From: "Omegaman" <omega@bigeasy.com>
Date: Tue, 26 Nov 1996 08:34:07 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Another Nutty Idea about SPAM
Message-ID: <199611261635.KAA04691@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> Steven Garman wrote:
> > Once method of combatting the spammers is to use disinformation.  For example
> > we use new addresses for their "remove" lists to check on their honesty.
> > 
> > What about attacking the lists themselves with false data?  Say you run a site.
(snip)

Igor Chudov wrote:
> Another nutty idea: to create a database of people who do NOT want to
> receive unsolicited advertisements, and make it widely available.

Of course.  But this does not address the issue of "unscrupulous 
spammers" which is what Steven was commenting upon.
 
> The obvious problem is that some very uncsrupulous spammers would want
> to grab this database and use it as a source of email addresses. 
> 
> This problem has a solution, however: instead of distributing people's
> email addresses, distribute MD5 checksums of their addresses. For 
> example, an entry for ichudov@algebra.com would be 
> 
> 	b51175dae78f25427351d5e3ff43de30
> 
> There is no way to guess the original text from an MD5 checksum.
> 
> Spammers should be advised to exclude all addresses with MD5 checksums from
> that database from the recipient list, and include instructions on how
> to get one added to the database into their spams.

Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
first place, he'll simply ignore the advice and continue bulk-mailing 
to every address he can grab.  
 
> Database maintainers could even provide a email filter-bot that would
> accept recipient lists by email and send back the same lists, but
> WITHOUT addresses that wish not to receive spam. This way stupid
> low-tech spammers (who make up the majority) will be able to process
> their email lists quickly and easily.

Indeed, stupid low-tech spammers would benefit from such a service if 
they wish to honor "do not send" requests.
 
> This database may be maintained centrally. Users may be able to sign up
> for inclusion into that database by email or by filling out a Web-based 
> form. Identity verifications may be done by using cookie protocol.

I like the idea and if I had the resources, I would do it personally. 
Optimistically, many bulk e-mailers would sign on to the plan.  
(Ironically, one would probably have to solicit bulk e-mailers to 
sign up).  However, many, being unscrupulous, ignorant, etc. will not 
be involved.

The only way I see to get bulk e-mailers to utilize this service is 
to offer a positive and/or negative incentive for usage of the 
service.  ie. "What do I gain by elminating people from my bulk 
mail-outs?  What can be done if I don't follow this protocol?"

Ideas?  Comments?

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------