ABSTRACT

REASON FOR THIS ARTICLE

GALLERY OF SPAM

1. My E-mail "Inbox"

FIGURE: A portion of my e-mail "Inbox" on 2004 March 29th as manifested by the
        "Microsoft Outlook Express 5" application.  On this date I received 
        9 "legitimate" messages, 77 spam messages, and 2 virus attachments.

2. Notable Spam from the Years 2001-2003

FIGURE: I received this spam message on 2001 September 21st, 10 days after the
        World Trade Center buildings were destroyed by fires following plane
        crashes directly caused by terrorists.

        This spam message, offering, among other things, a bumper sticker that
        advocates a plan to "Nuke Afghanistan", demonstrates that spam can be
        very political.  Following the US initiation of the war on Iraq in 2003,
        spam offering "Terrorist 'Most-Wanted'" playing cards, depicting 52 
        people targeted by the US anti-terrorism effort, arrived almost daily
        in my e-mail "Inbox" for many months.

        It is important to consider politically-motivated spam, or spam efforts
        that seek to profit on hate.











FIGURE: This creepy spam message, like most spam messages, addresses some sort
        of personal insecurity.  This same product, in a funny coincidence,
        was also promoted as a way to spy on naked women -- essentially 
        advocating a means to violate someone else's personal security.











FIGURE: This spam message, which I received some time in the year 2002, makes
        an indirect reference to the film "The Matrix":
        
        [Morpheus offers Neo a choice between two pills, one blue and one red.]
        "You take the blue pill, the story ends, you wake up in your bed and
        believe whatever you want to believe."
        "You take the red pill...and I show you how deep the rabbit hole goes."
        
        Although in the film it is the red pill (not the blue pill) that will
        result in being shown "how deep the rabbit hole goes", the humor of 
        this Viagra spam message is hardly diminished.

        Compared to penis-enlargement product spam messages of 2003 and 2004,
        this spam message is fine art!












FIGURE: This spam message, which I received some time in the year 2002, is the
        most outrageous invitation for irony I have ever seen.

        The idea of promoting a sense of security by installing an application
        that is completely invisible and secretly records all instant messages,
        chat, e-mail, web sites, etc, is perverse.  Naming the application 
        "IamBigBrother" is hilarious!        












FIGURE: Apart from the fact that the product one might receive after responding
        to this offer is likely to actually contain viruses rather than
        prevent them, I chuckle at the hypocrisy of a spam message that
        proclaims: "Norton Spam Alert filters unwanted e-mail!"

3. Non-technical spam examples from 2004

FIGURE: This spam message is, apparently, an invitation to start a career
        in sending spam messages!  (Of course visiting the specified web site
        address could lead to viruses, such as spyware or a trojan mailer.)

        I can't help it: I love the bravado of the author of this message!
        My sober judgment says this person's position is very wrong, but 
        there is something very human about this message that resonates
        with me.











FIGURE: This spam message promotes a service to allow one to send spam messages
        to "27 million people".  I suppose receiving this message itself lends
        some (i.e., 1/27000000th) credibility to the sender's spamming 
        capability.











FIGURE: I like the domain name: "YetAnotherDomainName.com" (created 2004
        January 29th, and resolving to 216.177.88.181 at the time of this
        writing, 2004 April 3rd.)

        This domain name actually captures the spirit in the spammer realm,
        where purchasing new throw-away domain names to launch the next spam
        campaign is a small price to pay to avoid spam obstacles, like 
        IP blacklisting or cancellation of service by the web hosting provider
        (who discovers, too late, that a host was rented for use in a spam
        effort).











FIGURE: I like this one; just sign up and start making money -- while doing
        "Absolutely Nothing!".  Scams are based on greed, and this example is
        one of the purest appeals to greed I've ever seen.











FIGURE: This spam message promotes a book whose only possible positive use is
        by law-enforcement officers trying to keep up with criminals.

        I guess I might find such a book intellectually interesting, much like
        the articles in "2600" magazine, and I support being able to freely
        share any ideas whatsoever, but these facts do not make this book, and
        others like it, any less repulsive to my ethical sensibilities.
        How lonely and hostile a world it must be for a person to seriously
        consider the subjects in such publications.

        Some of the items seem somewhat contradictory: "Surf Internet
        Anonymously" while also demonstrating that one can "Hack into other
        [people's] computers remotely";  Or, "How to get fake identity
        documents", but demonstrating "tracing and tracking people [...]
        to find those who don't want to be found".












FIGURE: This spam message teases me with one of the central mysteries of spam:
        How can anyone buy medication (which enters and affects one's very
        body) from a business that thinks it is okay to use a fake sender name,
        use a humiliating taunt as a subject, and make numerous spelling errors
        in the promotion, and end with a collection of random words?  (If a 
        person is savvy enough to recognize the fact that the misspellings and
        random words are methods of evading spam filters, all the more reason
        to mistrust the business attempting to sell the medication!)

