Jump to content
Sign in to follow this  
gazza

Bond system for e-mail accounts

Recommended Posts

Since most, if not all, spam emanates from 'free' e-mail accounts, why not encourage ISPs to apply a bond system, as opposed to charging per e-mail, in which each user has to deposit a bond with the ISP as surety for using their system? If the account is misused then the bond would be forfeit. The idea would be to pitch the bond at a level that it would make it unprofitable for spammers, say $50-100?

Edited by gazza

Share this post


Link to post
Share on other sites
Since most, if not all, spam emanates from 'free' e-mail accounts,

28890[/snapback]

Where do you get this information? I hope you are not referring to the From: address in the headers, which is usually forged.

I have not received a spam that actually came from a free account in months. My biggest spammers as of late have been from XO, probably an infected machine or 2 bouncing messages for the spammer.

Share this post


Link to post
Share on other sites

I think most spammers are now using their own mail servers to send their spew rather than using a free email account. Quite a few are using zombie machines. Some providers such as Hotmail now limit outgoing email to 100 pieces per day if I remember correctly on their free accounts. Hotmail has also taken the step that new accounts can't be accessed by email clients. The only way to check your email on a new account is via the web interface.

--Navigatr1

Share this post


Link to post
Share on other sites
Where do you get this information?  I hope you are not referring to the From: address in the headers, which is usually forged.

I have not received a spam that actually came from a free account in months.  My biggest spammers as of late have been from XO, probably an infected machine or 2 bouncing messages for the spammer.

28892[/snapback]

No, of course not. I speak from long experience of spam and noting how its nature has changed over the last 25 years or so.

I'm thinking in particular of the Nigerian '419' scams that the relevant ISPs nearly always deal with by closing the account. Perhaps that reflects the relatively crude methods used by these would be fraudsters. Personally I find these rather entertaining (although those poor souls who fall foul of them might not). I agree that the more sophisticated spammers use alternative methods that would not benefit from a bond scheme, but then there are alternative counter-measures that are being developed.....

On a related tack, given the proliferation of hijacking software, wouldn't it be nice if some kind philanthropic souls wrote similar software ('bene-ware'?, c.f. 'mal-ware') to actually clean up the infected machines and let the owner know they have/had a problem?

Share this post


Link to post
Share on other sites
I speak from long experience of over the last 25 years or so.

28901[/snapback]

Ah yes 25 years ago, I had the 'fastest' 16 bit box on the PC market, (2MHz clock!) All of 64 Kbits of memeory and a 300baud dial-up terminal link to the university where I was getting my MS in CS. Yes those were the days. I would have killed for what we now call email so I could have 'talked' to the prof, (and had spam). :wub:

Share this post


Link to post
Share on other sites
On a related tack, given the proliferation of hijacking software, wouldn't it be nice if some kind philanthropic souls wrote similar software ('bene-ware'?, c.f. 'mal-ware')  to actually clean up the infected machines and let the owner know they have/had a problem?

28901[/snapback]

Isn't that what programs like Lavasoft Ad-Aware, Spybot Search & Destory, HijackThis, Sysinternals RootkitRevealer, and antivirus programs do? If you mean that the "good" software should spread like a virus/worm or should try to "infect" vulnerable systems, that would not be "nice" for a myriad of reasons. Some viruses do, in fact, remove other viruses from the machines they infect, but they are nevertheless universally regarded as malware.

Share this post


Link to post
Share on other sites
Ah yes 25 years ago, I had the 'fastest' 16 bit box on the PC market, (2MHz clock!) All of 64 Kbits of memeory and a 300baud dial-up terminal link to the university where I was getting my MS in CS. Yes those were the days.  I would have killed for what we now call email so I could have 'talked' to the prof, (and had spam). :wub:

28912[/snapback]

Although it certainly accelerated the proliferation of spam, spam-like communications existed long before the Internet become what we know and love today. I'm only sorry I didn't keep copies of the rubbish e-mails I used to receive on our old Honeywell and CDC mainframes. And yes, e-mail did exist even then....

Share this post


Link to post
Share on other sites
Isn't that what programs like Lavasoft Ad-Aware, Spybot Search & Destory, HijackThis, Sysinternals RootkitRevealer, and antivirus programs do? If you mean that the "good" software should spread like a virus/worm or should try to "infect" vulnerable systems, that would not be "nice" for a myriad of reasons. Some viruses do, in fact, remove other viruses from the machines they infect, but they are nevertheless universally regarded as malware.

28913[/snapback]

OK, point taken.

My reason for the suggestion was simple: why are there so many open proxies? One would have thought that ISPs should help their customers when setting up their accounts to avoid becoming unintentional spam/virus dissemminators. Is it just an educational issue, or am I missing something more fundamental? The phrase 'shutting the stable door' springs to mind, regarding he current approach of only reacting to reports of spam emanating from a customer's computer. Perhaps the ISPs could use the software I suggested to spot possible problems and contact the customer(s), rather than actually changing the network config for them without their knowledge.

Share this post


Link to post
Share on other sites
gaaza invented the internet ;)

28911[/snapback]

No, Stephen, I didn't, but I was using its predecessors long before it came to be the beast we have all come to love (and hate). :P

Share this post


Link to post
Share on other sites
No, Stephen, I didn't, but I was using its predecessors long before it came to be the beast we have all come to love (and hate).  :P

28924[/snapback]

As was I, maybe not as far back as you, though. VAX/VMS mail in fall 1985 was my first experience (University of Lowell, Oleary computer center).

However, junk emails (jokes, chain letters, etc.) from co-workers/co-students is NOT spam by the general definition.

P.S. My name is Steven with a "v".

