Forgot your password?
typodupeerror
Communications Spam The Internet

Hotmail vs Goodmail 222

Posted by CmdrTaco
from the who-controls-your-spambox dept.
Frequent Slashdot Contributor Bennett Haselton wrote in with his latest column. He says "Are we being too hard on Goodmail for their plans to charge senders a quarter-penny per message to bypass companies' spam filters? Hardly anyone has mentioned that Microsoft has been doing the same thing for years, only (surprise!) charging more. Hotmail lets senders pay a $1,400 "fee" to help get through their spam filter; when I wrote to them about my newsletter being blocked as spam, they said they knew it wasn't spam, but they told me several times they would not even talk about unblocking it unless I paid the $1,400. It's odd that so little attention has been paid to Hotmail's program, since it not only mirrors the Goodmail situation, it validates Goodmail's critics who have said that once you start charging to bypass spam filters, the next step is the marginalization of people who won't pay." Read on for more words.

As you hear words like "Hotmail" and "AOL", you may be tempted to think this doesn't affect you if you've outgrown those companies, but I think that's a mistake. First of all, if you think you might ever run a business that publishes an e-mail newsletter, you'll have to worry that your mail might be blocked unless you pay to unblock it. Second, even if you're only a subscriber to a company's newsletter and you're not worried about filters on your e-mail address, the company publishing the newsletter has to spend time and resources getting their mails unblocked that they send to other people, time that could be otherwise spent improving their services. Third, even if you're not on the Internet at all, in a real sense it affects the kind of world we all live in, if the wealthy are able to communicate with their listeners more easily than everyone else (that gap has always existed, but the Internet narrowed it, and then unblocking-mail fees widened it a little). If the Republican National Committee can get their mail out and MoveOn.org can't, then that could influence elections, and could affect your life even if you're an Iraqi peasant goat farmer who hasn't updated his blog in weeks. And of course what Microsoft and AOL do, sets a precedent for what other companies can get away with -- so every anecdote about boneheaded mail filtering that you hear about, is potentially significant if it could become the norm.

I wasn't thinking about this when I wrote to Hotmail in 2006 about their users missing our e-mails because of the filter blocking them as "spam", as I jumped through some hoops before talking to a human. But the mentality of the people that I talked to seemed to be that "non-paying sender" and "spammer" were more or less equivalent. I explained that we only send mail to people who request it, we verify all new subscriptions, and every message contains an unsubscribe link. Hotmail replied, "The filters are there for the protection of hotmail subscribers. The Junk Mail Reporting program isn't in place to help you circumvent those filters... I recommend you do what you can on your end to educate your subscribers, keep your mailing lists up to date and follow the other guidelines for senders on the postmaster.msn.com site and don't expect our junkmail filters to be modified." Call me a dreamer, but I thought the whole point of having humans in the loop was that if the filter is making a mistake, you can modify it.

(Many people have suggested that I publish via RSS instead of e-mail. For me the problem with that is that our newsletter is used to send out the location of new sites for getting around blocking software, so that by the time the last sites have gotten blocked in most places, the new ones are being mailed out. As long as people can access their e-mail accounts, they can get the new site announcements. But if we used an RSS feed instead of e-mail, then blocking software companies would just block our RSS feed. And besides, even a normal newsletter publisher would lose most of their existing subscribers if they told everybody that they had to switch over to RSS to receive the newsletter in the future. Is it right that they should have to pay that penalty just because an ISP is falsely labeling their mail as spam?)

The $1,400 "fee" that you pay to help get your mail unblocked at Hotmail's servers, is to a third-party company called Sender Score Certified, formerly known as Bonded Sender, whose certifications are used by Hotmail. I didn't think I could get anywhere discussing with them the ethics of charging people to unblock their mail as spam, so instead I asked them, what would happen if someone forked over the cash and then their enemies started filing phony "spam" complaints against them, hoping to get their certification revoked? I think this is an important question for any spam policing system, but unfortunately it usually puts people on the defensive, because there's no real answer -- if you accept spam complaints, then you allow crackpots to do damage, and if you don't accept spam complaints, how do you know if a client is spamming? Bonded Sender's rep replied, "Do you really have that many enemies? If you are running a true 'non-profit', who is that mad at you? Maybe finding this out should be a little higher on the agenda. Where is the 'peace' in Peace Fire?" I asked the same question again, and eventually he said that complaints were based on SpamCop complaints -- a system known for being set up so that anyone could report anyone as a "spammer" without proof -- and that each such complaint would cause $20 to be depleted from your bond, and once it was all gone, you'd lose your certification.

"After reading all of your emails you have sent me," he continued, "it seems that you aren't really trying to find a solution to anything. You are mainly interested in pointing out flaws in programs and letting me know about how people don't like you." Actually I don't think I have enough enemies to cause me serious problems, but I'm working on it! I aspire someday to reach the level of notoriety achieved by groups like MoveOn.org, who does have enough enemies that if systems like Hotmail's were widely deployed, MoveOn would have to worry about militants falsely reporting their mails as spam in order to cost them money and/or get them blacklisted. That's the other basic problem with certification systems: they don't just favor the wealthy, they also favor the non-controversial. Do we really want an Internet where everyone has to be careful about who they offend, because anyone could get them listed as a spammer? I mean, that would be like having a free online encyclopedia where anyone could edit your bio and say that you killed someone!