        But, on the other hand, I am baffled by the state of mind of the 
        spammers who send messages like these.  What world-view makes it okay
        to send messages like these?  (NOTE: I strongly agree with the 
        principle of free communication, but I still wonder why people choose
        to express certain ideas.)

4. "Identity Theft" examples from 2004

FIGURE: This spam message is admirable in its professional appearance and for
        its outrageous inclusion of phone numbers and web site addresses to 
        help the victim gather information to be scammed more efficiently
        and completely.











FIGURE: The PayPal scam e-mail message in the previous figure includes the 
        JavaScript code directly above -- which repeatedly writes the text
        "http://www.paypal.com" to the browser status bar (lower-left border
        or Internet Explorer, for example).  Thus, when the user hovers the
        mouse over the critical links in this spam message, the actual link
        (which would be a potential give-away that this is a scam) is 
        quickly clobbered by the text "http://www.paypal.com".  Only someone
        watching the status bar intently while moving the mouse on and off
        the various links (without clicking) would see the brief flash of
        the real target web site address.











FIGURE: This "identity theft" scam, allegedly from Citibank, which I received
        on 2004 April 4th, makes a direct request for a debit-card PIN 
        (Personal Identification Number), which can be used to withdraw cash.
        This must be a psychology experiment, or a massive IQ test, or perhaps
        the "Spam & Bologna" contest (in progress at the time of this writing).











FIGURE: The "Citibank" scam spam message in the previous figure has the HTML
        code shown directly above.











FIGURE: This eBay scam isn't as elaborate as the PayPal scam above, but it
        probably looks sufficiently professional to be effective.

5. Virus attachment examples from 2004

FIGURE: I have to say: This e-mail with virus attachment is a bit of a
        contemporary classic.  I've never actually tried the virus out, you
        know, to see if it fit my lifestyle, but, hey, "500.000" people 
        can't be wrong!











FIGURE: Wow, this virus attachment has quite a background story!

6. Trivial obfuscation example from 2004

FIGURE: This is a trivial form of obfuscating the content of HTML to thwart
        text-based e-mail message content filters.  The dummy HTML tags
        break up the text that will ultimately appear in the HTML document.
        The solution to this direct problem is to eliminate or consider the
        effect of HTML tags before scanning for spam-indicating words, but
        this is just the beginning of the hopelessness of content scanning,
        as will become more evident in the subsequent sections of this article.

7. Unicode examples from 2004

FIGURE: "Unicode" characters allow the characters of major world languages to
        be placed in documents, such as documents in the HTML format.  The 
        spam message shown above, which I received in 2004 March, illustrates
        a conventional use of Unicode characters -- in this case to represent
        letters of the Russian (Cyrillic) alphabet.











FIGURE: Spammers have found another use for Unicode characters: displaying 
        characters that look like English letters, but in fact are letters and
        symbols from other world languages.  Thus, English readers, humans,
        have no trouble reading the text, but automated content scanners 
        will fail to detect the presence of "spam-indicating" words.

        Of course one solution is to build up a table of how Unicode 
        characters visually relate to English letter and number characters.
        But, given the large number of Unicode characters visually 
        "compatible" with various English letter and number characters,
        this effort is likely to be intractable.  Combine this with 
        strategic misspellings and random interjection of punctuation,
        and content filters are doomed to fail.

        I suppose an isolationist American could block all e-mail containing
        Unicode, but even plain English characters can be used in creative
        ways that humans have no trouble reading but present an intractable
        problem for content scanners.  A filter that rejected ungrammatical
        content, or content with many misspellings, would likely claim a 
        large fraction of "legitimate" domestic e-mail!

8. Off-topic text examples from 2004

FIGURE: This spam message includes a paragraph from a formal text (in this
        case a Travel Warning issued from the United States Department of State
        on 2004 March 23rd: http://travel.state.gov/israel_warning.html; I
        discovered this by a Google search for "curfew should remain indoors").

        The meaning of the text isn't as important as the fact that it is
        grammatical, potentially "interesting", and large enough to greatly
        "outweigh" any spam indicators that might be detected elsewhere in the
        message.      

9. Base-64 encoding of HTML examples from 2004

FIGURE: This is the plain-text appearance of a spam message containing HTML
        encoded as base-64.




The following C code compiles to a very crude base64-to-text conversion
utility.  One must manually place a base-64 block of text, by itself, in a
text file, and then use this utility to generate text output -- which, by the
command line, can be directed to an output file.  I only wrote this code as a
learning experience, and to convert samples of base-64 from e-mail messages.
I offer it for illustration, and perhaps inspire you to seek a "real" base-64
decoding utility elsewhere.