Share this post


Link to post
Share on other sites
My reason for the suggestion was simple: why are there so many open proxies?  One would have thought that ISPs should help their customers when setting up their accounts to avoid becoming unintentional spam/virus dissemminators. Is it just an educational issue, or am I missing something more fundamental? The phrase 'shutting the stable door' springs to mind, regarding he current approach of only reacting to reports of spam emanating from a customer's computer.
I agree that ISPs should help their customers to protect their computers from becoming unintentional spam sources. Many ISPs provide such help. The ISP that I use offers free antivirus software, free firewall software, and a free spyware detection and removal application. It issues warnings when a high-risk security hole in Windows is discovered or when there is a significant virus outbreak. It also uses port 25 blocking. However, in order to protect the user's privacy and property interests, there must be limits on what an ISP can do. I would not want my ISP to monitor everything I do online or to control my computer remotely, even if it is supposedly just done to protect me. We must also keep in mind that the ISP business is very competitive in some places. In the face of competition, these ISPs cannot afford the cost of providing free software and cannot afford to alienate customers by being too paternalistic and restrictive.

Perhaps the ISPs could use the software I suggested to spot possible problems and contact the customer(s), rather than actually changing the network config for them without their knowledge.
Most malwares require some user interaction to be installed, for example, clicking on an attachment or going to a website with an insecure browser. The ISP in most cases cannot scan for such vulnerabilities remotely. In any event, it should usually be the software vendor's role to fix vulnerabilities, especially those that can be exploited remotely. In many cases, this will be Microsoft providing patches via Windows Update and Auto-Update.

Share this post


Link to post
Share on other sites
My reason for the suggestion was simple: why are there so many open proxies?

Basically, these days it's due to the partnering up of the virus/trojan writers and the spammers. Then you add the clueless users that have gone for the high-speed connections.

I've got a 133MHz laptop here that I am supposed to 'evaluate' to see what a good offer might be ... last owner was a college student that in fact had been taking some"computer" classes. No firewall, no anti-virus .. explained that there wasn't disk space and that the college network was "protected" ... I killed the Windows password function, I killed the BIOS password problem (young man of course telling me that this was impossible) .. see that I have a Win-95 machine that had been updated to Win-98SE ... and that's where it stopped. (Not exactly true, StarCraft, DeerHunter, Need for Speed, etc. had been installed <g>) ... Anyway, after I finally got the CD drive to work, got a spare wireless card to function, the Windows update thing was reaching back to 1998 patches to apply .... As to the issue of diak space, well .... after knocking out the games, spyware, dead stuff, .... plenty of room for an AVG / Zonealarm install ...

One would have thought that ISPs should help their customers when setting up their accounts to avoid becoming unintentional spam/virus dissemminators. Is it just an educational issue, or am I missing something more fundamental?

Education, time, experience, tact .... take it all the way back to the point of purchase ... the computer itself finally got to the "I can afford this" point. Then you've got that kid suggesting that things like surge suppressors, firewalls, anti-virus software, Internet Security tool packages, etc. etc. etc. .... to which the purchaser tells the obviously money-hungry little pest to buzz off ... So the computer makes it home, gets pulled out of the box, ISP contacted, who then starts talking about anti-virus, Internet Security/protection, spam control .... to which the money-hungry ISP rep gets told to buzz off .... then the eventual "my computer doesn't work" day comes and the education of a consumer begins <g>

The phrase 'shutting the stable door' springs to mind, regarding he current approach of only reacting to reports of spam emanating from a customer's computer. Perhaps the ISPs could use the software I suggested to spot possible problems and contact the customer(s), rather than actually changing the network config for them without their knowledge.

And how would one phrase the words in that contact moment after the above described scenario? Anyway, you've actually not brought up anything new. Google is your friend, you can find most of this beat up all over the place over the last few years, from both sides of the fence.

Share this post


Link to post
Share on other sites
Although it certainly accelerated the proliferation of spam, spam-like communications existed long before the Internet become what we know and love today.

I'd say there was quite a difference. In those 'olden' days, one could call the idiot that sent the 'e-mail' and advise hom/her directly to knock it off. As stated in several of the links provided, it does boil down to "definition" ...

I'm only sorry I didn't keep copies of the rubbish e-mails I used to receive on our old Honeywell and CDC mainframes. And yes, e-mail did exist even then....

Though having worked on just about everything, I will state that a Honeywell mainframe was not one of them, though having had to support several systems built around Honeywell "controllers" ...??? Possibly likening that to HP's original desktop items being identifed as "calculators" to get around some purchasing restrictions. If it helps, I date back to doing just about all forms of "data entry" .. wire-strapping of code cards, Hollerith card decks, front panel switches and blinking lights, paper/mylar tape (and the TTY's to 'automate' their generation) .. on and on ...

Share this post


Link to post
Share on other sites
As was I, maybe not as far back as you, though.  VAX/VMS mail in fall 1985 was my first experience (University of Lowell, Oleary computer center).

However, junk emails (jokes, chain letters, etc.) from co-workers/co-students is NOT spam by the general definition.

P.S.  My name is Steven with a "v".

28929[/snapback]

The (unwanted) mail I got was probably from people I didn't know who had worked out how to do 'mass' (i.e. 10s to 100s) mailshots from e-mail addresses garnered from various sources. I guess it was therefore a foretaste (!) of spam. It was all harmless back then, not like today.

PS. Yes, I know you spell your name with a 'v'. That was deliberate, since you misspelled my name originally. ;)

Share this post


Link to post
Share on other sites
PS. Yes, I know you spell your name with a 'v'. That was deliberate, since you misspelled my name originally.  ;)

28969[/snapback]

Corrected there, sorry

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×