your admin skills are brilliant.

As are your skills in comprehension.

What I'm saying is, for example your [email protected] account was compromised somehow... maybe Amazon got hacked and their entire database was compromised etc....

And you start receiving junk email to [email protected]...

You would immediately blacklist [email protected]
Then log into your Amazon account and change your Amazon account email to something new like.. [email protected] and whitelist that email address.

The only person that legitimately should have been mailing [email protected] was Amazon, and they have now been updated with a new address for them, so you can now blacklist the old address and you will never see the junkmails.

Advanced tactics could reply to the blacklisted emails with a fake bounce so that the mail flow would cut down as well (mailers do typically remove bounces)

[goBigtime]

Also for the person who said you had to open up a catchall....

There are plug-ins for most MTA's I think that will give you whitelist/blacklist capabilities...

So really you would just add emails to your whitelist as you give them out and blacklist them as they are compromised.

[Amputate Your Head]

Quote:

Originally posted by goBigtime


As are your skills in comprehension.

What I'm saying is, for example your [email protected] account was compromised somehow... maybe Amazon got hacked and their entire database was compromised etc....

And you start receiving junk email to [email protected]...

You would immediately blacklist [email protected]
Then log into your Amazon account and change your Amazon account email to something new like.. [email protected] and whitelist that email address.

The only person that legitimately should have been mailing [email protected] was Amazon, and they have now been updated with a new address for them, so you can now blacklist the old address and you will never see the junkmails.

Advanced tactics could reply to the blacklisted emails with a fake bounce so that the mail flow would cut down as well (mailers do typically remove bounces)

this is fine if you only have a handful of accounts and/or friends/associates to deal with.... but what if you're dealing with numbers in the hundreds? How the hell are you supposed to remember every single new email you've created and what it correspondes to?

Combine that with the added task of now having to maintain that and constantly change and update, I don't see this as a very good solution.

[goBigtime]

Quote:

Originally posted by Amputate Your Head


this is fine if you only have a handful of accounts and/or friends/associates to deal with.... but what if you're dealing with numbers in the hundreds? How the hell are you supposed to remember every single new email you've created and what it correspondes to?

Combine that with the added task of now having to maintain that and constantly change and update, I don't see this as a very good solution.

Hmm... yeah for your businesses dealing with the public, you would need another option...

Just off the top of my head here....

You would use intelligent webforms for all customer communications (ie they have a challenge picture "what does it say in the box?" that they would have to get corrrect before their email gets sent the first time)

You communication back TO them would clearly state not to reply to the communcation and instead use a link that will help link the communication to the problem..... standard ticket system stuff.

In the event they do email you at that address, it will just reply to tell them that their message WAS NOT RECEIVED and they need to click the link and communicate via the webform.




But for your PERSONAL dealings with friends and other businesses, there is no reason why you couldn't use a method like I described in the first post.... ie whitelist [email protected]

I hate spam....