FWD #14927
| |
CounterSPAM Project
Note: The CounterSPAM information gathering efforts and initial development
phase has completed as of 5/27/04. We'll be producing a report detailing
findings and counteractive measures taken and developed in the next few months,
As some of you who read here regularly know, spam, or unsolicited commercial email (UCE), is something that can get my dander up. It's online abuse of the lowest form, an invasion of our personal space and privacy. It's a costly for business to deal with. And it's a growing problem. It's growing so quickly that some have speculated it will make up 75% of email traffic on the net within the next year or two.
Some of us make an effort to do something about it, but the investigative process is incredibly cumbersome. Email headers show the IP addresses of systems involved, but the true originator ID can be spoofed. DNS lookups on domain names, and more importantly, finding the abuse address can be very time consuming. Sending email to all the involved parties, adds even more time to the process. In short, there really aren't any good tools to fight the battle against spam, at least not today.
We know the spammers cull email addresses from any source they can. The real prize for them is a live email address. Scripting can automate the sending process, and a text generator can easily spit our address after address, but to get an email address that's live is the real goal. And one of the easiest ways to accomplish that is to "crawl" a website for any email addresses listed. Sadly, even blogs are being crawled in this way now, with email addresses culled from the comments fields.
I'm undertaking a study...an experiment...a year long project. First, I've added an email address to the domain that will never be used.
CounterSPAM@ipadventures.com is pretty clearly not an address that a human would knowingly send spam to, particularly since I'm publicly describing the project. It will appear in this entry, and in an occasional conversation on the subject. There will also be a single page describing my CounterSPAM project on my primary IP Adventures domain site. It will never be used to send an email. In short, the only way to find the address will be to crawl this modest web site or proliferation from there. It's a receive only address that will be scrutinized closely.
Complaint letters will be filed from a different email address, and they'll go to senders, ISPs who relay spam, owners of open relays that provide a delivery mechanism, and web hosting companies who host sites who advertise via spam. In short, every person who can be remotely attributed to every spam message will receive some warning that they're part of the problem. And every open relay will be reported to appropriate blackhole lists, with notification to the owner or system administrator.
Web hosting companies who host spammers are part of the problem, and they won't be left out. If their customers are spammers, they should know it. Their user contracts and agreements should prohibit spam as an advertising for, And if they're a responsible host, they should shut those sites down upon receipt of substantiated documentation of the offense.
Yes, this approach will in fact result in some people sending email to an address which then will treat them as if they're a spammer. And people who drive down the road weaving all over do get pulled over just like drunks. There are prices to pay for failure to conform to proper use of a motor vehicle...and the net. Those will be dealt with on an individual case basis.
I'm going to document a year of spam. Every message will be researched and responded to. Prosecuted where possible. Persecuted where legal and appropriate. Publicly derided frequently. Depending on how flagrant the offenders are, there may be a web of shame online identifying them with name, address and telephone number (it is after all, often public information).
You're probably shaking your head, thinking about how much spam you receive on a daily basis, and wondering why on earth Ken would undertake something like this. What's the point, or WIIFM (what's in it for me)? You think I'm crazy right? Or perhaps just crazed.
First, spam really gets on my nerves. Ok, it's worse than that. It pisses me off. People who wouldn't invest in a stamp to send me junk mail, now send every scheme, scam and sham on the planet just because they can...for free. But it isn't free. I pay for it. YOU pay for it. We all pay for it. It's a cancer eating the net, and it's growing every day. The only way to eradicate it is to study it and develop appropriate means to counter the problem.
Second, is to directly counter the problem. Today there are tools to combat spam, but they're not real solutions. Brightmail is an excellent example of a solution that helps, but doesn't go far enough. It's used buy many ISPs to provide a spam filtering service to users, but it's only a beginning.
Users need control! If you ask David Isenberg, the network needs to be stupid, with the intelligence distributed to the edge of the network. If you ask Doc Searls and David Weinberger, they'll say the Internet isn't a thing, it's an agreement. We users implicitly agreed to receive spam when we signed up for net access. It's time to revoke that portion of our agreement. It's time to fight back against abusers. It's time to make our complaints known.
Over the next year I'll be dabbling with scripts and code to create some plug-ins that will provide a better user interface to control spam and fight back. Why a year? Because I'm dabbling at this in free time with no intent of commercializing it. I'll play with scripts, then leave them run a while. Basically it's a personal vendetta, but the findings and experiences may often find their way here, or to some other public forum. The tools, if they're worthwhile, will be released to the public domain. We'll see what happens... |
