Isn't spam the #1 problem with email?

[shanen]

First, I think it's a remarkably clever approach to improving the
system. It seems to be modularized plugins for the new features
allowing rapid prototyping...

Unfortunately, none of these features seems to be of much interest to
me. I mostly like email, but the #1 problem with email is spam--and
right now my Gmail account gets more spam than any other address.

Filtering helps, but I still need to scan the spam for false
positives, and the false negatives remain annoying, too. Filtering is
*NOT* a real solution, but more like the joke about the two hunters:
"I know I can't outrun that bear. I'm putting on my sneakers because I
only have to outrun you." Filtering doesn't really bother Papa Bear
Spammer--but he'll just keep trying to get you the next time.

So here's my suggestion for a feature that I think could conceivably
drive the spammer's away from email--and at least give us users the
feeling that we are doing something substantive about the problem.

How to make Gmail the spam target of absolute last resort.

The goal of this suggestion is to intelligently leverage and focus
Google's expertise and credibility against the spammers and their
accomplices. But where will the intelligence come from? From me, from
you, from *ANYONE* who has a Gmail account and who wants to help
oppose the annoying evil that is spam. Aggressively implemented, it
could make Gmail into Spammer Heck--maybe to the point where only a
fool would send spam to Gmail. (Yeah, there are plenty of fool
spammers--but at least we'd get the laughs without the serious
spammers.) Less spam = more value in Gmail.

For ease of reference here, one of these human spam fighters is called
a WSF (wannabee spam fighter). Me? I really want to fight the spam.

SpamSlam is my 'working draft' label. The idea is roughly based on
other anti-spam systems--but with more smarts. Almost all email
systems include one level of feedback in a Spam/NotSpam button. (I'm
focusing on Web-based email here because Gmail is Web-based, but it
could be applied to other email systems.) Think of SpamSlam as a
report-spam-button on steroids. SpamSlam would report the spam, but
also do much more. Essentially this Gmail feature would do some of the
automatic analysis that any spam fighter has to do, get some
intelligent feedback, and hopefully be able to act immediately against
the spammer. Speed of action is actually crucial--cutting off the
spammers' income is a key goal of this proposal.

Here is an approach to implementing it:

Clicking on SpamSlam would first trigger a low-cost automatic analysis
of the email, including the headers. Let's call this Pass 0. Basically
this is just using regular expressions to find things like email
addresses, URLs, prominent brand names (that a company wants to
defend), and phone numbers. The results would be used to generate a
Pass 0 webform with comments and options (and explanations and links).
This pass should also look for obfuscation and ask the wannabe spam
fighter (WSF) to help break the spammers' attempts to evade the spam
filters. (This is leveraging the spam's features against the spam--if
a human can't figure out the spam, then the human can't send money to
the spammer.)

In many cases, this Pass 0 analysis may be able to suggest answers. If
something like "dr...@dead.com" appears in the header, then the WSF
should just click the option 'fake email'. Perhaps the WSF would only
need to click a check box to confirm that "V/1/A/6/R/A" is a drug and
categorize the spam. Other times the WSF can actually type in the
answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function
can do something. At the bottom of the 'exploded email' in Pass 0,
there will be the usual submit button.

After the WSF submits that Pass 0 form, more analysis can begin. The
data is no longer raw, but partly analyzed, and the system can start
checking domains, registrars, relays, fancier types of header forgery,
MX records, categories of crime, email routings, and even things like
countries hosting the spammer. This kind of analysis will probably
take a bit of time, but a new Pass 1 form will be prepared for the WSF
to consider. Basically, this would mostly be a confirmation step for
the obvious counteractions. That's stuff like complaining to
identified senders and webhosts, but also things like reporting open
relays and spambots. For companies that want to defend their brand
names against spammers, it could also include routings to their
appropriate agents. It also needs more flexibility and 'other' options
in the responses at this point--we all know the spammers are
constantly going to try to devise new tactics. Again there will be a
submit option at the bottom for this Pass 1 form.

That will probably cover most of the responses, but in some cases
there may still be a need for a Pass 2 form. I imagine that would be a
kind of escalation system, mostly to address new forms of spam. There
is no closure on spam, there will always be new kinds of spam, and the
responses to spam need to be open and flexible, too--but fast. The
spammer is trying to open millions of little windows of economic
opportunity--and in an ideal world we should slam all of them before a
nickel gets through.

Beyond that? I think Gmail should also rate the WSFs on their spam-
fighting skills. Some people are going to be much better at fighting
spam. I admit that I want to earn a "Spam Fighter First Class" merit
badge. Come to think of it, I also want the system to keep records of
the spam I've slammed and how it was dealt with. Maybe they'd even
spot cases of lawsuits against "my" spammers? Gosh, I'd love to join
in and personally help put a spammer in jail. I know we're supposed to
hate the spam, not the spammers--but I confess. I hate the spammers,
too.

An earlier version of this idea (SuperReport) had a somewhat different
focus and more details, especially for the Pass 0 webform--but
obviously none of this is set in stone. If you agree with these ideas--
or have some better ones, I suggest you try to call them to Google's
attention. Actually, in my pursuit of this idea, I have been surprised
to encounter a lot of anti-Google sentiment--though not surprised that
much of the ill will was spam-related. However, I think Google is
still an innovative and responsive company--and they claim they want
to fight evil, too. Will they try harder to fight spam if many people
like you and I write to them? I hope so, but it doesn't really matter
where ideas come from or who gets credit--what matters is annoying the
spammers more than they annoy us.

By the way, thanks to the people who offered thoughtful comments on
the earlier draft. I'd like to thank you more personally, but you
basically got lost in the flood of hopeless fools and sock puppets.
That's a separate SNR problem.

As SMTP exists, we can never eliminate spam or spammers--but we can
give them heck. If this suggestion is aggressively implemented, then
bulk spam sent to Gmail would almost immediately result in a flood of
highly focused and thoughtful complaints against the spammer--before
the spammer can get *ANY* money from the spam. Hit the spammer in his
wallet *BEFORE* he can pocket anything.

A financial footnote: Google's main value is connecting people to
valuable information--and selling valuable advertising. Spam attacks
their economic model both because it is free (and worthless) and
because creates noise of no value. Google has real economic reasons to
oppose spam, in contrast to the backbone people and ISPs who are glad
to deliver the spam--as long as we pay for the resources and packets.

The summary: Do you hate spam? Do you want to help fight the spammers?
Yes, we can. If Gmail was the spam target of last choice, then it
should be our email service of first choice!

[shanen]

No interest in fighting spam? Amazing?

Anyway, I just wanted to clarify the spam-related confusion in the
message I wrote. In the posted message you'll see "[email address]"
where I put an obviously bogus email address. Even when you complain
about spam, you run into problems and filters intended to fight spam.

Are you sure you aren't interested in fighting spam?

> something like "[email address]" appears in the header, then the WSF

[D_C]

Your post is too long and not exactly written in layman's terms. You
can't expect people to agree with something they either don't want to
read, or don't understand.

Yes, i want to fight spam, but that's about all I got out of your
post.