FIGURE: This is the plain-text decoded form of the base-64 content in the 
        spam e-mail above.

        Apart from revealing the web site address promoted by the spam 
        message, the decoding also reveals "random" words designed to
        "dazzle" Bayesian spam filters (such as the Mozilla browser
        Bayesian spam filter).  It is important to note that this 
        spam-filter countermeasure was placed within a base-64 encoded
        block -- which means the spammer assumes that base-64 blocks 
        will be decoded and subjected to content analysis.

        One more VERY IMPORTANT thing to note about this example:
        The spam message is totally contained in the image specified by
        the HTML image tag, stored on a remote server.  Thus, unless a
        content-based filter notes the "tabs", "biz", and "pills" parts
        of the web site address and file paths, this message is totally
        benign.  (A better spammer would not put "tabs" and "pills" in
        any part of a URL.  An explicit IP could eliminate the explicit
        "biz" domain part -- although a reverse DNS lookup could find the
        "biz" part.)  The point is that it is trivial to eliminate any
        evidence that the message is spam.  Sure, one could add a new
        spam detection rule that flags e-mail messages that only contain
        HTML image tags, etc, but the risk of flagging legitimate e-mails
        in the process is high.

10. Example of tracing spam from 2004

FIGURE: Despite the "explanation" of why this business is able to offer such
        low prices on software, this spam message was clearly sent from a 
        software pirate.  If indeed one can actually pay money and initiate
        a file download from this spammer's server, there is no assurance
        that the file will be the actual application, as opposed to a virus,
        or a virus-infested version of the desired application.

        In any case, for the purpose of illustrating the search for information
        about sources of spam, I chose to lookup the owner of the domain
        (associated with a URL found in the HTML code of this spam message):
        "buye-soft.biz".









The search begins by going to the "whois" search page of the InterNIC web site:


http://www.internic.net/whois.html





FIGURE: I assume ALL of the information returned by this "whois" search is
        fake -- except for the trivial details: Domain Name, Domain ID,
        Domain Status, Registrant ID, Name Server, Created By Registrar,
        Last Updated by Registrar, and the dates.

        The only really interesting part is the "Domain Registration Date",
        which in this case indicates that the domain was created less than
        one week prior to my receipt of a spam message containing links to
        a web site in this domain.

        I have seen this many times -- domains registered within days of
        corresponding spam messages (containing links to hosts within those
        domains).  As mentioned earlier, the $20 one-year domain registration
        fee, and a $20 web hosting fee, makes for a $40 total overhead to 
        starting a spam campaign -- and a single customer, or a single scam
        victim, can easily surpass the break-even point of the business model!

DEFINITION OF "SPAM"

Unfortunately, that simple description has subjective terms.
The subjective terms are considered in this section.

METHODS WHICH FAIL TO SIGNIFICANTLY
REDUCE IMPACT OF SPAM

1. LAWS

The assumptions leading to the creation of laws to indirectly reduce the impact
of spam include:

Reasons why laws cannot stop spam include:

2. IP/E-MAIL ADDRESS BLACKLISTS

The following describes the concept of an IP/e-mail address blacklist:

Reasons why a blacklist method cannot stop spam and would lead to many problems
and ethical issues include:

3. GENERIC HUMAN-SKILL CHALLENGES

The following describes the concept of a generic human-skill challenge:

The free "Yahoo! Mail" service uses a generic human-skill challenge during
the registration process to prevent automated systems (created by spammers,
for example) from using registering for thousands of e-mail accounts.
Aspects of "Yahoo! Mail", including the generic human-skill challenge, is
shown in the following figure:




One VERY IMPORTANT thing to consider about "Yahoo! Mail", as described by
the quotes shown above regarding service features, is that e-mail messages
AND attachments are AUTOMATICALLY ANALYZED.  While this analysis may have
been devised by well-meaning individuals trying to improve the experience
of users of the "Yahoo! Mail" service, it is critical to understand that
this is detailed analysis of one's communication.  Although I believe the
privacy of e-mail itself is promised up to a specific point (like court
subpoenas), I do not see any such promise of privacy concerning the use of
the results of the analyses (which may actually contain rough semantics
(meanings) of content).  Is a transliteration of an e-mail, using different
figures of speech and phrases, and synonyms where possible, assured the 
same level of privacy?  In what sense is even an "anonymous, automated"
analysis of e-mail messages and attachments "private"?

