This is beyond funny., great concept.

Of course you know that many here will try this at home., like me !

I have friends with gigabytes of UK off peak bandwidth available... I wonder if....

I really hate all spam, I have one email address that gets about 300 messages a day of which 3 are not spam. (Thanks to K9 from kier.net Thunderbird and Spam-assassin I can control most of it)

BUT

Is attacking them really a good idea?

As a pacifist I have to say no, what this screen saver is doing is a controlled DOS attack, under UK law, the computer misuse act, it is "barely just" legal because the organisers make sure it does not actually crash the systems.

My fear is that people who use junk mail to sell, are by definition pretty stupid people, they will see more traffic on their site and say "hey this is working" and just do more spam shots.

Personally I have now taken to junking junk mail and ignoring it, any response, even negative just shows them it is working.

You may be interested to know that I have for some time suspected that some of the websites you register with sell your address even if they say they don't. To test this theory I create a new email addresses every time I need to give an email address. For example I may register here with an email address of www.omidyar.net-myname@mydomain.co.uk I have been doing this for about a year now. I have had 3 "results"

Company A had their technical manager leave the company and steal the database, which he emailed me from using the company specific email address. This watertight proof has enabled the Data Commissioner to enforce the Data protection act on this poor individual, who is probably going to end up with a £5,000 fine, for EACH offence they are preparing a case with 10 of us.

Company B was a tiny kitchen company, they had their website hacked, within hours I had emails on the address urging me to change my on line banking password, that my eBay account was suspended and a Lawyer in Nigeria wanted me to have a million dollars! Needless to say the company concerned was very embarrassed and reviewed their security, the database contained lots of other useful information, password, address, phone number and so on.

Company C said that there was no breach and that the email address must have been "sniffed" en route. Personally I think not, much more likely that they had a leak.

What this shows is, you can't trust anyone, many people seem to think it just wont happen to them, so best to create a separate email address one for each person you meet. Then, if it gets compromised then you can tip them off and if you still trust them give them a new one and bounce mail on the original.

Bruce Denney said:

You may be interested to know that I have for some time suspected that some of the websites you register with sell your address even if they say they don't. To test this theory I create a new email addresses every time I need to give an email address. For example I may register here with an email address of www.omidyar.net-myname@mydomain.co.uk I have been doing this for about a year now. I have had 3 "results"

I have been doing the same thing and was pleasantly surprised to find only once case of spam sent to an e-mail address I created specifically for a particular commerce site. I expected more.

Lycos Anti-Spam Screensaver Brings Down Spam Sites

Oops. Oh well, back to Marine Aquarium, then.

This demonstrates that "two wrongs don't make a right", and how much people hate spam.

I think that good corporate ethics should keep companies well inside the law and should have kept Lycos away from this project. The ethical behaviour of Microsoft and SCO are prime examples of how low the world is sinking. To drop to the same depths as the spammers is not a good move, we need good corporations with stunning good ethics to lead us back from this brink.

This is really serious.

Lycos have engineered a DDOS attack, this is a criminal act under UK law and I guess under US law, they will get sued by the bad guys and loose because now they are now bad boys as well.

The concept was skating close to the edge, this failure took them over the edge. You shouldn't skate on thin ice.

On a less serious note:

I am not a fan of screen savers in general

But ...

The aquarium is not as good as Mopy fish and Mopy Fish is free, (of course Mopy Fish is not available for any good operating systems, only windoze lusers can have the joy of it, well they need some sort of compensation)

http://www.mopyfish.net/

The interactivity of it is particularly good, I forgot to feed mine and it died, found it floating at the top of the tank upside down, fortunately they can be resurrected!

Now if someone wanted to make and interactive log fire screen saver, where you could put different sized logs on the fire and build up to a roaring inferno or let it die down to a smolder with an occasional crack, that would be really neat.

Pierre Omidyar said:

Bruce Denney said:

You may be interested to know that I have for some time suspected that some of the websites you register with sell your address even if they say they don't. To test this theory I create a new email addresses every time I need to give an email address. For example I may register here with an email address of www.omidyar.net-myname@mydomain.co.uk I have been doing this for about a year now. I have had 3 "results"

I have been doing the same thing and was pleasantly surprised to find only once case of spam sent to an e-mail address I created specifically for a particular commerce site. I expected more.

Ditto (or Tritto?)

Let me also note kind of by the way:

1. that I DO find the ingenuity of spammers' subject lines to be amusing and almost even ingenious.
2. that I am FOR free speech
3. that I am AGAINST wasting resources
4. that people got excited about the Internet because you could thereby connect with "all sorts" of other people
5. that an ouce of prevention is worth a pound of cure
6. that a common sense education concerning human nature will go a long way
7. that "the subject line reflects on its creator" ought to an axiom of common sense
8. that "sticks and stones" might NOT ought be an axiom common sense (but a pretty good song of Nils Lofgren's nonetheless)
9. that using filters entails censorship and is therefore detrimental to open communication

(I probably left something out, but I can't get bogged down by it now)

By the way: is there a WSIS-kateer in the house? (I think this is a rhetorical question, no?) What can be done here? I've been in touch with Geneva but so far have decided to do so only virtually. If there is interest (and at least SOME prospect of success), then perhaps I would be willing to engage in flesh-and-bones.

nmw

Pierre, While I am sympathetic to your motivations, I think the "make love not spam" approach is basically wrong.