DC

On Jun 10, 9:07 am, shanen wrote:
> No interest in fightingspam? Amazing?
>
> Anyway, I just wanted to clarify thespam-related confusion in the

> message I wrote. In the posted message you'll see "[emailaddress]"
> where I put an obviously bogusemailaddress. Even when you complain

> aboutspam, you run into problems and filters intended to fightspam.

>
> Are you sure you aren't interested in fightingspam?
>
> On Jun 10, 5:19 am, shanen wrote:
>
> > First, I think it's a remarkably clever approach to improving the
> > system. It seems to be modularized plugins for the new features
> > allowing rapid prototyping...
>
> > Unfortunately, none of these features seems to be of much interest to
> > me. I mostly likeemail, but the #1problemwithemailisspam--and

> > right now my Gmail account gets morespamthan any other address.
>
> > Filtering helps, but I still need to scan thespamfor false

> > positives, and the false negatives remain annoying, too. Filtering is
> > *NOT* a real solution, but more like the joke about the two hunters:
> > "I know I can't outrun that bear. I'm putting on my sneakers because I
> > only have to outrun you." Filtering doesn't really bother Papa Bear
> > Spammer--but he'll just keep trying to get you the next time.
>
> > So here's my suggestion for a feature that I think could conceivably

> > drive the spammer's away fromemail--and at least give us users the

> > feeling that we are doing something substantive about theproblem.
>

> > How to make Gmail thespamtarget of absolute last resort.

>
> > The goal of this suggestion is to intelligently leverage and focus
> > Google's expertise and credibility against the spammers and their
> > accomplices. But where will the intelligence come from? From me, from
> > you, from *ANYONE* who has a Gmail account and who wants to help

> > oppose the annoying evil that isspam. Aggressively implemented, it

> > could make Gmail into Spammer Heck--maybe to the point where only a

> > fool would sendspamto Gmail. (Yeah, there are plenty of fool

> > spammers--but at least we'd get the laughs without the serious

> > spammers.) Lessspam= more value in Gmail.

>
> > For ease of reference here, one of these humanspamfighters is called

> > a WSF (wannabeespamfighter). Me? I really want to fight thespam.

>
> > SpamSlam is my 'working draft' label. The idea is roughly based on
> > other anti-spamsystems--but with more smarts. Almost allemail

> > systems include one level of feedback in aSpam/NotSpam button. (I'm
> > focusing on Web-basedemailhere because Gmail is Web-based, but it
> > could be applied to otheremailsystems.) Think of SpamSlam as a
> > report-spam-button on steroids. SpamSlam would report thespam, but

> > also do much more. Essentially this Gmail feature would do some of the

> > automatic analysis that anyspamfighter has to do, get some

> > intelligent feedback, and hopefully be able to act immediately against
> > the spammer. Speed of action is actually crucial--cutting off the
> > spammers' income is a key goal of this proposal.
>
> > Here is an approach to implementing it:
>
> > Clicking on SpamSlam would first trigger a low-cost automatic analysis

> > of theemail, including the headers. Let's call this Pass 0. Basically

> > this is just using regular expressions to find things likeemail
> > addresses, URLs, prominent brand names (that a company wants to
> > defend), and phone numbers. The results would be used to generate a
> > Pass 0 webform with comments and options (and explanations and links).
> > This pass should also look for obfuscation and ask the wannabespam
> > fighter (WSF) to help break the spammers' attempts to evade thespam
> > filters. (This is leveraging thespam'sfeatures against thespam--if

> > a human can't figure out thespam, then the human can't send money to

> > the spammer.)
>
> > In many cases, this Pass 0 analysis may be able to suggest answers. If

> > something like "[emailaddress]" appears in the header, then the WSF
> > should just click the option 'fakeemail'. Perhaps the WSF would only

> > need to click a check box to confirm that "V/1/A/6/R/A" is a drug and

> > categorize thespam. Other times the WSF can actually type in the

> > answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function

> > can do something. At the bottom of the 'explodedemail' in Pass 0,

> > there will be the usual submit button.
>
> > After the WSF submits that Pass 0 form, more analysis can begin. The
> > data is no longer raw, but partly analyzed, and the system can start
> > checking domains, registrars, relays, fancier types of header forgery,

> > MX records, categories of crime,emailroutings, and even things like

> > countries hosting the spammer. This kind of analysis will probably

> > take a bit of time, but a new Pass1form will be prepared for the WSF

> > to consider. Basically, this would mostly be a confirmation step for
> > the obvious counteractions. That's stuff like complaining to
> > identified senders and webhosts, but also things like reporting open
> > relays and spambots. For companies that want to defend their brand
> > names against spammers, it could also include routings to their
> > appropriate agents. It also needs more flexibility and 'other' options
> > in the responses at this point--we all know the spammers are
> > constantly going to try to devise new tactics. Again there will be a
> > submit option at the bottom for this Pass1form.
>
> > That will probably cover most of the responses, but in some cases
> > there may still be a need for a Pass 2 form. I imagine that would be a
> > kind of escalation system, mostly to address new forms ofspam. There

> > is no closure onspam, there will always be new kinds ofspam, and the
> > responses tospamneed to be open and flexible, too--but fast. The

> > spammer is trying to open millions of little windows of economic
> > opportunity--and in an ideal world we should slam all of them before a
> > nickel gets through.
>
> > Beyond that? I think Gmail should also rate the WSFs on theirspam-
> > fighting skills. Some people are going to be much better at fighting

> >spam. I admit that I want to earn a "SpamFighter First Class" merit

> > badge. Come to think of it, I also want the system to keep records of

> > thespamI've slammed and how it was dealt with. Maybe they'd even

> > spot cases of lawsuits against "my" spammers? Gosh, I'd love to join
> > in and personally help put a spammer in jail. I know we're supposed to

> > hate thespam, not the spammers--but I confess. I hate the spammers,

> > too.
>
> > An earlier version of this idea (SuperReport) had a somewhat different
> > focus and more details, especially for the Pass 0 webform--but
> > obviously none of this is set in stone. If you agree with these ideas--
> > or have some better ones, I suggest you try to call them to Google's
> > attention. Actually, in my pursuit of this idea, I have been surprised
> > to encounter a lot of anti-Google sentiment--though not surprised that

> > much of the ill will wasspam-related. However, I think Google is

> > still an innovative and responsive company--and they claim they want

> > to fight evil, too. Will they try harder to fightspamif many people

> > like you and I write to them? I hope so, but it doesn't really matter
> > where ideas come from or who gets credit--what matters is annoying the
> > spammers more than they annoy us.
>
> > By the way, thanks to the people who offered thoughtful comments on
> > the earlier draft. I'd like to thank you more personally, but you
> > basically got lost in the flood of hopeless fools and sock puppets.
> > That's a separate SNRproblem.
>

> > As SMTP exists, we can never eliminatespamor spammers--but we can

> > give them heck. If this suggestion is aggressively implemented, then

> > bulkspamsent to Gmail would almost immediately result in a flood of

> > highly focused and thoughtful complaints against the spammer--before

> > the spammer can get *ANY* money from thespam. Hit the spammer in his

> > wallet *BEFORE* he can pocket anything.
>
> > A financial footnote: Google's main value is connecting people to
> > valuable information--and selling valuable advertising.Spamattacks
> > their economic model both because it is free (and worthless) and
> > because creates noise of no value. Google has real economic reasons to

> > opposespam, in contrast to the backbone people and ISPs who are glad
> > to deliver thespam--as long as we pay for the resources and packets.
>
> > The summary: Do you hatespam? Do you want to help fight the spammers?
> > Yes, we can. If Gmail was thespamtarget of last choice, then it

[shanen]

Well, it would help if you ask a concrete question, but I'll try to
put the key notion in a simple way:

A spammer sends out lots of spam, annoying lots of people. The spammer
doesn't expect to make money from the first spam, but maybe from one
spam out of 20,000 (just an arbitrary number around the right size to
make the example simple). That would imply an average of 10,000 spams
before the spammer would find one sucker.

