I've received a few of the new PayPal scams, that involves an email identical to ones sent by PayPal (complete with a blurb about watching out for scams), and a cleverly crafted URL. The URL starts with "https://www.paypcal.com:ac=..." and to the untrained eye, looks like a valid PayPal URL (the trained eye would notice the lack of a '/' after the domain). In fact, I might've fallen for it if the form had simply asked for me to log in, instead of asking me for my credit card number, bank account number, bra size, the number of cats I own and my mother's favorite ice cream flavor. I'm sure a lot of people have fallen for it though... sadly, there's an abundance of idiocy in this world.
Then there's the news of a trojan that turns ordinary Windoze PCs into porn servers and spam spewers. It seems somebody finally put two and two together. I've heard people say that the problem with Microsoft isn't their insecure software, but rather their monopoly that renders them favorable targets. Some how, that seems like a tit for tat argument. After all, if there was more diversity, the problem may still be there but it'd most likely be smaller. I mean, who'd want to write a trojan for a bunch of different platforms that each have 20% or less market share?
Spam is another problem entirely. Spam is the inevitable side effect of an open communications protocol that allows for mono-directional transmissions. I'm tempted to throw up my hands and give up, but, as an author of an email client, giving up is one luxury I don't have. I can tell people that spam should be weeded out by MTAs and MDAs, but, ultimately, people want a last line of defense in their MUAs as well.
If I had money, here's what I'd do. IlohaMail is deployed all around the world, and has at least 30,000 users (and possibly as many as 100,000). I think that's enough people to start a spam database, if everyone who gets spam reports it to a central database (which will merely require a click). The report would include information like the subject, the time the message was sent/received, and the IP address from which the message was received (which should be the guilty relay). For every new message received, the spam filter would do basic filtering locally, so that messages from people in the user's contacts list would pass through and the remaining "unknown" messages would be checked against the database. Furthermore, I'd open up the protocol used for reporting spam and matching messages (perhaps by using SOAP or XML-RPC) so that other email clients can join the network if they wanted to. CloudMark does something like this, except they don't have an open protocol, it only works with Outlook, and they require a subscription. You know, CloudMark must be run by a bunch of idiots. All they had to do was open up the protocol, and they could've saved the world from spam. But no, they had to go and try and make money off of it. Well, I guess what compels people to send spam is ultimately what's preventing us from stopping it.
Hell, now that I think of it, why are we looking for cures for cancer and AIDS? If we found a cure for greed, the world would be a much better place for it (because we can then go find a cure for cancer and AIDS, and we'd actually let people have access to it).
Posted Wed, April 28, 2004 03:26 by Gay Hitchhiker
gay hitchhiker
[moderate]