From: "Alex van den Bogaerdt" <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net>
me> Do not forget that the "normal, trustworthy small companies" need to
me> "cough up the dough" once in every <foo> years whereas spammers will
me> have to pay every <bar> days.
In other words: Spammers do not welcome costs as well and they will have
far more cost than us.
This is possibly the area of discussion which we can hardly be sure of -
unless there's any spammers on the mail-list ;-) Spammers use so many
different methods, it's hard to generalise like this. They have zero cost
when they've built a virus and are using a whole load of zombie machines to
send their spam. Conversely, some others of them are making spam work by
buying genuine domains (with false personal information) and are using
purchased server-space and bandwidth, they just stay anonymous and move
around a lot, which is dead easy to do.
For the former - nothing matters to them, they don't have any significant
costs and never will. Our only defence is good virus protection and systems
like spamassassin, spf, etc. Reputations won't work, because the victims
will eventually fix their zombified computers, sort out their virus
protection, and the origin of the spam will move on to the next victim, et
seq. The consolation for us is that the headers are, of necessity, messed
up and easier to identify as spam. These spammers also use intercepts and I
have noticed a marked increase in the amount of spam containing specialised
names that I use in my working mail. Yes, I send un-encrytped mail like 99%
of the rest of the world - but that's who we're doing all this work for,
isn't it?
For the latter we are dealing with semi-professional spam - the ones who
offer you lots of mailings for your product which they've harvested from
your website. They'll have a genuine domain, a spf record, SSL cert and
all the things a "proper" e-mail should have, and it's here that reputation
will succeed where all other systems fail. A spammer could send out several
thousand spam-mails and get a reputation just as quickly as the recipients
can get their feed-back in. In a matter of an hour or so, a spammers new
domain, ssl cert, spf records, etc, etc will be worthless to him because
he's been marked down as a bad boy with the community.
For what it's worth - I believe we need *all* these systems to be in place,
as where one fails, another will succeed. My personal problem is that if
verisign and possibly MS go for SSL accreditation, that will *force* us to
use that system, and that would be very unfair indeed.
What you fail to understand is that NOTHING is free. Even "free" services
such as gossip need to be built, maintained and so on. The cost will be
shared on a voluntary basis but it still costs real money.
How did the song go - "....the best things in life are free..." ? This is
probably not the mail-list to go into the philosophy of freedom or
capitalism.
I don't disagree - but note the double negative ;-)
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492