4. COMMUNICATION-RATE REGULATION BY
   REQUIRING RESULTS OF DIFFICULT
   COMPUTATIONAL TASKS

The following describes the concept of communication rate regulation by
requiring results of difficult computational tasks:

Reasons why a communication-rate regulation by requiring results of difficult
computational tasks can fail to control spam include:

5. CONTENT ANALYSIS

The following describes the concept of content analysis:

Reasons why content analysis is undesirable:

Reasons why content analysis can fail to control spam include:

OTHER UNDESIRABLE SPAM CONTROL METHODS

(1) Internet-wide packet tracking (does not defeat Trojan P2P type outgoing
    mail servers; invades privacy)

(2) "Postage" per e-mail (does not defeat Outlook Trojans and other P2P
    mail servers)

(3) Relying on corporations and building up "user reputation" (like eBay
    system, or Slashdot karma); invades privacy, corporate interests may
    create artificial barriers to moving data (e.g., BREW), and there is
    no guarantee that corporations won't eventually "sell-out" the promise
    of no spam -- or it will be argued that partner "notifications" won't
    be spam (according to the end-user terms).

SPAM CONTROL PROPOSAL

This section contains a proposal for SOFTWARE and SOCIAL PRACTICES that have
the potential of greatly reducing the nuisance of spam from a person's life.


GENERAL INFORMATION
Things required by this proposal:


(1) A person who wishes to greatly reduce spam must install software on each
    computer with an e-mail client application (such as Microsoft Outlook).

(2) A person who wishes to greatly reduce spam, when sharing his or her
    e-mail address, must also go through the trouble of sharing a code
    number.

(3) Mailing list services must make a slight modification to their databases
    and mailing scripts to store and use codes in addition to e-mail addresses.



Things that are NOT required by this proposal:


(1) Changes to e-mail servers, e-mail protocols, e-mail content 
    standards, or Internet infrastructure, are not required.

(2) Existing spam countermeasures (content-filtering, IP blacklisting,
    anti-spam laws, etc) will not be necessary.  (Such countermeasures
    are futile and dangerous anyhow.)

(3) It is possible that changes to existing e-mail clients will not be 
    required.



Things that will NOT be directly helped by this proposal:


(1) Internet bandwidth consumed by the futile efforts of spammers trying
    to make it through to people.  (Once the futility becomes apparent
    worldwide, the spamming model may naturally be a very unattractive
    waste of time.)

(2) E-mail "inbox" clogging while the spammer profession lingers on,
    before the futility of spamming has a chance to sink in worldwide.

(3) People with e-mail clients and services provided by giant corporations
    may not experience the diminished spam until the giant corporations
    have a chance to update software.



Other qualities of this proposal:


(1) Totally open technology; not "security through obscurity".

(2) Non-commercial, public-domain method, can be implemented by anyone
    without consideration.

(3) Totally smooth transition from current e-mail clients, servers, 
    mailing list services, etc.

(4) Privacy preserved (no content analysis), and possibly even improved
    (as proposed software becomes more widespread).




CORE CONCEPT

The following paragraphs describe the core concept of the method.  Certain
details will be discussed in the "Use Cases" section:


Messages received by an e-mail client will be sorted by codes contained in
the message subject fields or within the message bodies.  Spam messages 
are extremely unlikely to contain the proper codes, and are thus diverted
to an anonymous-sender category.

Unlike an e-mail address alone, which is a single, unmoving target for
spammers, the additional codes are generated by formulae, and are tiny,
constantly-moving targets in a huge expanse of possible target locations.
Furthermore, any breach of trust can instantly be traced to specific 
unscrupulous people, and immediately and conveniently patched.  The 
concept can be likened to "spread-spectrum" communication, or, much more 
loosely, "port knocking".




CORE IMPLEMENTATION

The following paragraphs describe the core implementation of the method.

Three encrypted files are stored on an e-mail client machine:


(1) PRIMARY FORMULA TABLE:

      Encrypted table with entries in the form:

        ( SHA hash of recipient e-mail address, primary formula )

(2) SECONDARY FORMULA TABLE:

      Encrypted table with entries in the form:

        ( SHA hash of recipient e-mail address, secondary formula )

(3) CURRENT RECEPTOR TABLE:

      Encrypted table with entries in the form:

  ( SHA hash of acceptable formula value, category, expiration policy )



Basic operation:


Some time in advance of communication between a sender and receiver,
the sender acquires a formula from the receiver.  The formula is
generated by the receiver and given to the sender by some "secure" 
mechanism (which can be as casual as a face-to-face conversation,
phone call, postal mail, facsimile, or even conventional e-mail or
web page).  The only point of keeping the formula secure is to 
maintain the exclusivity of the specific communication channel 
between sender and receiver.  It is not that others can use the 
formula to intercept messages, but others could use the formula to
get their messages to the receiver through the same moving portal.

The sender uses the formula to compute a code, and this code is
placed either in the subject line or in the body of the message,
and the message is sent by conventional e-mail to the receiver's
well-known e-mail address.