My suggestion is to give the first 9,999 people a way to easily and
more effectively express their annoyance--and thereby cut off the
spammer before he gets his payoff. You don't need all of those annoyed
people to complain, but just a few good Samaritans would be
sufficient. This suggestion would help make their complaints as
effective as possible, and make it very unlikely that the spammer
would get any money.

At its root, spam is an economic problem. The spammer thinks his
marginal cost of sending another million spams is zero. We need to
stop the spammer from dividing by zero or try to make sure his RoI
remains zero, too.

[shanen]

I continue to be dazzled that there is so much interest in grafting
more non-email cruft onto Gmail and so little interest in doing
anything about the #1 problem: spam. Let me try again to polish up
this description of a suggestion for a feature that I think could
conceivably drive many spammers away from Gmail. At the very least it
would give us users the feeling that we are doing something
substantive about the problem. Here's the topic question:

How can we make Gmail the spam target of absolute last resort?

The goal of this suggestion is to intelligently leverage and focus

Google's expertise and credibility against the spammers and against
the spammers' accomplices. So where will the intelligence come from?

From me, from you, from *ANYONE* who has a Gmail account and who wants
to help oppose the annoying evil that is spam. Aggressively
implemented, it could make Gmail into Spammer Heck--maybe to the point
where only a fool would send spam to Gmail. (Yeah, there are plenty of
fool spammers--but at least we'd get the laughs without the serious
spammers.) Less spam = more value in Gmail.

For ease of reference here, one of these human spam fighting
volunteers is called a WSF (wannabee spam fighter). Me? I really want
to fight the spam. (Maybe I should include a special label for the
spammers, too, but I can't think of anything negative enough. Is there
any stronger pejorative than "spammer"? I can't think of one.)

SpamSlam is my 'working draft' label. The idea is roughly based on

other anti-spam systems--but with more smarts. Almost all Web-based

email systems include one level of feedback in a Spam/NotSpam button.

Think of SpamSlam as a report-spam-button on steroids. SpamSlam would

report the spam, but also do much more. As a Gmail feature, it would
basically do some of the automatic analysis that any spam fighter has

to do, get some intelligent feedback, and hopefully be able to act
immediately against the spammer. Speed of action is actually crucial--
cutting off the spammers' income is a key goal of this proposal.

Here is an approach to implementing it:

Clicking on SpamSlam would first trigger a low-cost automatic analysis
of the email, including the headers. Let's call this Pass 0. Basically
this is just using regular expressions to find things like email

addresses, URLs, prominent brand names (that the company wants to
defend--maybe even paying Google for that service), and phone numbers.

The results would be used to generate a Pass 0 webform with comments
and options (and explanations and links).

This pass should also look for obfuscation and ask the wannabe spam
fighter (WSF) to help break the spammers' attempts to evade the spam

filters. This is leveraging the spam's internal features against the

spam--if a human can't figure out the spam, then the human can't send

money to the spammer. The spammer can't escalate that kind of
obfuscation, because then the spammer gets no money.

In many cases, this Pass 0 analysis may be able to suggest answers,
too. If something like an obviously bogus email address appears in the

header, then the WSF should just click the option 'fake email'.
Perhaps the WSF would only need to click a check box to confirm that

"V/1/A/6/R/A" is a drug and categorize the spam for appropriate
handling. Other times the WSF might actually type in the answer to the

spammer's quasi-CAPTCHA, and then the SpamSlam function can do
something. At the bottom of the 'exploded email' in Pass 0, there will
be the usual submit button.

After the WSF submits that Pass 0 form, more analysis can begin. The

data is no longer raw, but partly analyzed, and the feature can start

checking domains, registrars, relays, fancier types of header forgery,
MX records, categories of crime, email routings, and even things like
countries hosting the spammer. This kind of analysis will probably
take a bit of time, but a new Pass 1 form will be prepared for the WSF
to consider. Basically, this would mostly be a confirmation step for
the obvious counteractions. That's stuff like complaining to
identified senders and webhosts, but also things like reporting open

relays and spambots. If the responsible party doesn't stop spamming,
then Google should collect the statistics and escalate upstream, too.

For companies that want to defend their brand names against spammers,

it could also include routings to their appropriate agents. As noted
earlier, this could actually be a service that Google sells to those
companies in conjunction with anti-phishing efforts.

The Pass 1 also needs more flexibility and places for 'other' options
with WSF-supplied explanations. We all know the spammers are
constantly trying to devise new tactics. And again, there will be a

submit option at the bottom for this Pass 1 form.

That will probably cover most of the responses, and certainly make me
feel much better, but in some cases there may still be a need for a

Pass 2 form. I imagine that would be a kind of escalation system,
mostly to address new forms of spam. There is no closure on spam,
there will always be new kinds of spam, and the responses to spam need
to be open and flexible, too--but fast. The spammer is trying to open
millions of little windows of economic opportunity--and in an ideal

world Google and we should slam all of them before a nickel gets

through.

Beyond that? I think Gmail should also rate the WSFs on their spam-
fighting skills. Some people are going to be much better at fighting
spam. I admit that I want to earn a "Spam Fighter First Class" merit
badge. Come to think of it, I also want the system to keep records of
the spam I've slammed and how it was dealt with. Maybe they'd even
spot cases of lawsuits against "my" spammers? Gosh, I'd love to join
in and personally help put a spammer in jail. I know we're supposed to
hate the spam, not the spammers--but I confess. I hate the spammers,
too.

Obviously none of this is set in stone. If you agree with these

ideas--
or have some better ones, I suggest you try to call them to Google's
attention. Actually, in my pursuit of this idea, I have been surprised
to encounter a lot of anti-Google sentiment--though not surprised that
much of the ill will was spam-related. However, I think Google is
still an innovative and responsive company--and they claim they want
to fight evil, too. Will they try harder to fight spam if many people

like you and I ask them to? I hope so, and it doesn't really matter

where ideas come from or who gets credit--what matters is annoying the
spammers more than they annoy us.