Is it legal to block someone's mail as spam until they pay you money? Whoah, before I even use the l-word, I'd better insert a disclaimer. No, not that disclaimer. Nobody could possibly think that I was a lawyer after I filed motions in court with the pages stuck together to prove that judges weren't really reading them, unless I had some kind of career death wish. The disclaimer is that at least from my own experiences suing spammers, the law is whatever the judge wants it to be. Some judges say you can sue spammers out-of-state, and some say you can't. Some of them say you can sue in Small Claims only if you've lost money, and some say you can sue for damages even if you haven't lost anything. Some of them say a non-lawyer is allowed to represent their own corporation in court, and some say no. If judges don't even agree on the basic rules, good luck getting a legal consensus on a more abstract issue. Asking objectively if deliberately blocking non-spam e-mail is "legal" is like asking "Do apples taste good?"

But as a general rule, I think courts take a dim view of systematically publishing false statements about someone to try and get them to pay you off in order to stop. Unless you're a spammer, every time Hotmail labels one of your messages as "Junk Mail", they're publishing something untrue about you (at least to everyone who sees the message labeled as junk), and if you've brought it to their attention, then they may agree the statement is untrue but they go on making it anyway. In libel law, liability is partly determined by how much someone has been harmed by the false statements about them; in the case of mail being blocked as "Junk Mail", the harm is about as direct as possible, since because it was falsely labeled as spam, most users will never see it. This is why I think people who say "Hotmail/AOL/Yahoo can do whatever they want with their private network" are missing the point. If I used my own "private network" to publish a subscription service that people use to find out the names of new convicted felons in their neighborhood so that they can avoid doing business with those people, would you have no objection if I "accidentally" included your name on the list, but promised to review your situation for one low fee of $1,400?

There was a time in the late '90's when if Microsoft had said they were going to be blocking non-partner e-mails as "junk mail" unless senders paid a $1,400 "fee" to get unblocked, Congress would have hauled up Bill Gates and given him a good wedgie and told him to cut it out. But these days the Department of Justice doesn't have time to worry about other people's lost e-mail when they can't even lose their own e-mails properly.

All this happened at about the same time Goodmail was first attracting controversy for charging senders a quarter penny per message to bypass AOL's spam filters. When the EFF registered DearAOL.com to call attention to the issue (now defunct, but the Wayback Machine saved a snapshot), I hopefully registered DearHotmail.com in case any anyone wanted to use that example as well, but nothing ever coalesced around that. Meanwhile, some random mis-fire seems to have cancelled out some other random mis-fire, and Hotmail is apparently no longer blocking my mail, at least until this article gets published.

As far as I can tell, the only reason Hotmail got off scott-free and AOL/Goodmail didn't, was that Hotmail snuck their system in quietly, while AOL and Goodmail announced their partnership with great fanfare, apparently overestimating the extent to which e-mail publishers would greet them as liberators. This doesn't reflect very well on the outrage grapevine, people.

But the lesson took -- when Goodmail recently announced their partnership with four more e-mail providers, Goodmail featured a press release on their own site, but of the four ISPs, Verizon was the only one issued their own press release. Apparently the other three saw what happened with AOL/Hotmail and got the message.

You didn't ask, but my own idea for an anti-spam system would be to follow a protocol such that when you reply to a list server to confirm your subscription, the reply goes to an address like:

list-peacefire-confirm-481534893-sender=bennett=peacefire.org@mailserver.com

When you send that reply from your Hotmail account, Hotmail would see the "sender=bennett=peacefire.org" part of the address you're replying to, and recognize that to mean that you want to receive future messages sent from bennett - at - peacefire.org. So future messages from that address would be weighted not to be blocked as spam for that user. It wouldn't do anything to unblock person-to-person messages that get blocked as spam, but those are not mis-blocked as often as legitimate newsletters are, and this method would give newsletter publishers a way to get whitelisted at the same time that the user confirms their subscription. It wouldn't be perfect, since if the user then unsubscribes from the newsletter, but bennett - at - peacefire.org is a jerk and continues to send them mail, that mail would still get through because the Hotmail filter for that user still "remembers" that they confirmed their subscription, and doesn't know that they unsubscribed. However, the vast majority of nuisance spam comes from people you've never heard of, not from people whose newsletters you signed up for and then continued to send you mail after you unsubbed.