The receiver launches software to sort incoming mail.  When the 
software is launched, it requests a password.  This password 
decrypts the current receptor table.  Incoming messages are 
scanned for the special codes (which have easily-recognized 
characteristics).  If a message contains a code, the code is
hashed using the Secure Hash Algorithm (SHA).  The hashed code
is compared with all acceptable hash codes in the decrypted 
copy of the current receptor table residing only in memory.
If there is a match, the e-mail is accepted and placed in to
the proper mail folder (Family, Friends, Business, Interest
Groups, etc).

If any entries in the current receptor table are set to expire, then
the primary formula table is decrypted in memory and all formulae
are evaluated, replacing all entries in the current receptor table.
This implements the "moving" aspect of the "moving target" nature
of the method.  (Senders evaluate the appropriate formula upon
each transmission.)




USE CASES

This section describes examples of using the proposed spam control 
method.  Important qualities include: simplicity, convenience, reliability,
and minimal transition effort.

1. Personal, Regular Contact
   (Family, Friend, Colleague)


Sub-cases:

  (1) Potential sender cannot or will not use the special software
      used to implement this method:

        The receiver (with the special software) can generate and
        give out a fixed code (like a telephone number) for use by
        the sender alone.

        The sender simply puts this code somewhere in each e-mail.
        If the code should leak beyond the friend or family, the 
        code can be manually "retired" by the receiver, and a new
        code can be given to the sender.

  (2) Potential sender is also using the special software:

        The receiver can give the potential sender a formula (which
        is essentially a code used to generate codes), and the 
        potential sender enters the receiver e-mail address and the
        formula in to the primary formula table, and, possibly, 
        a second formula (and receiver e-mail address) in the 
        secondary formula table.

        When the sender initiates the sending of an e-mail message
        to the receiver, the special software evaluates the primary
        formula specific to the receiver and places the appropriate
        code in to the outgoing message.



2. Mailing List Service


Sub-cases:

  (1) Mailing list server cannot or will not use the special software
      used to implement this method:

        There is nothing to be done in this case.  The mail arriving
        from the mailing list server can only be classified according
        to its claimed sender, or subject, or content.

  (2) Mailing list server is also using the special software:

        When subscribing to a mailing list service, the receiver
        can give the mailing list service a formula (which
        is essentially a code used to generate codes), along with
        the receiver's well-known mailing address.

        When the mailing list server initiates the sending of an
        e-mail message to the receiver, the special software evaluates
        the primary formula specific to the receiver and places the
        appropriate code in to the outgoing message.

        *** Ideally, the mailing list server would expect codes
        from subscribers, too, thus preventing non-subscribers
        from spamming the list. ***




3. Public Displays (Web Pages, Printed Matter,
   etc)


This is really not much different than case "1. Personal, Regular Contact
(Family, Friend, Colleague)".

For web pages, a server-side script (PHP, ASP, etc) can evaluate a
formula to display codes on the web content -- preferably as images.
Anonymous human visitors can read the codes and use them with any
e-mail client to contact the receiver associated with the web site.
The formula can be associated with a single page of the site, or
with the entire site.  The formula can be re-evaluated on any 
desired time-scale, thus frustrating anyone who takes the time to
manually enter the current code in to a spammer database.

For printed content, a code can be printed along with the well-known
e-mail address.  This code is specific to the printed campaign, much
like a URL for a movie promotion web site is only ever going to be 
used for that specific movie promotion campaign.  The code can be 
retired after the promotion is over.




BREACHES OF SECURITY

This section describes various scenarios involving breaches of security.


(1) Trial-and-Error attack on specific user's e-mail address:

      Apart from clogging the user's e-mail "inbox", the only possible
      reward for the unlikely event of making it through the method's
      barrier is that a single e-mail gets through.  The attacker does
      not learn anything after the attack, and only a similar effort
      would have a chance of getting another e-mail through.  The 
      probability of success is inversely proportional to the length
      of the codes generated by the formulae -- which, for seven-letter
      codes, would be 1/(8031810176/2), about 1 in 4 billion chance,
      roughly multiplied by number of active formulae, per attempt.
      Most e-mail "inboxes" would be clogged by 4 billion e-mail 
      messages, and such an attack is clearly an entirely different
      problem from the spam problem.

(2) Finding copy of a plain-text e-mail at any location accessible
    through the Internet (even unauthorized or unanticipated access
    via unprotected directories or accidental wireless exposure to
    private drives):

      This compromises a code.  If the code is associated with a 
      formula-based channel (all parties have the special software),
      nothing needs to be done; the code will expire, and it may
      in fact be a one-time use code.

      Worst-case outcome: A stranger sends e-mail that is not filtered
      out by the receiver.