Given the basic form of SMTP, we can never eliminate spam or

spammers--
but we can give them heck. If this suggestion is aggressively
implemented, then bulk spam sent to Gmail would almost immediately
result in a flood of highly focused and thoughtful complaints against
the spammer--before the spammer can get *ANY* money from the spam. Hit
the spammer in his wallet *BEFORE* he can pocket anything.

[shanen]

Suggestion after suggestion, and apparently no one else notices the
elephant in the room? Maybe if the spam sat in your lap?

[Dirty Harry]

Post after (insanely long) post, and shanen is apparently against
spam....Maybe if we kicked him out of the group?

[hazza]

Yes, lets kick mr. verbal diarrhoea!! (had to look that one up to
spell it)

On Jun 19, 10:48 am, Dirty Harry wrote:
> Post after (insanely long) post, and shanen is apparently againstspam....Maybe if we kicked him out of the group?

>
> On Jun 18, 6:51 am, shanen wrote:
>
>
>
> > Suggestion after suggestion, and apparently no one else notices the

> > elephant in the room? Maybe if thespamsat in your lap?- Hide quoted text -
>
> - Show quoted text -

[shanen]

You expect me to apologize for thinking more clearly than you do?

One question. Can you ["Dirty Harry" and your probably sock puppet
"hazza"] read anything longer than a few lines? Could you understand
it if you read it? For example, what was the last actual book you
read?

It's fine with me if you're too stupid to understand my comments. It
would be more amusing if you would attempt some concrete defense of
spam.

However, if you have nothing to say, why don't you just say nothing?

[shanen]

Not related to the non-discussion in this forum, but from other more
thoughtful discussions, I have a couple of improvements to suggest. If
there was a serious consideration here, I'd go ahead and properly
integrate them into the body of the suggestion--but since there is no
evidence that anyone here has actually read the idea, I'll just leave
the previous version below and let you refer to it if you're that
interested.

The main revision is that the stronger anti-spam button should (by
default?) only be visible when you are in the spam folder. That would
automatically limit the scope of it's effect to those people who are
at least scanning for false positives. The lesser revision is that I'm
increasingly dissatisfied with the label. I think the button should be
called something else... Perhaps it should be paired as "Report spam"
and "Fight spam" or "Full Spam Report"?

Actually, my main conclusion here is that the typical users of Gmail
are evidently rather less intelligent than the employees of Google, at
least according to the rumors... Actually, I have more direct evidence
than rumor, but...

[Dirty Harry]

Im sorry, I cant remember the last book I read..it was so long ago.
what was the last book you read? "fighting fire with fire" (or spam
with spam)?
More seriously now, what do you mean by my 'sock puppet' friend haza?

> > > elephant in the room? Maybe if the spam sat in your lap?- Hide quoted text -

[shanen]

If you have nothing to say, why don't you say nothing? Congrats to
your sock puppet for doing so.

To anyone else who actually has something to say about the actual
topic, the current post 5 of June 14th is a complete version for
comment, and the current post 11 of June 20 has a few minor
amendments.

[Ohad Lutzky]

Hello shanen,

I have read your suggestion quite thoroughly, and it seems quite badly
stated, and not completely thought out. My response fits nicely into
this template, taken from a (very interesting) lecture on fighting
SPAM:

Your post advocates a
(*) technical ( ) legislative ( ) market-based (*) vigilante
approach to fighting spam. Your idea will not work. Here is why it
won't work.
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
(*) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate
potential employers
( ) Spammers don't care about invalid addresses in their lists
(*) Anyone could anonymously destroy anyone else's career or
business

Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email
addresses
(*) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
(*) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with
spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have
ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(*) SMTP headers should not be the subject of legislation
(*) Blacklists suck
( ) Whitelists suck
(*) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(*) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(*) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(*) Killing them that way is not slow and painful enough

It seems you have done incredibly little research on the subject of
spam. The problem is a far, far more complicated one than you realize.
If you're serious about fighting the serious problem of SPAM, you
should really read more about the technical efforts and legislation
that have been worked on, for many years now, to combat it (a good
place to start, if you also follow the links at the bottom, is
http://www.paulgraham.com/spam.html). Also, to really get serious, you
should get a degree in computer science.

...if you're not too busy explaining how much more intelligent than
everyone else you are. I am subscribed to this group, and the ONLY
spam I receive in GMail is your disgusting, stuck-up, ill-advised and
simply rude comments. You should be more careful about where you post
your E-Mail address if you receive so much spam that GMail's filters
cannot handle. You know, it's the intelligent thing to do...

[shanen]

That form was funny the first time it was created and about the first
three times I saw it. Now it is a tired old joke. It is generally used
as a lame and dismissive excuse to say the spam problem is too
intractable, but without actually thinking about the problem. At this
point, *ANY* suggestion about spam will receive that form without any
regard to the possible merits of the suggestion--but it's easier than
thinking, right?

You claim to have actually read and understood my suggestion. If so,
then why are almost all of your checked selections incorrect and
irrelevant? Laughably, you thereby contradict yourself in a number of
places. If you think the suggestion was poorly stated, please say what
you could not understand and I'll attempt to clarify it. You may be
surprised, but I actually shortened it up. I felt the description was
already quite long. However, the author actually has a disadvantage
when he is trying to edit his own work--the author already knows all
of the mental models involved, and a brief reference that may seem
sufficient to the author in his editorial mode may well be inadequate
for someone else.

Anyway, I could go down your list and refute each selection
individually, but instead I'll only address the one selection that
actually comes close to being relevant. I acknowledge that my
suggestion does not address purely vindictive Joe jobs. They do exist
as a problem, but they are only a minor problem and that's where they
will stay. Of course you can't prevent crazy people from doing crazy
things, but the existing laws are generally quite effective. This
suggestion is basically neutral to that sort of craziness. However,
there is no positive payoff for that kind of behavior, while there are
severe negative penalties, and so it is restricted to a few lunatics
who are quickly dealt with (though my suggestion could help deal with
them a bit more quickly).

If you think any of your selections are actually more relevant than
that one, please feel free to say why, and I'll attempt to make it
clear to you. However, the essential point that you don't seem to
understand is that there are some good Samaritans out there, and we
don't mind if our efforts are helpful and beneficial even for
apparently lazy and not very thoughtful people. Maybe you aren't that
way, but at least that's the impression you've created.

By the way, I actually do have a computer science degree from one of
the supposedly top schools. However, I feel that this suggestion
actually draws more from my sociology degree, which was from a
different university. It also draws heavily on my studies of
mathematics, especially statistics, though I never completed a degree
in that field, and upon my experiences as a database programmer in
several commercial fields.

I also created or maintained email systems a number of times in my
long career, and was even the postmaster of one of the largest free
email systems in a major city. Fortunately for my blood pressure, I
left that company before the spam problem became serious... (Funny
story there about a Harvard MBA, but tangential.) I have already
studied the spam problem in great detail and for many years. However,
unlike you, I still believe that the problem can be usefully
addressed. Also, I believe that Gmail is now positioned in a uniquely
advantageous position to lead the way.

[Dirty Harry]

wow, you got told, shanen!!