Or, suppose you're Amazon and you send mail to millions of users from orders@amazon.com, but you don't want everyone to have that address whitelisted because then a spammer could use the address "orders@amazon.com" to spam millions of people, hoping it would get through the filter of anyone who's an Amazon customer. So in that case people could confirm by replying to:

list-peacefire-confirm-481534893-sender=orders=amazon.com&senderip=72.21.203.1@mailserver.com

When the user sent their reply to that address, Hotmail would parse out the "sender=orders=amazon.com" part and the "senderip=72.21.203.1" part, and whitelist future mails from that address that come only from that IP.

I like this idea because it treats everyone equally, regardless of wealth or popularity, as long as they confirm subscriptions to their newsletter (which is regarded as good mailing list hygiene anyway). On the other hand, if you prefer filtering systems that work better for people who are rich and never offend anybody, then you'll be pleased to know that those seem to be winning.

This discussion has been archived. No new comments can be posted.

Hotmail vs Goodmail

Comments Filter:
  • To summarize: (Score:5, Informative)

    by Anonymous Coward on Wednesday July 11, 2007 @11:53AM (#19826089)
    Use Gmail
    • Re:To summarize: (Score:5, Insightful)

      by Ngarrang (1023425) on Wednesday July 11, 2007 @12:28PM (#19826625) Journal
      And how long until Gmail does the same thing?

      When more and more services are doing it, it becomes "common practice", which becomes "acceptable practice". Google may find someday they want the extra money it would provide.

      "Do No Evil" is only as effective as your definition of "evil".
      • Re: (Score:3, Informative)

        by Com2Kid (142006)

        And how long until Gmail does the same thing?

        GMail's spam filters are over 99.9% perfect after about a week of training from the user. I still occasionally check my spam folder, heck, yesterday a message was put in Spam that shouldn't have been, the first such occurrence in over a year. Although when I first signed up it happened quite a bit more often.

        In comparison, when I last used hotmail (admittedly, quite a few years ago), they let lots of spam through, but regularly blocked emails I wanted to read.

        • Re: (Score:3, Interesting)

          by Solra Bizna (716281)

          Until about a month ago, I was getting ~10 spam emails per day through the filters. All of them the same, obviously spam, subject lines ("RX_MEDS no pr3s needed" etc.) which on the one hand made me wonder how they were getting through but on the other made it easy to deal with them. Now I get one of those a week.

          In my entire history at GMail, though, I've gotten one mis-marked legitimate message; and if someone else had been reading my incoming messages he would have thought it was spam too.

          -:sigma.SB

          • by xenocide2 (231786)

            In my entire history at GMail, though, I've gotten one mis-marked legitimate message; and if someone else had been reading my incoming messages he would have thought it was spam too.
            I think this statement bears repitition, as possibly the best way to benchmark spam filter performance realistically.
        • Re: (Score:3, Interesting)

          by Blue Stone (582566)
          >"yesterday a message was put in Spam that shouldn't have been, the first such occurrence in over a year."

          Interesting - I have a couple of gmail accounts and the same thing happened to them - last week, one message that should have been in the inbox. It was particularly strange because one of the messages had a filter on it, to give it both a label AND a star (you would have thought ther'd be a rule saying that nothing with a star or a label should ever go into the spam folder unless the filter tells it

        • Re: (Score:3, Interesting)

          by Spoke (6112)

          GMail's spam filters are over 99.9% perfect after about a week of training from the user.

          While GMail's spam filters are pretty good, I do find an annoying amount of emails from a couple mailing lists (dspam and postfix mailing lists) marked as spam fairly regularly. I probably get a 2-5 of these false positives a week.

          Luckily it's easy for me to see those emails since I have filters which label those messages.

          Given the volume of mail I receive on my gmail account it probably is 99.9% effective, but I would

        • by rm999 (775449)
          It's funny, I have a general rule: If I am expecting something at my Hotmail address (which at this point is rare), the *first* place I look is my spam folder. This has worked literally 90% of the time.
      • Re: (Score:3, Insightful)

        by networkBoy (774728)
        "Do No Evil" is only as effective as your definition of "evil".

        Do no evil is only as effective as your product (users) sees it. If they leave in droves for the next !evil then so will your customers (advertisers in Google's case). It is fairly self limiting.

        Now, you may retain enough users to still be profitable with the spam, ala hotmail, but I think the Gmail userbase is a bit less spam accepting.
        -nB
      • by Arthur B. (806360)
        And they'll lose their marketshare to another email service who will guarantee a lifetime of receiving email with no fees. Oh no in fact they won't do it in the first place so that this doesn't happen. Companies make money by providing services, not by restricting services.
    • But don't forget to manually type the https:// because gmail defaults to plaintext.
      • Re: (Score:3, Interesting)

        by Zonk (troll) (1026140)
        Or just install the CustomizeGoogle [customizegoogle.com] extension for Firefox. It has an option to automatically switch gmail, calendar, apps, etc to ssl. Plus it can remove the ads, block cookies to google-analyitics.com, randomize the search tracking cookie, and many other things.
    • Re: (Score:2, Informative)

      by Kashra (1109287)
      The folks who SEND the newsletters don't have the luxury of telling all their subscribers to "use Gmail." They have to deal with the fact that a large percentage of their readership may not use Gmail (for any number of reasons) and the fact that Gmail exists doesn't help them in the least.
      • The folks who SEND the newsletters don't have the luxury of telling all their subscribers to "use Gmail." They have to deal with the fact that a large percentage of their readership may not use Gmail (for any number of reasons) and the fact that Gmail exists doesn't help them in the least.