(3) Compromise of a system with a "mailing list" or "address book"
    (in both cases this simply means the three files listed in the 
    CORE IMPLEMENTATION section):

    Sub-cases:

      (A) The files are corrupted or deleted:

            The user of the software will know this has occurred.
            One option is to restore the files from a recent 
            backup.

      (B) A hacker does a key-logging on the machine and acquires
          the key for decrypting the primary formula table and
          current receptor table -- and then copies those files
          from the compromised machine:

            This is a serious compromise.  If this has been 
            suspected or detected, then a user can rid the 
            system of intrusion and then use a different key
            to decrypt the secondary formula table and 
            command each recipient to replace entries for
            the compromised sender and switch to the 
            secondary entries.  New formulae can be exchanged
            by methods that depend on how secure the parties
            feel circumstances are at that point.

(4) Compromise of system relaying e-mail at any point in the Internet:

    Sub-cases:

      (A) Message content is encrypted: Compromise has no impact.

      (B) Message content is not encrypted; codes can be extracted:

            In this case a code has been compromised, in addition
            to message content.  If the sender has the special 
            software, the code may only work once, and the 
            snooping party will not be able to get through the
            receiver's shield when the code expires (which can
            be upon receipt of a message).

(5) Compromise of any archive or cache of e-mail messages

      Same as case (4)

(6) Compromise of a desktop computer via executable (altered pirated software,
    MS-Outlook script, prior e-mail attachment virus, IE exploits/Active X,
    Windows/Linux exploits, etc):

      This is a serious compromise.  The hacker has free reign of one's
      computer, including the ability to corrupt or delete the encrypted
      files associated with the special software.  The hacker can also
      modify or replace the special software.

      The hacker will only gain access to the decrypted content of the
      primary and secondary formula files if the regular user of the 
      compromised system opens those files following the compromise 
      event.

      Even if the hacker has access to the decrypted contents of those
      files, the hacker will have to hash all e-mail contacts to determine
      the correlation between contacts and formulae.
      
      Finally, if the hacker really accomplishes all of this, the only
      reward is the ability to avoid the e-mail filtering of one's
      contacts.

      The kind of compromise described here is far worse than the 
      problem of receiving unwanted spam!
      
(7) Unscrupulous business shares voluntarily offered formula to 
    "partners and affiliates":
    
    The formula can be instantly removed from the receiver's table
    at the first sign of abuse, and one can indicate the violation
    of trust to the business.




LONG-TERM IDEAS

Automatic encryption and decryption of message content at sender and 
receiver prevents all intermediate routers, Mail Transfer Agents (MTA)s,
subnets, etc, from doing content analysis or complete spying on messages.
A plug-in implementing RSA Public-Key cryptography for various mail clients
can be found at (http://www.rsa.org).  Ideally, the special software 
proposed in this article would have this capability.

If all e-mail contains the codes for the method described in the proposal,
and all e-mail is encrypted, then codes will enjoy longer usefulness in
keeping a channel reserved for certain parties to communicate, and content
will remain private.


CONCLUSION REGARDING PROPOSED METHOD

I did not describe the details of how the proposed system would work, but I
hope the proposal aspect of this article leads to more thinking about 
solutions to spam -- especially about solutions that avoid invasion of
privacy by any form of content analysis or packet tracking, or cooperation
with specific corporations, or censorship.

CONCLUSION

Spam messages may be annoying, and may consume resources, but I strongly 
disagree with laws punishing spam.  I also strongly disagree with any 
efforts to filter messages flowing through mail servers, or the practice
of blacklisting hosts or domains.  None of these approaches will be 
effective in the long term.  Meanwhile, my proposed solution makes e-mail
as private as an individual desires, and does so without losing a single
message to an over-zealous filter or to corporate or government censors.

POSTSCRIPT -- RESPONSE TO SLASHDOT
COMMENTS

I wrote this article, and submitted it to Slashdot, in an effort to increase
awareness of the technology of spam and the perils of various previously-
proposed solutions.

I acknowledge shortcomings with my own proposal, but I hope my article has
contributed something to the ongoing conversations about controlling spam.

After reading most of the Slashdot comments regarding my article, and 
talking with a smart friend, I have been led to the following conclusions:


  (1) The proposal in my article does not SOLVE a critical problem:

        "How does an automated system differentiate between acceptable
        attempts of strangers to make contact versus unacceptable
        attempts of strangers to make contact?"

      I did not have the clarity to think of the spam problem in terms
      of this simple security puzzle when I wrote this article -- but
      it's exciting now to think about this specific issue.

