Perish the thought.

After the way it buggered up my system a couple of years back, I would be happy never to see it again. My system was playing up bigstyle and hayne tracked down the culprit for me and, once uninstalled, no further problems.

Yeah, but with dismal effectiveness. :( With a concerted effort, it should be feasible to put at least half of the top 52 out of business within a year.

Maybe, but it shouldn't be possible to send an email without verifying its source. Fix that major flaw and you'll eliminate more than half the junk email. Of course, getting rid of Windows and therefore Windows bots, would finish the job.

What would be the best way to go about that, cwt?

(Let’s please skip the second point of your post, which is valid enough but discussed at length before.)

By dealing with spam as it's being sent instead of when it is received.

For starters, all email should have encryption, if only to protect headers from being sniffed. Second, every ISP could require that all outgoing mail going through their servers is verified as coming from an account belonging to a valid user. This should be done not merely using passwords, but also by handshaking with their systems using previously verified* addresses for that user's system. It would be easy to do when a user logs in through their cable/dsl modem, and sending mail through your account from another location/ISP should require you to log into your ISP separately before sending mail.

Next, accounts consistently sending large numbers of messages could be flagged for further action.

*Edit: Account log in and email log in should be different passwords.

To deter spammers, I have found sneakemail quite effective.

As regards catching spammers, here's an interesting project.

At the risk of drawing the venomous comments of all the Mac fans out there, I strongly disagree. You're kidding yourself if you think that Windows is to blame for SPAM! If all Windows users switched to the Mac, then all the spammers would also be Mac users, and they would recompile their bots to run on the Mac. Getting rid of Windows would set the spammers back a day or two at best, but then they would be back in full force. If you want to be a fan of all things Apple, be my guest, but try not to make too many ridiculous assertions!

Sure, you can run a mail bot on your own Mac, but the key to spamming is running mail bots on many unsuspecting users' computers. Only Windows lets spammers do that easily. Not Mac, not Linux. Not any other OS.

I agree that it is a little harder to sneak stuff in on a Mac, but it is not impossible. Most users freely provide their password when installing software, without first checking to see if their is any spyware. Mac users are particularly guilty of this because they are lulled into the false confidence of having no viruses and hardly any spyware in the wild. The first time somebody decides to write a spambot for the Mac and piggy back it on some Kazaa-ish installation (remember the Windows spyware associated with that one), the average Mac user will be in trouble.

A little harder? If it were only a little harder, it would have been done by now.

Have you forgotten how small of a segment Mac users really are? I for one am thankful that we are still a small segment, because we represent a small target. Windows is a large and easy (according to you) target. Remove that target, and hackers and malware writers would find a way to target another platform (ie. Mac OS X or Linux).

You obviously missed the Month of Apple Bugs earlier this year. If you read up on those, you might not feel so arrogantly superior to Windows, as there were some significant vulnerabilities exposed - vulnerabilities that took Apple a while to patch up.

The Mac platform is not impenetrable and there are numerous exploits that continue to be discovered and patched. We just happen to be fortunate that our minority status in the computing community affords us some obscurity, otherwise unsavory individuals might have targetted us more aggressively long ago.

Not at all. I know that far smaller targets such as Linux on iPod have been targeted. With just a thousand or so users, Linux on iPod has fewer total users than Macs sold in a single day.

The month of Apple bugs was a big disappointment. What was supposed to be a list of exploits or serious vulnerabilities turned out to be primarily a list of bugs in third party applications, most of which couldn't be exploited, even theoretically. Those that could be exploited required very specific circumstances in order to work, which basically meant that there would be no way to propagate.

As I said, the Mac doesn't need to be impenetrable. It only needs to keep the bar for degree of difficulty high enough to make attempts to exploit it unprofitable.

.
Please, let’s not turn this thread into a Mac/Windows discussion. (See my post above.) There are plenty of other threads that are eminently suitable for that.
Or start a new one, if you wish.

Well, to clarify one thing, no one ever specifically released all the zero day exploits for OS X. Everyone was kept in the dark because the people doing it wanted to avoid any and all legal action from Apple. Overall, they actually improved OS X's security. Also, OS X is not bullet proof. Simply modifying the $PATH and having basic commands run scripts can be done if the user does not take the necessary steps to secure their network.

Now take into account the human factor, see my previous post about users installing their own access points on private networks and not securing them, or people using ridiculous passwords that a dictionary attack just blows through all your log ins.

