Reportedly, he said this at the World Economic Forum (Davos).
Filters could be used to sift real mail from spam but would not be the “magic solution” as spammers used random words in subject headers and replaced text with pictures to go undetected.“Human challenges”, forcing the sender to solve a puzzle or the computer sending the email to do a simple computation, would be easy for a machine sending a few emails, but expensive and difficult when dealing with lots of spam.
The ultimate solution would be to make senders of email pay a fee if their mail was rejected as spam.
If (c) were the default, then spammers would have to choose between sending plain text (easily filtered) or HTML (automatically stopped by the default in the most popular email program, if Bill were to adopt my suggestion).
I'm not convinced that we need to re-configure Internet email protocos (SMTP). I'd like to see what could be accomplished just by fixing Bill's email program.
And if Bill really wants to get clever, he can figure out a way to protect Outlook users' address books from being scarfed up and used by virus programs. I don't know anything about the structure of Outlook--and I don't use the program because its virus-friendliness galls me--but it seems to me that safeguarding the address book should not be rocket science.
Arnold,
I appreciate the spirit of the no-HTML e-mail suggestion you've been espousing for awhile. However, I know that trying to combat spam on the client side is already a lost battle. Even if I had a perfect filter, it would now take me 30 minutes to download my e-mail from my mail server on the LAN each morning if I did not have extensive server-side filtering of incoming mail.
The server-side SPAM problem falls into 3 categories I have identified. These come from the "Received" header in each e-mail.
(1) E-mail spoofed to look like it came from my server's IP Address. It's really a lousy spoof, but I haven't yet figured out how to configure sendmail to reject these. Here's an example:
Received: from 216.135.204.2 ([220.122.139.215]) by bosco.componentx.com
Note that my server's address is the name the spammer identifies his server with, although the actual address is known by sendmail. Spammers are pretty slick and a ton of them use this trick. So they must know that sendmail doesn't filter this out of the box or in an obvious way.
Category (2): Spammer domains, no forged headers. As I receive e-mail from these, they go into my sendmail access file as REJECTS. I recently made the process of updating this file database driven -- it's gotten pretty large. One thing I notice is that there are some very sophisticated spammers who buy and cycle through a collection of closely related domain names. As I block one, I start to get mail on the next in a series. A couple nasty ones are certiquote.com (and related) and optin***.***. I think you could combat these kinds of game players by making the registrars liable if they don't unregister a domain/customer if a party can prove that they have used, let's say 5 or more domains to send 10,000+ unsolicited messages. Or perhaps the registrars might take it upon themselves in terms of service. Right now, the registrars are making a good deal of money on these block registrations.
Category (3) is free-lancers or trojans running on computers hooked up to DSL and cable. Many of these are easy to block because the ISP inserts "cable" or "dsl" or some other clear identifier in a subdomain. So if you get stung once by "blah-blah.cable.myfastisp.com" you can just block "cable.myfastisp.com" and still get legitimate e-mail from the customers of myfastisp that use myfastisp's legitimate e-mail server. One ISP that does not do this is Roadrunner. On top of that, the spammers who use Roadrunner will complain that your server is sending spam if your server rejects their spam! I've had a few e-mail discussions with Roadrunner and so have many others. At any rate, the cable and DSL providers need to (a) make it easier to block mail from servers on their users computers and (b) start sniffing packets and behavior and automatically disable a connection once it sends, say 1000 e-mails via the SMTP protocol. They need to police their users, and they need to come down hard on them. Fine them, kick them out, and stick it on the user's credit report.
I do not trust anyone who has a magic bullet for spam, because they don't. At any given time, we need about 20 bullets in play. We need to maintain the flexibility that e-mail has if there is a low incidence of spam. On the supply side of the spam game, we need to start treating these people like gross poluters, because that's what they are. Maybe we could legalize the mafia if they would quietly handle these scum for us.
-Brad
Posted by Brad Hutchings on January 26, 2004 03:21 AM | Permalink to CommentFrom Bill Gates on Spam
As someone who is required to use outlook for work-related activites, I can tell you that the suggestion that ceasing to read HTML would lead to a reduction to spam is akin to the suggestion that if we flapped our arms hard enough we could fly: the implication is correct in a formal logic sense, but not useful due to the impossibility of the premise. Outlook is so dedicated to the idea of "rich content" (to the extent that there is a specific option to prevent it from using Word as an editor)---and by association the use of the IE engine as a viewer and all of the risks that implies--- that to remove such facilites would leave nothing left.
I personally would find telnetting directly to the apropriate ports and issuing the SMTP and POP3 commands by hand to be a superior mail experience.
Posted by Matthew Ernest on January 25, 2004 11:30 PM | Permalink to Comment