  (2) The proposal in my article does not SOLVE another critical
      problem: Consumption of resources.  Specifically:

        (a) Consumption of bandwidth all along the route from
            spammer to destination mailbox;
        (b) Consumption of disk space on intermediate and 
            final destination mail servers;
        (c) Consumption of precious bandwidth between ISP and
            person downloading e-mail (especially when using
            dial-up connnections);



I am considering these issues, along with the comments made on Slashdot.
The following Slashdot comments have supported or refuted various ideas
put forward in the article, and I am meditating on them:
      



Your post advocates a

( ) technical (*) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential
      employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none
      have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(*) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn
      your house down!





I don't know what spam data you used, bit i've noticed quite a few spams
getting through my bayesian filter lately... they all have more random
words in sentances at the bottom than the real message at top. They do
it like 'hank urged me and I to send you this flower and important notice'
Bad grammer but i'm sure it's ment to look like a 'real' sentance since
the computer can't 'read' like a person. It's kinda like an adlib game...
they make a list of several hundred sentances with verbs and/or nouns
missing then use word lists to fill them in.





we're using GFI MailEssentials at work, which uses bayesian filtering.
all the emails that have a random string of words arent getting through
the filter. the ones that are usually contain, e.g. 1 normal sentence,
and one link. the problem is, we arent getting the same one over and
over, it only comes in once, so it's hard to train the filter to block it.
but hey, what do i know? 





"I use bogofilter and have a corpus of 20k spam messages, I always rescore
misfiltered spam, and I still get messages that slip through the filter.

Almost all are messages with a ton of random garbage appended to the
message, and one spammer was actually putting whole passages from some
book about Abe Lincoln in the messages.

Jamming the message with non-spam words works too well around here."





It's dangerously bad. If email messages accurately identified where they
came from, and if spammers didn't maliciously forge addresses of people
they want to harass, and if spammers didn't usually abuse free email
systems and free web pages or forge purely bogus sender addresses
(usually also at free email systems), then that would be a fine idea.
Many spammers also frequently put other people's valid URLs in their mail
to fake legitimacy, e.g. URLs from E-Bay's news site or the Better
Business Bureau or various anti-virus companies, in addition to having
their own URL for the suckers to click.




Strange, when I create new e-mail accounts, like my work account, I
generally have a couple messages of spam waiting for me already.





That worked for me until I emailed a customer feedback comment to a
somewhat large corporation which makes a product I really like. I also got
a satisfactory reply from their customer representative.

A few months later, that *expletive* customer representative forwards
one of those stupid urban myth chain-letters (about some missing kid/fake
amber alert), using that company's email address book, which included my
email address!

Then the spam deluge started. :(





I used to think that would work, then I went to college and had spam in my
inbox before I had even first checked it. I hadn't given out the address
to anyone, not even my close friends.





Is it just me, or has recent spam flavor included random sentences
(not just random word lists) that are meant to sound like a plausible
person is on the other end?

Then, embedding some link to spam inside, in an attempt to get the S/N
filters to let it pass?





This is what I got:

Jen, searching for a site to purchase medication?
Character is that which reveals moral purpose, exposing the class of
  things a man chooses or avoids.
Those who aim at great deeds must also suffer greatly.
Let your imagination release your imprisoned possibilities.
We are able to ship worldwide
Be thrifty, but not covetous.
Go here and get it

You are totally anonymous!
I confess I enjoy democracy immensely. It is incomparably idiotic, and 
  hence incomparably amusing.
Epigrams succeed where epics fail.

The only line I deleted was the one with the url... now tell me what
this spam message was trying to sell!





I've been getting alot of spam recently that have images of the spam text
itself, and include a "post-modern story of the day" at the bottom in
plain text in order to trick/reduce effectiveness of Bayesian filters.

Or some will do the same and just have a collection of random words
(like "baseball sports espn issue meeting car subaru" etc).





It should be self-evident that this solution is not workable.
Anything that requires this massive type of retooling of the whole method
of using e-mail is doomed to failure.

Any proposed solution cannot cause this type of massive interruption of
normal e-mail usage.





  "It should be self-evident that this solution is not workable.
  Anything that requires this massive type of retooling of the whole method
  of using e-mail is doomed to failure."

This attitude is what keeps real solutions from occuring. SMTP/POP3 is
antiquated, designed for a simpler time, and it needs replaced, period.
If there were anything in its standards that could truly prevent spam,
don't you think someone would have come up with it in the last 15 years?

And so what if we have "interruption of normal e-mail usage" for a while?
What do you think we have now? Millions of tiny "interruptions" bouncing
around 24 hours a day. Slowing things down, wasting resources, wasting
time, etc.

These band-aid fixes are just that. They are not a solution. So I don't
have to see the beastiality or xanax ads anymore, great. That doesn't
mean they aren't still consuming mass resources in their continuous
effort to reach me.

"retooling of the whole method of using e-mail" is exactly what needs
to happen, and not just because of the spam epidemic.