The reasons I bring this up, is because when you add in the human factor you throw all security out the window. This is not exclusive to any OS. So, now what happens when your personal network gets exploited by someone third party outside your house and they use your personal network to do bad things. Steal personal information, use your internet connection for DOS or spamming, and this doesn't even matter what platform you use because it was set up the wrong way to begin with. I mean how many people use secure passwords, with high levels of proper encryption and take the necessary steps to make it so hacking into their network would be a task instead of something you do in a matter of minutes?

How would you even know if a digital intruder has even been on your network? I for one every once in a while check my routers log to see how many clients connect via wifi. There should only be so many. My 2 laptops, my nintendo Wii, and my neighbor who I have given access. So a grand total of 4 MAC addresses should have shown up on my network. Well I noticed some rogue entries and my neighbor was giving his little brother access to my wifi network. Which in all honesty is not a problem because I have been friends with my neighbor for over 15 years or something like that. However, I changed my WPA passkey right afterwards because I don't want it being given out. Call me paranoid, but whatever.

Exactly why it's so important that spam be dealt with at the source. Home users are not going to take the steps necessary to secure their personal networks, now or in the future, so it's up to ISPs to secure their networks. If you break into my network, that's my fault, but if you use my network to send spam, that's my ISP's fault.

Encrypting email (e.g. with PGP or GPG) would not hide the headers. Are you thinking of the Mixmaster system? If so, that wouldn't really go with the authentication system you were considering...

Or did you just mean encrypting the email traffic, like the TLS Gmail uses? That's definitely a good idea.

I meant the email traffic, although Mixmaster seems to offer that too.

Basically, I would like to see implemented the most important thing I learned in a Film 101 class back in college. That is that any system created by humans is completely under human control at the outset. Email is no different. If it doesn't work the way we would like, and when 90% of it is junk, I think we can conlude that it doesn't, we need to recognize that it's because of how we made it. The spam problem isn't an act of God. It's a result of human stupidity.

I am not sure how much encryption would affect email traffic, and well with out IP headers it would be impossible to track things down unless everything carried a certificate.

I don't disagree with any of it, but also don't know if that is the proper solution. Also, email is only one of the many digital crimes out there people are committing. I for one had someone from Africa try to scam me on a dog once. I emailed a person who was a "supposed" breeder in my local news paper, and they ended up being a scam artist from Nigeria. I have a thread about it here on this website. I knew it was a scam right when they said the part about shipping the dog from Africa. However, as far as I could tell in the beginning this was a legit breeder that was advertising in my local newspaper.

Really there is no way to stop hackers/spammers/scammers from doing this, but there could be a deterrent of stricter laws and punishment. All methods of security can be bypassed with humans involved, TPMs are always hacked, encryption can be broken by dictionary and brute force attacks, no OS is bullet proof, etc. Which is why I would like to see a technology division in law enforcement but at the same time I want privacy. So, really I am not sure exactly how I feel about it at this point in time.

Email may only be one part of internet crime, but it is a big part, including scams not necessarily related to spam, such as the breeder scam you mentioned.

I don't think any one thing will be a cure-all, but it's pretty clear that the current way of doing things is as close to the worst case as you can get, with 90% of all email being spam.

Just as with the Mac and viruses, it isn't necessary to make the email system 100% impenetrable. To get real benefits, it is only necessary to make it difficult enough to beat the system that a 12 year old can't do it with little effort.

I agree with this 100%. Which is why you see "script kiddies" exploiting windows boxes. However, I read a funny article the other day that was about how Microsoft was trying to move away from allowing applications to access their kernel via the kernel hooks. Huge software companies like Symantec and Mcafee were kind of pissed about it, because it means they would have to work harder to make a better application (oh no!:eek:). So, really MS is trying to make that adjustment. But when you have several 800lb gorillas like Symantec and Mcafee making it harder to migrate to a set of security APIs over direct kernel access it can make things difficult. I mean symantec is probably larger than Microsoft and their Enterprise solutions are pretty much everywhere. Don't even look at their consumer stuff (which sucks anyways) because their corporate level solutions are actually pretty good (PC anywhere VPN software and Ghost come to mind). So, MS doesn't want to make their OS non compatible with these security softwares put out by these large corporations. It would really tick off the Enterprise level IT people, and of course the Enterprise users.

http://www.heise-security.co.uk/news/79542

However, back to the main topic at hand. Do you think if someone were just to steal internet access from a person in the suburbs and use it to spam/scam that they would ever get caught? It would be pretty hard and it would involve investigation. Also, where is the line between protection and piece of mind and privacy? Where do you draw the line on this? Also, what if they implemented a plan to charge for e-mail? I mean this is something that has been tossed around for a long time. If spammers were charged per a message sent, they would probably stop spamming. However, I am totally against that as well, I think e-mail should always remain 100% free.