> place to start, if you also follow the links at the bottom, ishttp://www.paulgraham.com/spam.html). Also, to really get serious, you

[shanen]

I don't understand how Yala missed this thread.

On Jun 12, 5:26 am, shanen wrote:
> Well, it would help if you ask a concrete question, but I'll try to
> put the key notion in a simple way:
>

> A spammer sends out lots ofspam, annoying lots of people. The spammer
> doesn't expect to make money from the firstspam, but maybe from onespamout of 20,000 (just an arbitrary number around the right size to

> make the example simple). That would imply an average of 10,000 spams
> before the spammer would find one sucker.
>
> My suggestion is to give the first 9,999 people a way to easily and
> more effectively express their annoyance--and thereby cut off the
> spammer before he gets his payoff. You don't need all of those annoyed
> people to complain, but just a few good Samaritans would be
> sufficient. This suggestion would help make their complaints as
> effective as possible, and make it very unlikely that the spammer
> would get any money.
>

> At its root,spamis an economic problem. The spammer thinks his

> marginal cost of sending another million spams is zero. We need to
> stop the spammer from dividing by zero or try to make sure his RoI
> remains zero, too.
>
> On Jun 11, 11:37 pm, D_C wrote:
>
> > Your post is too long and not exactly written in layman's terms. You
> > can't expect people to agree with something they either don't want to
> > read, or don't understand.
>

> > Yes, i want to fightspam, but that's about all I got out of your

> ...
>
> read more »

[shanen]

Again, an improvement from elsewhere imported here. Judging by the
local contributors, almost no one who uses Gmail ever gets any spam,
but if they do, they are basically gratified it isn't worse...

Anyway, the wrinkle would just be a selectable option in the Pass 0
response for detected email addresses. In some cases, there is reason
to suspect an opt-out is actually a harvester, so there should be a
selection there for "probably address harvesting". If you select that
option, then the Gmail system would automatically create a fake email
address and send a cancellation request to the address. They would
then monitor that fake address for a few days to see if it starts
getting spam. Of course it depends on the jurisdiction, but in many
places that category is especially actionable.

[mike t]

Alot of subscription emails have been falsely marked as spam. Usually
store flyer but once a google apps group email lol. I think a good
percentage of average google users sign up for thing or click here to
recive more emails or dont uncheck them and then forget about it or
are too lazy to follow through and unsubscribe. They just mark it as
spam. I think that is very very common I dont belive the google
algorithms are that bad at tellling the difference between spam and
legitamate subscriptions so there must be alot of users incorrectly
telling google they are spam when theyre not.



shannen you could 'refactor' your posts to be more articulate and
shorter. And also whats with all teh flame 'bloat' from everyone in
in this thread?..

[shanen]

It would be difficult to present the idea in a way that is
significantly shorter without reducing it to 'philosophic statements
of objectives.' On those terms, I think the shortest summary is that
there are a lot of people who want email to work better (with less
spam), and I think we can user our numerical advantage to reduce the
amount of spam. Reducing the spammers' incomes is one natural
approach.

As regards the flamage, I really can't explain that. Perhaps some
people just hate the thought of helping other people? Or maybe they're
offended by the idea of being helped by other people?

The specific problem you are describing is called the "false positive"
problem, where an email message is tested as possible spam and falsely
marked positive. Unfortunately, it sounds like your behavior is
actually making the problem worse. Gmail seems to use global spam
filters, so incorrect classifications by some users may impact the
accuracy of the filtering as other people see it. More concretely, if
legitimate email is marked as spam, and then missed and not corrected
by other users, then Gmail's filters will continue to regard it as
spam. (I actually think Gmail uses some categorical and possibly even
individual whitelisting, so the situation is more complicated than
that. However, I don't have access to the internals, so I'm only
guessing from the behavior.)

The main advantage of my suggestion in that specific area is that the
Gmail people could (and I think they should) profile the skills of
users in fighting spam. I mention that part near the end of the
suggestion, but only considering how it would motivate people to
participate. On the Gmail side, it would also allow them to decide
which users should be discounted or valued more highly for their
reports. Again I'm simplifying things to keep it short. There are
actually a number of characteristics that are involved in dealing
accurately with spam. I think it requires a certain kind of suspicion
and an ability to imagine what a spammer is trying to do. Also, the
speed with which you can figure it out matters, since the spammers are
constantly trying new wrinkles.

On Jun 26, 7:36 am, mike t wrote:
> Alot of subscription emails have been falsely marked asspam. Usually

> store flyer but once a google apps group email lol. I think a good
> percentage of average google users sign up for thing or click here to
> recive more emails or dont uncheck them and then forget about it or

> are too lazy to follow through and unsubscribe. They just mark it asspam. I think that is very very common  I dont belive the google

> algorithms are that bad at tellling the difference betweenspamand
> legitamate subscriptions so there must be alot of users incorrectly

> telling google they arespamwhen theyre not.

>
> shannen you could 'refactor' your posts to be more articulate and
> shorter. And also whats with all teh flame 'bloat' from everyone in
> in this thread?..
>
> On Jun 23, 4:12 pm, shanen wrote:
>
> > Again, an improvement from elsewhere imported here. Judging by the
> > local contributors, almost no one who uses Gmail ever gets anyspam,
> > but if they do, they are basically gratified it isn't worse...
>
> > Anyway, the wrinkle would just be a selectable option in the Pass 0
> > response for detected email addresses. In some cases, there is reason
> > to suspect an opt-out is actually a harvester, so there should be a
> > selection there for "probably address harvesting". If you select that
> > option, then the Gmail system would automatically create a fake email
> > address and send a cancellation request to the address. They would
> > then monitor that fake address for a few days to see if it starts

> > gettingspam. Of course it depends on the jurisdiction, but in many

> > places that category is especially actionable.
>
> > On Jun 20, 6:16 am, shanen wrote:
>
> > > Not related to the non-discussion in this forum, but from other more
> > > thoughtful discussions, I have a couple of improvements to suggest. If
> > > there was a serious consideration here, I'd go ahead and properly
> > > integrate them into the body of the suggestion--but since there is no
> > > evidence that anyone here has actually read the idea, I'll just leave
> > > the previous version below and let you refer to it if you're that
> > > interested.
>

> > > The main revision is that the stronger anti-spambutton should (by
> > > default?) only be visible when you are in thespamfolder. That would

> > > automatically limit the scope of it's effect to those people who are
> > > at least scanning for false positives. The lesser revision is that I'm
> > > increasingly dissatisfied with the label. I think the button should be
> > > called something else... Perhaps it should be paired as "Reportspam"

> > > and "Fightspam" or "FullSpamReport"?

>
> > > Actually, my main conclusion here is that the typical users of Gmail
> > > are evidently rather less intelligent than the employees of Google, at
> > > least according to the rumors... Actually, I have more direct evidence
> > > than rumor, but...
>
> > > On Jun 14, 8:25 am, shanen wrote:
>
> > > > I continue to be dazzled that there is so much interest in grafting
> > > > more non-email cruft onto Gmail and so little interest in doing
> > > > anything about the #1 problem:spam. Let me try again to polish up
> > > > this description of a suggestion for a feature that I think could
> > > > conceivably drive many spammers away from Gmail. At the very least it
> > > > would give us users the feeling that we are doing something
> > > > substantive about the problem. Here's the topic question:
>

> > > > How can we make Gmail thespamtarget of absolute last resort?