Although I don't think this article has the right solution, I don't see
a problem with redesigning the email method. 
If a "spam-free" email exists in parallel with the email as we have it
now, I will divert the spam-free mail to my inbox, and the spammy mail,
through a filter, to a junk-suspect folder to be checked once a week.
Of course, this spammy mail will get an auto-reply that tells the sender
how to contact me using the spam-free protocol. After a while, I am
certain the people I really want to hear from will all use the
spam-free protocol, and I will stop checking the regular email, after the
changing the auto-reply to "your mail has just been ignored". 

The key to get a massive retooling accepted is by using the original one
in parallel. It will die off soon enough.





I don't care about the retooling. The core problem with this idea is the
concept of handing out codes. Retraining users will be a pain in the ass.
Not to mention just tracking the codes would suck. Say I meet someone in
real life. How do I have a code to give them? Do I have to have a
buisness card with codes on it? Do I need a computer just to exchange an
email address.

If you want to use codes or signatures, It has to be server side. That
way a server could sign an email as valid. Then my email client could
take that signature under advisement when the email actually arrives.
The difference in action is an excercise left to the reader. However its
alot nicer in the ease of use hurdles and doesn't screw old setups.





I wouldn't say he reinvented the whitelist. The whitelist is based on
resending an e-mail after it's bounced back to the sender because it's
an unrecognized e-mail address. This technique relies on something that's
similar to public/private keys, with a dynamic code that helps detect
true users from automated ones. 

My main gripe (that I just realized) is that some e-mail must be send
automatically, like web server confirmations. They would get sent into
your "other" inbox with the thousands of spam messages if you lacked the
persons "code".





Personally I rally liked D. J. Bernstein's (qmail, djbdns, daemontools)
idea for a new mail protocol. The big difference between it and mail we
have now is that only the notification of mail is sent, not the mail
itself. The mail sits on the senders mailserver, waiting to be picked
up, and if you want to retrieve it, your mail client does so from his
server. Think about it - No more anonymous spam, since you KNOW where
messages are coming from if you have to retreive them. Therefore, if
spam is illegal, we can punish them... and there is no more faking of
where its coming from. 

The other cool concept to that is mailing lists vs bandwidth. In old
mailing list styles, a message would go out to the list, bouncing back
from all people whos boxes are gone or full- witha lot of traffic.
In DJs new way, there is only notification of the message sent, and
then only those who really want the message download it. 

The more you think about it, the better of an idea it becomes. In the
wold of terrifying ideas like "postage for emails" or "really super-mega
-expensive domain names for mail only" Bernsteins has an elegance and
practicality I haven't seen elsewhere.





The big difference between it and mail we have now is that only the
notification of mail is sent, not the mail itself.

Options:

a) Notification contains no sender-modifiable content. No way to know
   if you want it or not. You say yes and wind up with spam from
   unknown server.
b) Notification winds up containing the entire spam as subject line,
   and the supposed server it's coming from doesn't exist.
c) Spammers break into millions of unsecured Windows boxes and run
  'mail servers' on them.

Nice try, but no cigar.





I administer a mail server for a small ISP. The problem with filtering on
the user's end is that my costs are consumed by the time the user deals
with the spam. I don't think, as the article suggests, that spammers will
slow down if their message is not being read, in fact they will just spew
out ever more spam. If a 1/10 of 1% hit rate does not deter them, a
smaller hit rate won't either.

I have to put some upper limit to the amount of storage I can give each
person (right now I allow 100M, which I think is quite reasonable). But
if a user goes on vacation and does not check their e-mail for a month,
they could have their inbox filled with spam and viruses (not much
difference these days, from a server admin point of view). This will
preven legitamate messages from coming through. Therefore, I use the
following technical measures to help reduce spam: 

RBLs: dnsbl.njabl.org, sbl.spamhaus.org, xbl.spamhaus.org, 
      and dul.dnsbl.sorbs.net 
SPF:Sender (not adopted widely yet, but it does block a few messages
      a day even now) 
Blocking specific subject lines (during virus outbreaks this can help) 
Blocking mail "from" non-existant domains 
I really have no choice, I cannot afford not to take these measures.
I explain all of them to my clients, nobody has had a problem yet.
These measures catch roughly 75% of spam and viruses, and as far as
I know, no false positives.





A portion of my e-mail "Inbox" on 2004 March 29th as manifested by the
"Microsoft Outlook Express 5" application. On this date I received 9
"legitimate" messages, 77 spam messages, and 2 virus attachments.

And later:

cpfahey@earthlink.net

Outlook Express, public e-mail address and he is complaining about spam.
Surprise, surprise!

CONTACT INFORMATION
Colin P. Fahey
Irvine, California; USA
cpfahey@earthlink.net
http://www.colinfahey.com