        They don't? They don't have the ability to send confirmation emails when a user sends a subscription request or post: "Cannot send news to Hotmail" on their webpage?

        • That's all well and good for a personal web site, but do you think your boss would be happy about the fact that you chose not send the company newsletter to the majority of subscribers?
          • by jZnat (793348) *
            Unless you have some recent and accurate numbers regarding the popularity of Hotmail, I would say you're full of shit. There are probably more Yahoo! or AOL users than there are Hotmail users nowadays.
    • I'll just stick to my own domain's email, thanks.
  • by unity100 (970058) on Wednesday July 11, 2007 @11:54AM (#19826111) Homepage Journal
    When a client complains that his/her site gets suspended due to his/her non receipt of invoice notifier/renewal email in his/her hotmail/dugamail/omegamail/anymail account due to these companies' "policies", i explain the situation in detail and advise them to acquire a more usable and reliable email account from elsewhere.

    hotmail lost many users due to that over 4 years.
    • by Anonymous Coward on Wednesday July 11, 2007 @12:47PM (#19826871)
      The fact that the email is not being sent is the sender's fault. This article is not true. I contacted Hotmail about my email being blocked. They were professional and gave me a list of things that I needed to do in order to resolve the issue. For email to get to Hotmail users, the sender must following the rules of the Sender ID Framework, which involves changing some DNS settings. More information about that can be found here:
      http://www.microsoft.com/mscorp/safety/technologie s/senderid/default.mspx [microsoft.com]

      Senders are not required in any way to purchase a certificate from this third party company mentioned in the article.
      • Nice to know that Hotmail will only accept mail from Windows servers. With specific authorization from the ISP.
      • by rtechie (244489)
        The problem with this is that the only mail servers that support Sender ID are Exchange and Sendmail, experimentally, and the specification was only finalized and released back in NOVEMBER. Domainkeys was just released and its MUCH more likely it's going to be widely adopted. And Sender ID does not work with mail forwarding.
        • AFAIK Sender ID support in a mail server is only required for verifying sender ID information on incoming mail. To enable sender ID on your domain so others can verify your mail, all you should need to do is add a TXT record to your domain that specifies a list of authorized servers.

          Forwarding is somewhat of an issue, but the most common uses can be overcome by whitelisting the forwarding host. I personally don't think it's that big a deal, and in fact I have routinely whitelisted a couple of forwarding hos
      • by kindbud (90044)
        For email to get to Hotmail users, the sender must following the rules of the Sender ID Framework, which involves changing some DNS settings.

        LOL. That's totally wrong. You can have Sender-ID setup in perfect form, right from Microsoft's own HOWTO page, and they will still throw your mails in the Bulk folder if they haven't seen your MTA before. We called them about this, they told us their mail servers take a while to get "trained" on our mail flow. It's true that Sender-ID is required to get out of the
    • RSS: Because everyone hates spammy "newsletters" that have a veneer of content and a morass of advertising. A feed is the correct way for a site owner to communicate with users.
      • And someone has a problem with reading. From TFA:

        Many people have suggested that I publish via RSS instead of e-mail. For me the problem with that is that our newsletter is used to send out the location of new sites for getting around blocking software, so that by the time the last sites have gotten blocked in most places, the new ones are being mailed out. As long as people can access their e-mail accounts, they can get the new site announcements. But if we used an RSS feed instead of e-mail, then blockin

      • by unity100 (970058)
        you cant even expect any of the clients to actually regularly (everyday) use the feed, leave aside counting on it. web hosting, and web developments are not time tolerant stuff - one client forgets to check a feed, and his/her domain expires. but everyone has to check their mail, and they do, and they know how to do it. holding clients responsible for watching a feed would fail at the point of making them learn how to use it.
  • by EveryNickIsTaken (1054794) on Wednesday July 11, 2007 @11:57AM (#19826149)
    Well shit, If your newsletter reads anything like your post, I'd mark that as spam too, champ.
  • by Perp Atuitie (919967) on Wednesday July 11, 2007 @12:01PM (#19826205)
    A "tax" of this kind could be a way around spam, but the Hotmail/Goodmail way has one fatal flaw: it's used as a profit center for the mail carrier. If the tax went to recipients of the spam, who are after all the real victims here, there could be an argument for initiating it. As it stands though, this is just another service-provider scam, a kind of subset of the hierarchical Internet.
    • Re: (Score:3, Interesting)

      by Intron (870560)
      Any pay-for-email scheme will be abused by the con artists currently profiting on spam. If the recipient gets the money, then all of those bots will start sending mail to 'victims'. If the ISP gets the money, then they will set up fake ISPs to collect email tax. Pay-for-email is a stupid idea.
    • by Itninja (937614)
      The people who simply get the spam in their inbox are certainly not the "real victims here", as you said. The actual victims are the people, corporations, and/or non-profits that supply the mails servers and IT personnel around the world. A tremendous amount of their resources are used to manage all this meaningless spam.