>
> > > > The goal of this suggestion is to intelligently leverage and focus
> > > > Google's expertise and credibility against the spammers and against
> > > > the spammers' accomplices. So where will the intelligence come from?
> > > > From me, from you, from *ANYONE* who has a Gmail account and who wants

> > > > to help oppose the annoying evil that isspam. Aggressively

> > > > implemented, it could make Gmail into Spammer Heck--maybe to the point

> > > > where only a fool would sendspamto Gmail. (Yeah, there are plenty of

> > > > fool spammers--but at least we'd get the laughs without the serious

> > > > spammers.) Lessspam= more value in Gmail.

>
> > > > For ease of reference here, one of these humanspamfighting

> > > > volunteers is called a WSF (wannabeespamfighter). Me? I really want
> > > > to fight thespam. (Maybe I should include a special label for the

> > > > spammers, too, but I can't think of anything negative enough. Is there
> > > > any stronger pejorative than "spammer"? I can't think of one.)
>
> > > > SpamSlam is my 'working draft' label. The idea is roughly based on

> > > > other anti-spamsystems--but with more smarts. Almost all Web-based
> > > > email systems include one level of feedback in aSpam/NotSpam button.

> > > > Think of SpamSlam as a report-spam-button on steroids. SpamSlam would

> > > > report thespam, but also do much more. As a Gmail feature, it would
> > > > basically do some of the automatic analysis that anyspamfighter has

> > > > to do, get some intelligent feedback, and hopefully be able to act
> > > > immediately against the spammer. Speed of action is actually crucial--
> > > > cutting off the spammers' income is a key goal of this proposal.
>
> > > > Here is an approach to implementing it:
>
> > > > Clicking on SpamSlam would first trigger a low-cost automatic analysis
> > > > of the email, including the headers. Let's call this Pass 0. Basically
> > > > this is just using regular expressions to find things like email
> > > > addresses, URLs, prominent brand names (that the company wants to
> > > > defend--maybe even paying Google for that service), and phone numbers.
> > > > The results would be used to generate a Pass 0 webform with comments
> > > > and options (and explanations and links).
>
> > > > This pass should also look for obfuscation and ask the wannabespam
> > > > fighter (WSF) to help break the spammers' attempts to evade thespam

> > > > filters. This is leveraging thespam'sinternal features against the
> > > >spam--if a human can't figure out thespam, then the human can't send

> > > > money to the spammer. The spammer can't escalate that kind of
> > > > obfuscation, because then the spammer gets no money.
>
> > > > In many cases, this Pass 0 analysis may be able to suggest answers,
> > > > too. If something like an obviously bogus email address appears in the
> > > > header, then the WSF should just click the option 'fake email'.
> > > > Perhaps the WSF would only need to click a check box to confirm that

> > > > "V/1/A/6/R/A" is a drug and categorize thespamfor appropriate

> > > > mostly to address new forms ofspam. There is no closure onspam,
> > > > there will always be new kinds ofspam, and the responses tospamneed

> > > > to be open and flexible, too--but fast. The spammer is trying to open
> > > > millions of little windows of economic opportunity--and in an ideal
> > > > world Google and we should slam all of them before a nickel gets
> > > > through.
>
> > > > Beyond that? I think Gmail should also rate the WSFs on theirspam-
> > > > fighting skills. Some people are going to be much better at fighting

> > > >spam. I admit that I want to earn a "SpamFighter First Class" merit

> > > > badge. Come to think of it, I also want the system to keep records of

> > > > thespamI've slammed and how it was dealt with. Maybe they'd even

> > > > spot cases of lawsuits against "my" spammers? Gosh, I'd love to join
> > > > in and personally help put a spammer in jail. I know we're supposed to

> > > > hate thespam, not the spammers--but I confess. I hate the spammers,

> > > > too.
>
> > > > Obviously none of this is set in stone. If you agree with these
> > > > ideas--
> > > > or have some better ones, I suggest you try to call them to Google's
> > > > attention. Actually, in my pursuit of this idea, I have been surprised
> > > > to encounter a lot of anti-Google sentiment--though not surprised that

> > > > much of the ill will wasspam-related. However, I think Google is

> > > > still an innovative and responsive company--and they claim they want
> > > > to fight evil, too. Will they try
>

> ...
>
> read more »

[mike t]

http://en.wikipedia.org/wiki/Proof_by_verbosity
..sorry i couldnt resist throwing that one in ..;)

to pararaphrase "Make everything as simple as possible, but not
simpler. Albert Einstein.

I fail to see how my behavior is seeming to make spam worse..?

And i find it ironic (funny and sad) that one of my google groups
goodg apps getting started digest email was a false positive.

> ...
>
> read more »

[shanen]

Let me try a different tack on a mostly blank slate...

Sending spam email is a violation of the ToS of every reputable
company involved in the Internet. However, even there there is
fuzziness about exactly what constitutes spam and what activities
support spam, but at a minimum there is wide consensus that a
spamvertised website deserves to be terminated to avoid benefiting the
Internet-abusing spammers. To paraphrase a different joke, "Hard-cord
spam may be hard to define, but I know it when I see it."

In theory reporting spam should therefore be sufficient to stop it,
but in reality the spammers don't want to be stopped, and they are
very evasive and innovative. Therefore reporting spam properly is
fairly difficult. I don't want to go into all of the hairy details of
header analysis and registrar tracing, but my suggestion is basically
intended to make it easier for people to report effectively.
Essentially it would allow Gmail's spam-fighting people do more anti-
spam work at higher levels and spend less of their time digging in the
trenches.

On Jun 29, 10:35 pm, mike t wrote:
> http://en.wikipedia.org/wiki/Proof_by_verbosity
> ..sorry i couldnt resist throwing that one in ..;)
>
> to pararaphrase "Make everything as simple as possible, but not
> simpler. Albert Einstein.
>
> I fail to see how my behavior is seeming to make spam worse..?
>
> And i find it ironic (funny and sad) that one of my google groups
> goodg apps getting started digest email was a false positive.
>

<older context snipped, but available via Google Groups>

[shanen]

Whoops.

c/hard-cord/hard-core/

[shanen]

Still waiting for a comprehending response to this suggestion. If
Gmail Labs is considering it, they're certainly keeping it close to
their vest... Maybe I should publish it with the ACM? I haven't
written anything for them lately...

[shanen]

I remain dazzled that there is so little interest in actually going
after the spammers. No wannabe good Samaritans out there, eh? At least
that's how it feels to me.

It's a shame that spam hating isn't an Olympic event. Apparently I
would be the only contestant for the gold medal.

[shanen]

As usual, I am surprised how many trivial suggestions there are with
so many trivial issues. There are a few suggestions related to the #1
problem of email--but mostly people want to ignore the ostrich in the
room.

