What do you think is the best way to deal with SPAM? (regulation, filtering, blocking)

Do you think FreeNet(or similar) will have some trouble with RIAA?

-Dan

This should get things stirred up (at least a little)

IMHO -

regulation will never work. The spammers will either operate from
locations that can not be touched or will obfuscate things further so
they can not be tracked down (at least easily enough to be worth the
time and expense). Or probably both.

blocking doesn't work. Too many legitimate people get blocked.
Challenge systems won't work either, what newsletter is going to attempt
to respond to challenges when the subscriber list is 100's of thousands
of people. Also, as soon as a spammer gets blocked (by enough ISPs or
whoever is doing the blocking), they just move to another address and
continue on.

filtering, although not perfect is the best solution (as of today).
Bayesian filtering currently has the best chance to stop spam. It
doesn't matter where the spam comes from, the filter recognizes it as
spam and deals with it. Spammers continue because there are enough
stupid people who respond to make it worth the time and expense to spam.
If the filter removes it so you don't see it, you don't respond. If
no one responds spammers will stop. (Boy is that wishful thinking.)

Ken

Personally I think a good mix of all three is necessary to facilitate an truly effective solution.
Individually, no solution will work.

Light regulation from the trade department(FTC) is necessary to invoke international responsibility and give
ARIN revoke "powers". Attack the disease.

Filtering to catch SPAM and log offending sources. Treat the disease.

Blocking on all levels to control rogue spammers and compromised servers. Kill the disease.

If you think about it, it's just like the telemarketing no-call list. I don't think it will truly work, but I
believe that it's a step in the right direction.

-Dan

FWIW, I think the real issue here is the amount of bandwidth that these
idiots suck down from the 'net. Bayesian filtering, RBLs, and regulation
are all a part of the solution to handling spam in our inboxes (and quite
effective I might add) but none of these address the overall loss of
bandwidth that is experienced.

On my servers I utilize a number of solutions:

1) Realtime Blackhole Lists -- Lists such as ORDB, OsirusSoft, Spamhaus,
Spamcop, and others are fairly effective in blackholing sites that are open
relays or are well known as being friendly to spammers. This probably
blocks 50% to 60% of all spam from getting through.

2) Spam Assassin -- This system is absolutely awesome. Nearly everything
that the RBL blocks do not catch is caught by SA. It amazes me just how
efficient this system is at catching spam. Using its algorithms, SA will
score the e-mails for the likelihood they are spam. I can set the
mailserver to reject e-mails altogether based on this score.

3) Bayesian Filtering -- Another effective solution, even at the server
level. The downside is that it requires spam and good e-mails be fed to it
so it can build up algorithms for catching spam. Some server ops make this
available to their users to feed but I do not -- the first time some user
feeds an e-mail to the system that originated in his boss' office.... :)
Bayesian filtering does a bang-up job though -- I've managed to knock out a
bunch of spam by using this system. I use this in line with Spam Assassin
to augment the scores SA assigns the e-mails.

4) Tarpitting -- When a server hits me repeatedly with bad addresses and
what appears to be a mass mailing, they end up being blocked.

5) Direct AV solution -- TO knock out the occasional contaminated e-mail, I
run an integrated AV solution in the server. This solution blows away
e-mail based contaminants such as Klez, SoBig, Melissa, and others. I am
pleased to say that since implementing this solution (based on the Kaspersky
definitions and engine) I have had absolutely zero e-mail based contaminants
make it through -- not a one.

These solutions alone knock out a good 95% of all spam right at the server
level. I have SA so finely tuned that I could drop the default bounce score
to 5 and not miss a single good e-mail. I have to admit, these systems are
pretty amazing at how well they can detect spam -- some smart AI.

Of course, end-users can't really utilize all of this for their e-mail
client. Bayesian filtering is available and that will do wonders, but short
of setting up a mailserver locally they're kinda sunk on this level of
protection (although, they COULD set one up and have it automagically pop
the e-mail for them). Needless to say though, my clients do not experience
much spam related issues on their networks. :)

James