      For the end user, massive spam is a pain, and could potentially take a measurable amount of time to delete and filter. For the organizations that provide the email to the end user, spam i
    • Re: (Score:3, Informative)

      by wile_e_wonka (934864)
      I don't see how a "tax" like this could ever actually work as a way around spam.

      Charging advertizers to get email through doesn't block any spam. Spam blockers use algorythms, etc to attempt to find and block spam, but when they fail the mail gets to the inbox without having to pay money. I do get this kind of spam in my Hotmail account. The advertizers who pay are merely guaranteed to get to the inbox. The payment does nothing to keep spammers out of inboxes.

      If all email was taxed, then all people who
  • Easy Answer: (Score:4, Informative)

    by jshriverWVU (810740) on Wednesday July 11, 2007 @12:02PM (#19826215)
    Are we being too hard on Goodmail for their plans to charge senders a quarter-penny per message to bypass companies' spam filters?

    No. Personally I think it's fraud, since you're telling and selling the customer one thing, then allowing people to bypass their own securty for a profit at the expense of it's end users.

  • Fascinating (Score:5, Funny)

    by thetroll123 (744259) on Wednesday July 11, 2007 @12:05PM (#19826269)
    "I find your ideas fascinating, and I would like to subscribe to your newsletter"


  • I've used hotmail and yahoo since college at least 8 years. In the last year or so I've switched to gmail. Funny for the very reason mentioned (spam) I never use yahoo, nor hotmail for personal mail because there spam filter is iffy at best, not to mention the fact that they produce there own spam in an attempted to advertise their products. So they can choose to propagate spam but where is it going to get them.
    • by zxnos (813588)
      the spam filter is iffy at best on gmail as well. at least in my experience. i used it for school. an instructor sent 4 emails from the same account with the subject XXXX - 1 of 4, 2 of 4 etc. i received two of the messages. i replied to one of his messages saying i didnt receive a couple. he re-sent all becuase other students didnt get others. i still missed one. anyway this happened a few times when he sent out emails. i checked the spam folder. there they were. long story short. a person i had replied to
  • Change over to GMail (Score:5, Informative)

    by Nom du Keyboard (633989) on Wednesday July 11, 2007 @12:15PM (#19826437)
    I suggest your encourage your subscribers to change over to GMail. I made the change after two of my ISP's (AT&T and Comcast) refused to forward e-mail to me from my own domain. I couldn't even whitelist myself, because they'd blacklisted all of NameZero.

    Google, OTOH, deliverers everything, and does a 99%+ accurate job of putting spam in the spam folder, and e-mail in my inbox. Once I was able to accurately see all my e-mail, I was able to kill a very old address that wasn't part of my personal domain, but forwarded through it, that was generating up to 500 spam messages a day. I wasn't aware how bad it had gotten due to the first named ISPs hiding the problem, rather than showing me what all my e-mail looked like. Fond as I was of this address, when it becomes this kind of problem, even good memories of my first e-mail and early Internet days has to go. Google makes this possible, all this for free!

    All things considered, I'm sure Google would love to take away all of Hotmail's customers, and they'll do it by providing better service at an equal or better price.

    • by griffjon (14945) <GriffJon@NOsPAm.gmail.com> on Wednesday July 11, 2007 @01:19PM (#19827315) Homepage Journal
      And there's also the forcibly-change-over-to-gmail option - we had some important aolusers (board members) at a previous job; they never got important board listserv emails or massmails or such, they refused to leave AOL and we couldn't afford any of the solutions to get around the AOL blocking.

      So I created individual gmail accounts for all the aolusers which we sent to, and set the gmail accounts to auto forward to their AOL accounts. Problem solved.
  • by wiredlogic (135348) on Wednesday July 11, 2007 @12:21PM (#19826539)
    You just have to learn from the spam pros and randomize your newsletters to make them look legitimate.
  • Other 'free' mailing services doesn't have a 'price tag' does not mean they'll do it for free.
  • I kind of agree (Score:4, Interesting)

    by gurps_npc (621217) on Wednesday July 11, 2007 @12:37PM (#19826757) Homepage
    That hotmail and goodmail should not be charging people to unblock spam.

    Instead they should simply refuse to unblock spam, period.

    Yes, that means that newsletters like this would not get through.

    I have a Phone at home. If some insane lunatic started up the idea of calling all his friends having them call all of their friends, as a means of sending out important news, I would laugh at him.

    I also laugh at anyone, even this 'nice' newsletter that actually thinks EMAIL is an apropriate means of obtaining this information.

    RSS is one way to go.

    ANOTHER way to go is messageboard style.