Anyway, I did think of one more wrinkle that should be added to this
suggestion. There should be a selection on the response form for
"chronic abuser". Actually, it should probably be a scaled indicator
that would initially be set based on Gmail's automatic scanning of the
email. Obviously, if the spammer is sending lots of identical mails,
then Gmail should be able to pick that up and mark it automatically,
but you need the human element for cases where the spammer is making
changes in the individual spam messages (one of the spammers' favorite
anti-filtering countermeasures these days).

As an additional wrinkle, maybe Gmail could show pairs of spam
messages and ask for the human judgment as to whether or not they came
from the same spammer. This would help the general filtering, but
could also help Gmail prioritize their anti-spam efforts to go after
the bigger fish. Of course that would be a voluntary thing. Part of
the "Spam Fighter First Class" thing?

The rest of this is just the original suggestion being 'refreshed':

[Fred Calm]

My 2¢:Quitcherbellyachin'. Gmail's spam filters are fantastic! They're
hads down the best I've seen.

I get one or two spam messages in a fortnight, maybe two orders of
magnitude than what shows up in my POP accounts' mailbox, and that's
after filtering with SpamPal. I used to train the filter, but it's a
lost cause. Also, Gmail has very few false positives (legit email
flagged as spam.

As to aggressively attacking spamsters, you might want to check out
Knjon and SpamPal. What Gmail needs to be used conveniently with those
services is a way to easily select a bunch-o-messages and forward them
in swell foop as attachments to a probably empty message.

Also the tale of the Blue Frog from Blue Security (R.I.P) may be
interesting to you. Google it or just go to Wikipedia, where there's a
good article.

Further, it's an industry problem. I believe there's at least one
consortium that's proposing enhanced email conventions (via additional
X... headers, to better authenticate email as it moves between MTAs
(Mail Transfer Agents, or SMTP servers). These conventions help
prevent spamsters from spoofing email addresses. The real breakthrough
will come when IPv6 replaces the venerable IPv4, which has gone pretty
long in the tooth.

</Fred>

[shanen]

Question: What part of my suggestion did you not understand?

Answer: Judging by your comment, you understood *NONE* of it.

So if you had nothing to say, why not say nothing?

I'll go ahead and respond to your irrelevant comments anyway,
basically because I think the topic of spam should be discussed. If
you can think of some other email-related topic that would do more to
improve the value of email, I'd be curious what it could be. My
perspective is that email is basically a good thing, and the bells and
whistles are nice--but the spam part of email is bad, totally bad, and
should be dealt with as effectively as possible.

As regards your evaluation of Gmail's spam filtering, the main thing
it shows is how few spam filters you've seen or how little email you
receive. It may also reflect your past success in avoiding the
harvesting of your Gmail address. Had you seen more of the world, you
would not describe the Gmail filtering as "fantastic", but rather
"within the norm for competent email service providers".

I'm familiar with Knujon and they do some good work. I use SpamCop,
and I'll double-check SpamPal, though I believe I evaluated and
dismissed it a while ago. With regards to your other citations, you
didn't say enough to persuade me to read any of them, though I've
probably already read them. I even wrote "Sam Spam the Flimflam Man,
You Can't Stop Him, No One Can." (The publisher reformatted and
amended the title in a rather annoying way.)

As far as quitting the bellyaching, that's what the spammers would
like, and the entire point of my suggestion is to make it easier for
people to bellyache more effectively. My belief is that the people who
hate spam vastly outnumber the suckers who send money to the spammers.
If Google can exploit that statistical reality, then perhaps they can
make Gmail a nonprofit venue as far as the spammers are concerned.

If spam hating was an Olympic event, I'd be in Beijing now.

[Fred Calm]

I'll confess to not having carefully read and deeply contemplated
every word of your many log screeds. Believe it or not, I have a
life.
I did skim your material and thought I made some constructive
observations and suggestions. The bellyachin' crack was meant to be a
tongue-in-cheek suggestion for you to lighten up, not as a personal
attack. Maybe a smile or wink emoticon would have helped.

The anger and passion in your posts are a bit much. IMHO, they're out
of place here. I have no interest in getting into a long argument with
you or taking on your crusade.

Fare thee well.

</Fred>

[shanen]

You don't have to do anything to make the world a better place.
However, some people (including me) would actually like to make the
world better, and I'm convinced that a world with less spam would be a
significantly better world.

In theory, spam should not even exist. In practice, it's too easy for
the spammers to slide along on their scams and the hopeless, helpless
indifference of people like you. Gmail could throw some heavy grit
into their spam machines. You don't have to help, and I don't even
mind that you would be an incidental beneficiary.

However, if you have nothing to say about the actual topic, why don't
you just say nothing?

As for your recommended "calm" approach, perhaps you could consider
alternative handles. How about "lazy" or "wasted life" or "mindless"
or "Bush supporter"? Whatever. The "calm" simply doesn't do you
justice, sir.

I acknowledge that my hatred of spam in all its forms is not
reasonable--but the world was never changed by reasonable men, and I
really want to change the spammers' world.

[Bill Gates(Email to me without 'this is not spam' in the subject is directed straight to the trash unread by automatic filters.)]

shanen, interesting idea.

The problem is that the WSFs have to be more reliable than the
automated systems Google can make to do the work instead.
If they provide add'l info to help the filters or abuse desk folks,
that info isn't of much use if it's less reliable than the info they
can generate themselves.

Gmail already has about the best filters around. Unfortunately, their
security isn't great; I have a gmail account that has an email address
that I've never disclosed to anyone, and it's not readily guessable.
But it gets spam; I wonder how that happened...

In some cases, the users could definitely help, e.g. if they can
identify that an email address in the spam is the dropbox; that's
something automated systems can't do (AFAIK), so email addresses in
spam are usually not treated specially.

[shanen]

Apparently your long parenthetic comment after your name confuses
Gmail's JavaScript and makes it hard for Gmail to format a reply to
your email--I had to stretch the window to about 1600 pixels to make
the input field fully visible. Then again, you've already discounted
yourself by your presumptuous or pompous handle. If you actually were
*THE* Bill Gates, I wouldn't be giving *YOU* any tips or suggestions.
Actually, in that case you already promised to deal with the spam
problem some years ago, and you're running quite late. My fuzzy
recollection is that you said spam could be dealt with within a year
or two--and that was about five years ago.

Anyway, handle notwithstanding, I'm not fully clear on your objection.
It sounds like it was already addressed in the part about "spam
fighter first class". To clarify: I definitely agree that the
reliability of the WSF (wannabe spam fighter) is fairly important, but
Gmail would be in a perfect position to assess the human reliability.
Since this spam-fighting activity is directly linked to your Gmail
account, they already know who you are, so the speak. They don't have
to examine all of your spam reports in detail, either. The easiest
approach would just be to compare your spam reports to the reports
filed by other people. If your reports seem odd compared to other
reports on the same spam, they would probably have someone take a look
at the situation. It might be that you're reliability should be
downgraded--or that you're actually one of the few people who has
actually figured out what the spammer is up to and your reports should
be taken more seriously. In terms of acting on the reports, they might
well wait until they have several closely matching reports before they
do anything at all. After all, they want to reduce their workload if
possible.