It is tempting to try eliminating spam by increasing the cost of spamming. It even might work to some extent, although the bundle of paper mail I get from the Post Office makes wonder how well. My main problem with this is approach is not the idea of taxing email, but the form of the tax. Even to the degree that it works, this kind of denial of service attack is a terrible form of taxation because nobody gets to spend the proceeds.

I say, “No taxation without recompensation!” In other words, I propose that we should never add costs to the system without repaying collected proceads back into the system.

-Danny

I'm interested in the "email identity per correspondent" habit, metioned thrice earlier.

Increasingly, it feels like giving someone your email is like giving them your password. So perhaps, in the same way that people carry "username/password generators" for security, we could also carry "email identity generators", perhaps cell-top or palm-top. An email client (and sendmail mod) could also generate identities on the fly without a lot of bother. The clients could then collectively auto-share data, in a p2p fashion, so any party abusing the information is exposed. This could catch spamming, spoofing, and spying.

Maybe two month's programming for a first version ... a good exercise for a young hacker.

Creating email addresses is not hard, I do it in a very easy way. I allow wild cards!

I do have to remove the bad ones, so I have a link to the appropriate form in webmin to add a virtual users to sendmail and kill addresses when they go bad.

I generally use the website/company name so I can trace them if anything nasty happens with the email address.

This is fine and dandy... but it is not perfect.

Problem 1: When I reply to the email, my email client only has the one address for me. What I want is an SMPT / POP3 pair of proxy servers that will note the email address sent to and the from/reply addresses and then when I reply, remove my "standard" email address and replace it with the appropriate ones.

Problem 2: Spammers just guess names and this is not really much good unless you are the only person on the domain. What I want is semi wild carding bruce.xxxxxxxx@mydomain.com where xxxxxxxxx is the bit that identifies who the mail was given to ... bruce is the mailbox it goes to.

If you could code something to do both of those on the mail server then this would be a viable option for everyone.

This is not the only thing I do to stop spam. There are a lots of sites that ask for an mail address, I have a yahoo email address with spam filtering on it for that purpose. I only give a real address to people that I want to hear from.

My mates have some other interesting strategies.

White listing mail server, if the mailserver doesn't know who you are, it holds your email, emails you back asking for confirmation that you are a real person and only when it gets a reply does it let the mail through.

This is pretty effective... BUT. Some people don't understand what "reply to this email" means, I think some think it is a trap or something. Some people get this email as a result of a virus forging their email address and then reply to let the mail through! (There are now commercial services for this, indeed my mate runs one, guide price £12 a year)

A simply strategy is to create a sub domain called junk and use email addresses in that domain eg bruce@junk.mydomain.com apparently 95% of spammers remove the word "junk" and the email bounces!

Holy reverse shrek, Batman.

Never thought I'd see the day when somebody turned a ping war into GUI ...

Update:

I have now discovered that spammers don't like sub sub domains. eg. Bruce@email.account.mydomain.co.uk tends to be ignored. I think that they have some basic constructs that they expect email addresses to fit into. They do not expect sub sub domains in email addresses so email addresses using sub sub domains seem to be filtered out.

Jeremy Jaynes, Spammer & Fraudster --

Washington Post: Nonviolent;

BBC: strong signal;

Business Week: Spewing;

CNN: constitutional questions;

Norbert: who paid the $1 Million bail?

Bruce Denney said:

This is fine and dandy... but it is not perfect.

Problem 1: When I reply to the email, my email client only has the one address for me. What I want is an SMPT / POP3 pair of proxy servers that will note the email address sent to and the from/reply addresses and then when I reply, remove my "standard" email address and replace it with the appropriate ones.

Check your email software. Some support it. Someone needs to put together a plugin for doing in Thunderbird, though.

Problem 2: Spammers just guess names and this is not really much good unless you are the only person on the domain. What I want is semi wild carding bruce.xxxxxxxx@mydomain.com where xxxxxxxxx is the bit that identifies who the mail was given to ... bruce is the mailbox it goes to.

Here's an interesting trick I've picked up... Most email servers (thanks to early Unix account names) will deliver email to bruce@example.com when sent to bruce+xxxxxx@example.com. The + symbol is allowed in email names but not in Unix account names, so it was chosen as the "tagging operator" by early Unix mail agents. It is even supported by some of the "free controlled" email servers, such as Gmail accounts.

This sounds like a cool idea but i'm not sure of i'ts outcomes though...