    There are still more ways to send out information. You can take an applet that you give to your subscribers that does something similar to hat phone idea does. While it does not work on a phone, it would work on the internet.

    But the IMMENSE problem of spam pretty much means that NO, NEWSLETTERS ARE NOT APPROPRIATE FOR EMAIL.

    Find another solution, the one you are trying is causing huge problems for the interent. It is NOT our job to help you perpetuate a BAD idea, no matter how much your personal non-profit benefits from the bad idea.

    • by Chirs (87576)
      How exactly would you deal with all the mailing lists used for various purposes, including lots of open source development?

      The linux kernel mailing list sends hundreds of messages a day. How would you propose to manage this without using email?
      • by jZnat (793348) *
        Usenet. You know, the thing we used for this sort of thing in the first place, but nobody seems interested in anymore (other than for warez and whatnot). Perhaps an updated version of NNTP that supports Unicode, binary attachments, and better measures to thwart spammers is in order?
  • Follow the Money (Score:5, Interesting)

    by Crispin Cowan (20238) <crispin.crispincowan@com> on Wednesday July 11, 2007 @12:38PM (#19826771) Homepage

    A core principle in figuring out any kind of shady shenanigans is to follow the money. The problem with Goodmail, and with Microsoft's pay-to-play fee, is that the money is being paid to the wrong party. Paying the fee to the mailbox-hosting ISP cannot help but create a corrupting conflict of interest, making this a bribe. Nasty spam will be allowed through if the vendor has the $$$ to pay, and legitimate bulk mail that people have opted into will be blocked, if the news letter is not coming from a moneyed source.

    Instead, consider a P2P scheme where the postage is paid directly from the sender to the receiver, where the receiver themselves can white-list a sender as not having to pay. It would produce these kinds of effects:

    • For most personal onesey twosey mail, sending volume approximately equals receiving volume, so the postage payment is mostly a wash, with chatty people paying quiet people a modest amount on average.
    • For opt-in news letters and mailing lists, the receiver would be expected to white-list the source, e.g. I would white-list my subscription to Bugtraq [wikipedia.org].
    • Spammers and "legitimate" bulk mail advertisers alike would have to pay in proportion to the volume of mail they get delivered (non-delivered mail doesn't pay the postage).

    There's a bunch of interesting things that can be done with this model:

    • Postage is just an offer to pay, which only causes actual payment if the receiver redeems the postage.
    • Postage can be nothing more than a GPG certificate attached to the mail, validated by the receiver's MTA or MUA.
    • Receivers can dial the amount of postage they require to accept an e-mail. They could set it to a static value, e.g. "at least 2 cents or I'm not interested", or they could even use SpamAssassin to dynamically set the postage, e.g. "at least 10 cents * the spamass score" so that highly spammy mail requires much more postage than plaintext free of spam phrases.
    • Gold miners can set up spam trap mail addresses that do nothing but accept postage and throw the mail away. This is abusive to spammers who are paying to have their mail delivered. Cry me a river :-)
  • Regarding mailing list subscriptions, that's not an entirely unreasonable suggestion, though it's really not much more than auto-whitelisting. However, you'd need to address the:


    From: "Sexy Chick" <confirm-12312312-from=mailouts=sending.domain.com @sending.domain.com>

    Reply for an exciting photo!


    issue. People are stupid. Enough spammers are not stupid that they will trick stupid people. People will demand to be protected from their stupidity, and the filters will go back in.

    The ability to examine your
    • As you mention, SPF [wikipedia.org], DomainKeys [wikipedia.org], or a similar scheme is the only way to verify header information. The "article" seems to not realize that IP addresses can be spoofed just as easily as e-mail addresses.
      • That's not true. IP addresses are way harder to spoof, not least because a well run upstream network will (mostly) prevent you from doing it though source IP filters etc.

        This is not to say that IP addresses are, in absolute terms, hard to spoof. However, From: email addresses are so hilariously easy to spoof that all you need is a telnet client or a scripting language with any sort of mail or socket support.
        • I've actually spoofed a "from" header myself. :) However, I assume that there are easily accessible systems that allow you to easily spoof the original IP address. All your PC has to do (in theory, I've never tried it) is pretend like it's passing along an e-mail from the IP address you want to spoof. That does mean your IP address will show up in the stream, but it will still look like the "sender" IP address is the one you want it to look like.

          I (perhaps obviously) know nothing about "source IP filters"

          • An ISP knows that it and it's customers are only in a certain ranges of addresses (which it allocated). Any IP packets leaving the ISP's network must, therefore, be within those ranges. It is trivial to add a border router egress filter that checks to see if the source address field is in the permitted range(s) and drops the packet if it isn't.