You mentioned the dropbox detection thing. One new wrinkle that I've
been considering would involve integrity claiming. I've been seeing
some spam headers recently that are pretty odd. It seems like they are
using a third-party email system just to create an impression that the
email should be delivered. It isn't a direct relay thing, but
something else. Not supposed to be the sender or the receiver, so I'm
not sure what it's doing in there. Right now I'd just have to mark it
in the "other" category...

By the way, though Gmail's spam filters are good, they certainly
aren't the best that I've seen. This is fundamentally a problem of
Byzantine generals, and there is no general solution there... Depends
on too many factors. Which spammers have your address? How much email
do you get and of what types? Do the spammers have any special
targeting information on you? Etc., etc. Lately Gmail seems to have
improved (reduced) the false positives--but the almost inevitable
result is that I'm seeing more false negatives. However, in my case I
do get a fair amount of legitimate news-related email, and there is a
new rash of fake-news spam going around.

[shanen]

Well, I'm no longer surprised by how many trivial suggestions there
are here, and how many of them are for features that already exist.
However, my new surprise is how few of the public responses to these
thread even acknowledge the problem. Almost no one has come out and
said "Yes, spam is the #1 problem with email."

I still hope there has been some private response within Google, and I
continue to think that a show of public interest and more active
discussion of the spam problem might help encourage that private
response, too.

As usual, I've thought of a couple more wrinkles that could be added--
but in the absence of any public interest, I'll just consider them for
other uses... Perhaps publication of another anti-spam article would
be more effective than trying to encourage Google to ride to our
rescue?

The rest is just a repost of one version of the suggestion for the
sake of context, but hopefully to stimulate discussion and
consideration of the problem.

[Bill Gates(Email to me without 'this is not spam' in the subject is directed straight to the trash unread by automatic filters.)]

On Aug 12, 6:25 pm, shanen wrote:
> Apparently your long parenthetic comment after your name confuses
> Gmail's JavaScript and makes it hard for Gmail to format a reply to
> your email--I had to stretch the window to about 1600 pixels to make
> the input field fully visible. Then again, you've already discounted
> yourself by your presumptuous or pompous handle.

When I post to normal newsgroups via Google, you can see my email
address (RoastedBillyGoat...@hotmail.com) which makes it obvious I'm
not the famous goat ass.

> If you actually were
> *THE* Bill Gates, I wouldn't be giving *YOU* any tips or suggestions.
> Actually, in that case you already promised to deal with the spam
> problem some years ago, and you're running quite late. My fuzzy
> recollection is that you said spam could be dealt with within a year
> or two--and that was about five years ago.

You're correct.

> Anyway, handle notwithstanding, I'm not fully clear on your objection.
> It sounds like it was already addressed in the part about "spam
> fighter first class". To clarify: I definitely agree that the
> reliability of the WSF (wannabe spam fighter) is fairly important, but
> Gmail would be in a perfect position to assess the human reliability.
> Since this spam-fighting activity is directly linked to your Gmail
> account, they already know who you are, so the speak. They don't have
> to examine all of your spam reports in detail, either. The easiest
> approach would just be to compare your spam reports to the reports
> filed by other people. If your reports seem odd compared to other
> reports on the same spam, they would probably have someone take a look
> at the situation. It might be that you're reliability should be
> downgraded--or that you're actually one of the few people who has
> actually figured out what the spammer is up to and your reports should
> be taken more seriously. In terms of acting on the reports, they might
> well wait until they have several closely matching reports before they
> do anything at all. After all, they want to reduce their workload if
> possible.

No, see I'm not talking about differentiating the malicious users from
the ones trying to help.

I'm talking about the inherent inaccuracy in the tagging done even
just by the ones trying to help. Humans are inherently unreliable.
I.e. it's rare to find a human who can correctly identify ham vs spam
more accurately than a good spam filter such as the current version of
spamassassin.
OTOH, if you have two humans quickly identify each specimen as ham vs
spam (or have the same person do the same thing twice) and take a
third look where the answers don't match, you'll get to high
accuracy. It's not clear whether you're proposing such methodology as
part of your scheme.

> By the way, though Gmail's spam filters are good, they certainly
> aren't the best that I've seen.

What's better, in your experience?

> ...

[shanen]

Bit rushed this morning, so only going to comment on two parts of it.

First, you may think your handle with your parenthetic explanation is
cute or amusing. However, in actuality it is quite annoying on two
counts. Most importantly, Google's Groups software is trying to avoid
breaking the parenthetic comment because that is supposed to be your
true name, not a disclaimer or apology or whatever. The result is that
your message is interpreted as having an extremely long line length. I
have a quite wide monitor here, but it is still far too narrow to deal
with the formatting problem you are causing. Unneeded horizontal
scrolling is very annoying and you should stop doing it. Second, the
famous name is an unmerited claim for credibility.

Second, you are correct that some people aren't very good at telling
spam from ham, and you skipped over the aspect that one man's spam is
another man's ham.In my original suggestion I only suggested
recognition of people who are better at recognizing spam. However, I
was mostly thinking about "spam fighter first class" in terms of
people who are best at figuring out what is going on in the spammer's
newest tricks. You extended the idea slightly to consider polling of
the responses, and there is nothing to prevent Gmail from doing that.
Actually, that would probably have the added benefit of calling extra
attention to the spam that more people find most offensive.

I would strain my time to add a bit more, but the long lines caused by
your parenthetic handle add too much annoyance to the process.

On Sep 8, 2:32 am, Bill Gates(Emai) (to me without 'this is not spam'
in the subject is directed straight to the trash unread by automatic

filters.) wrote:
> On Aug 12, 6:25 pm, shanen wrote:
>
> > Apparently your long parenthetic comment after your name confuses
> > Gmail's JavaScript and makes it hard for Gmail to format a reply to
> > your email--I had to stretch the window to about 1600 pixels to make
> > the input field fully visible. Then again, you've already discounted
> > yourself by your presumptuous or pompous handle.
>
> When I post to normal newsgroups via Google, you can see my email

> address ([email address]) which makes it obvious I'm

[talmai]

Maybe someone at Google has already read this... maybe not: since SPAM
may be another's HAM, why not try to use uncertainty to model the
problem? The The continuous transferable belief model (an extension of
Dempster Shafer Theory (DST)) can model subjective beliefs and
therefore is capable of handling uncertainty, conflicting information
and even ignorance. :)

[REF] Smets, P. and Kennes, R., "The Transferable Belief Model",
Artificial Intelligence 66(2), 191-234 (1994).

[shanen]

Frankly, I think we are wasting time suggesting that Google do
anything about the #1 problem of Gmail, which continues to be abuse by
the spammers. Google is incompetent or impotent, or maybe they just
love spam. I still can't see why. Google is supposed to be selling
advertising, and it's hard to compete against free--and the spammers
clearly have infinite supplies of free garbage.