            Dodgy ISPs may choose not to implement this, and so long as there is one dodgy ISP out there an attacker on that ISP (or tunneling traffic through a host on that ISP'
  • About the idea of whitelisting based on subscribing through an email reply or what not (and forgetting about at times when the user confirms via a URL link) instead of restricting to a specific email server like so:
    "list-peacefire-confirm-481534893-sender=orders=a m azon.com&senderip=72.21.203.1@mailserver.com"

    Why not leave it at your original format of:
    "list-peacefire-confirm-481534893-sender=bennett=p eacefire.org@mailserver.com"

    And have the receiving email service/network verify where the emails are c
  • Hotmail's blocking people who don't pay. No one's proposed blocking people who don't use goodmail; they've proposed whitelisting people who do.

    Hotmail's deliverability is unreliable even when you're "clean", so I'd just write it off; do not use hotmail for business services, and do not accept hotmail addresses for anything where you need reliable delivery.
  • My experience is that Bonded Spammer is essentially dead. If you have Spam Assassin set to tag Bonded Spammer mail, you'll get items in X-Spam-Status like "RCVD_IN_BSP_TRUSTED". I have Firefox set to dump all those into the Bonded Spammer folder. The last e-mail to come in with that tag was in January 2007. I used to get more Bonded Spammer e-mails back in 2004 and 2005, but in 2006 it tapered off, and now it seems to be gone.

    Is anyone else still seeing that junk?

  • of charging is a bad idea, is just to think what would happen if everybody used.
    I might run a moderately successful newsletter and I find it's blocked by host x.
    So I pay host a $10 (I'll pretend this is cheap).
    Now all my users will get their newletter - yay.
    Then users on host b report their mail isn't showing up - so I pay out another $10.
    Then users on host c etc etc.

    Compounding this issue is the more hosts you pay, the more the others will want to be paid etc etc
    I assume this would eventually lead
  • Hardly anyone has mentioned that Microsoft has been doing the same thing for years, only (surprise!) charging more. Hotmail lets senders pay a $1,400 "fee" to help get through their spam filter...

    More? Maybe at a single whack it's "more", but let's see how that breaks down in terms of 1/4 penny spam-mails? It's 560,000 spam parcles. Given that most spammers send out MILLIONS, I'd say Hotmail's fee is probably cheaper than Goodmail's 1.4 cent fee. But of course, it's Microsoft, so it's twice as evil anyway.

  • SpamCop (Score:4, Insightful)

    by eaolson (153849) on Wednesday July 11, 2007 @01:22PM (#19827371)

    ...complaints were based on SpamCop complaints -- a system known for being set up so that anyone could report anyone as a "spammer" without proof...

    This is where I stopped reading. SpamCop requires proof in the form of the spam email itself. What other proof of spamminess could there be?

    • Unless spammers are including PGP signatures associated with their SMTP server, it is trivial to forge a spam email. Just take any from your spam folder and change the headers to be from someone you don't like. Of course, for SpamCop to take this seriously, you'd need a lot of people to send in spam claiming to be from the same address. Many of SpamCop's input also, I believe, comes from their own honeypots; no one has a legitimate reason for mailing these, and so anyone who does gets blacklisted immedia
    • This is where I stopped reading. SpamCop requires proof in the form of the spam email itself. What other proof of spamminess could there be?

      That's a good start, but having a piece of text doesn't tell you if it's spam or not. I mean, some stuff is obviously spam, sure. But I get a lot of really nice looking emails that advertise legitimate businesses or "newsletters" that are polished, and, well, they're spam. But they look just like the newsletters that I get which aren't spam.

      I've asked around, and

    • by kindbud (90044)
      Anyone can report any email as spam to Spamcop, whether it is spam or not. Anyone can even mistakenly report any email as spam to Spamcop, and it will be treated as spam. The sender will get a nasty-gram from Spamcop with the original recipient redacted, same as what happens for actual spam. Having reported an email to Spamcop is not proof that it is spam. It is proof that it was reported to Spamcop, and nothing else.
  • by cdrguru (88047) on Wednesday July 11, 2007 @01:29PM (#19827455) Homepage
    Aside from that, I think it is fair to say that email is pretty much something that is useless for any commercial application and pointless for something like a "newsletter". The spam vs. ham ratio has gotten to about 1000 to 1 these days, even if they aren't directly seeing it. And that is part of the problem.

    It is assumed to be acceptable for an ISP to block "spam". It is assumed to be OK for anyone to get in the way of mail to a recipient to save them from receiving the torrent of spam that they would otherwise be subjected to. False positives are considered to be something that just happens. None of the agents preventing delivery of mail offer any notification to the user that mail may be waiting for them in the "bulk" or "spam" folder, nor offer any recourse if the mail is simply deleted without delivery.

    With that in mind, email is suitable for something for friends and family only. If you are trying to send a receipt to someone for an online purchase, such email is commonly considered to be "commercial" which equates to "spam" in some people's minds. Outlook by default takes anything from sales@abcdef.com and puts it into the deleted items folder, just confirming the view that anything related to "sales" must be spam.

    Email is pointless for any commercial use. Companies trying to resurrect email as a viable communications medium are starting to notice this. Sure, pay to send email and some percentage of your customers won't have your email blocked. What percentage? 10%? This means you need to budget tens of thousands of dollars for "email protection" if you are going to go this way.

    Face it, email is pointless and unreliable. You will never know if your email is being blocked. You can't tell a complaining customer that never got their receipt that you will "fix" this somehow. It is broken and you need to figure out a different delivery mechanism.
    • by perp (114928)
      If you think Bennett Hazelton is a spammer, then you are obviously without clue. Look at http://peacefire.org/ [peacefire.org] if you actually want to know who he is and what he does.

  • From TFA:
    Or, suppose you're Amazon and you send mail to millions of users from orders@amazon.com, but you don't want everyone to have that address whitelisted because then a spammer could use the address "orders@amazon.com" to spam millions of people, hoping it would get through the filter of anyone who's an Amazon customer.

    Spammers can't forge a MAIL FROM of "orders@amazon.com" for recipients that check SPF. Decent spam filters let users whitelist emails/domains. With decent anti-forgery like SPF [openspf.org] and

  • It's basically related to upload/download ratios.
    It assumes any user with a good u/d gets a white listed.
    Doesn't matter who they are, or credentials or anything like that and it's much much cheaper. Although Money is the only motivator against spammers. You need to make it unprofitable. So people need to pay you to receive an email! You pay then back with a reply.
    Although things like legitimate Mailing lists have a special white list bypass that the receiver must open up.

    Initially I am looking to replace so
  • by Spazmania (174582) on Wednesday July 11, 2007 @01:49PM (#19827755) Homepage
    I wrote to Hotmail in 2006 about their users missing our e-mails because of the filter blocking them as "spam", [...] they said they knew it wasn't spam, but they told me several times they would not even talk about unblocking it unless I paid the $1,400.

    That's funny. I contacted Hotmail about an identical filtering issue, also in 2006. There was no mention dollars. They did want to make sure my list was opt-in. They also asked me to join a feedback loop where list messages that hotmail members mark as spam are stripped of their identifying information and returned so I can identify problems with my system where unintended recipients have slipped in.

    I did find it difficult to get through to folks who could help, but once I reached those folks I found them to be cordial and helpful.
  • Billing for service (and for backbone usage) is coming, and coming fast from a thousand different directions.

    The question you should be asking is this: How much would email and internet access have to cost for you to stop using it.

    Because the answer is scary. And the big corporations know it.
  • Nobody cares... (Score:4, Interesting)

    by jojoba_oil (1071932) on Wednesday July 11, 2007 @04:15PM (#19829615)
    Okay. This will come off sounding as flamebait, but at least read it before marking it as such.

    I'm willing to bet my Karma (what Karma, right?) that Bennett Haselton is, himself, a spammer. I periodically stumble, to my dismay, across his ramblings posted here as front-page material. With most of them overly self-righteous and witchunty in nature, I think he has a little something to hide.

    So, to keep things concise I'll simply list facts here:
    • He delegitimizes spam-fighting cases by attempting to ridicule judges with his website, judgejokes.com [judgejokes.com]. This is even more instrumental than it seems:
      • It is registered by his censor-fighting organization, Peacefire. Because making fun of judges is totally a worthwhile project for an organization as such.
      • It documents [judgejokes.com] both his solicitation of other spammers, and lack of understanding of the law.
    • He's worked on filter-circumvention software, which made news years ago [com.com]. A direct quote from that site: "That software, Haselton and the IBB acknowledge, could have other uses here at home".
    • He spams Slashdot with countless articles that could be summarized to 1-to-2 lines (and often are by comments shortly after being posted). A few of these are linked as related articles above.
    • He takes huge issue any time that any of his emails aren't received. This article is evidence enough.
    • And a few other things. I know I'm forgetting many. Anyone else want to step in?
    Oh, and do yourself a favor, Bennett. Visit Web Pages That Suck [webpagesthatsuck.com] to learn how not to design a webpage. I have yet to see one of your pages look even half-way professional -- which should be important to you if you really want Peacefire to catch on.

    Now commence the -1, Flamebait if you see fit. =D
    • Re: (Score:3, Insightful)

      I completely agree. The most obvious sign to me is that he's never, ever done wrong, he's always the victim. Come on, get a grip. At the very least this guy's just slashvertising himself over and over again. He's right, there's a conflict of interest, but as several people have pointed out, they haven't exploited it like he claims they have.
  • This story would be so much more interesting if Bennett wasn't an idiot. But then again, if he wasn't an idiot, there wouldn't be any story here.

    Disclaimer: I've consulted for Goodmail, so I actually have some clue of what's going on here.
  • Haselton answered the question he asked in the first sentence with the the last sentence in the same paragraph! If Microsoft's misdeeds with Hotmail filtering are a validation of GoodMail's critics, then the obvious answer to his question is:

    "No, we're not being too hard on GoodMail. We're not being hard enough on Microsoft and Hotmail."

    I don't even need to read the unquoted part of TFA, do I?
  • ...but only if the money collected goes into a fund used to pay out bounties on known spammers.

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...