Slashdot Mirror

We use Brightmail on our campus and our users love it with its very low false positive and pretty accurate flagging of SPAM. Another campus uses DSPAM and some people are up in arms at the prospect of losing their Brightmail to switch to DSPAM. Personally, DSPAM isn't nearly as good and has flagged many legitamate messages and sent them to the Junk folder.

I also echo a gripe of other posters. Its nice to have a video but 500MB video file it a bit much. A 50KB pie chart or bar graph would have been nice.

It offers a bunch of other stuff (including a Brightmail Anti-Spam filter ) but recently included 2GB mail storage! For only about $40 per Year.

It has some search capabilities, and you can organize your folders, but I don't know how it compares to Gmail.

I have it so I don't ever have to tell all my friends or change my stationary if/when I change my ISP.

I just don't get that much mail!

There are already spam packages that do this, at least the collaborative part. Vipul's Razor (which is under the Artistic license) at the personal level and Brightmail (which is closed and not free) at the enterprise/ISP level, off the top of my head.

best practices? Several of these ISPs use BrightMail... never mentioned it in the article though. I can attest to the fact that BrightMail has reduced my level of spam to such a low level I think people are lying when they say they still get spam!

If he wants to buy something off the shelf, tell him to get Brightmail. Along with other things like having real people actually look around the clock at mail hitting some obscene number of spamtraps they have, they use spamassassin or something like it. You can plug your own DNSBL's into it too. Not as cheap as a DIY job with SA unless they're hiring someone full-time (or even an intern part-time) to deal with spam. It starts looking pretty cost-effective at that point.

Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale.

Spam is coming from zombied hosts these days, computational charges will be distributed to the point that they are useless. Monetary charges will destroy mailing lists like the numerous developer lists I subscribe to.

I believe there is a way to stop spam without any government intervention. We can make it so that spamming only costs the spammer money. I believe the widespread use of encryption would eliminate spam completely.

For the sake of argument consider that everyone does use encryption with all of their email messages. Now, instead of worrying about where the email came from, all people like Brightmail and Spamcop have to worry about is who the email came from. Receive spam and report it for blacklisting. Send spam, have your public key blacklisted. Get blacklisted and anyone who decides to trust their list filters your message straight to the trash.

In this scenario, if you receive an unsigned message, it is probably spam. Anyone respectable will sign, and everyone in your address book can be filtered to the 'good' inbox whether they sign or not. Unsigned spam won't be read. Spammers, knowing this, are going to be left trying to generate disposable keys. A small charge by the folks who certify the keys would then force them to reuse their keys, because generating the hundreds of thousands of keys needed to give each message a signature with a disposable key would be far too expensive for them. The speed at which we could blacklist keys in combination with the per key charge would reach a point where the 'economics of scale' no longer apply. Spam would disappear because it would no longer be profitable. Locating the spammer for prosecution would be easier too, since we could trace the payment for the keys.

And of course, this all would have the added benefit of keeping all of our private email guarded by a warm fuzzy blanket of strong encryption.

Would anyone here like to tear down my theory? If so, please avoid the obvious. The obvious being that not everybody uses encryption, Joe Sixpack could never figure out encryption, etc. Those are usability problems. What I would like to know is if I am overlooking a problem with the solution itself.

http://www.brightmail.com/spamstats.html#spam_perc entages

I hardly think so. Most administrators of larger mail servers have realized that blacklists are not the way to do spam blocking. Even blacklisting networks is becoming a chore leading to hassles for administrators or, in extreme cases, lawsuits (already /.'d today).

More complex spam abatement filters, such as Brightmail, use complex algorithms to scan incoming e-mail content and identify it as spam. In some cases it's as simple as checking the md5sum of the body of the e-mail. Fortunately, whitelisting, such as TMDA, is becoming more prevelant. If it weren't for spam filtering methods such as these, I'd be getting those hundreds of daily spams in my inbox instead of them going straight to /dev/null.

Known as the naturalistic fallacy, the problem of deriving norms from nature is very old indeed. It has to do with the impossibility of translating 'is' language (how things are) into 'ought' language (how things ought to be).

BrightMail, too. My ISP uses it - it traps about 70% of my spam. The great thing is that it has no false positives, so it just shunts every spam it identifies off to a separate mailbox which you need never bother with - you don't spend time or bandwith downloading it. (A few times a year I take a look at the stuff it's recently trapped just to check, but there's never been a single valid mail.)

You can see our mail stats here.

You just described BrightMail's approach, though they anticipated you by about 3.5 years and went and got a patent for your Step 3.

I'm not very tech-savvy, though I admire those who are. I hate spam, and used to get lots of it. Here's my fixes.

My ISP makes Brightmail spam filtering available to all users at no cost... if they opt in to it. All Brightmail's catches are held in a spam folder until you get round to reviewing and deleting them. It takes a couple of clicks to wipe out a dozen spams.

Anything that gets through Brightmail then is filtered through the Spamcop mail forwarding service I've set up - my ISP allows me multiple email ID's, so I don't download or read the "public" one any more. Anything that's blocked by Spamcop is ipso facto more insidious than the Brightmail harvest, so I happily punish the "clever" spammers by reporting them to their ISPs, web hosts, etc. With Spamcop's "quick reporting" option, it only takes a couple of clicks to report dozens of spammers.

Not much gets through both. If it does, I delete it. The problem's become almost invisible to me.

(I'd still kinda like my own Bayesian filter, though...)

A much better solution is one implemented by your ISP. For example, mine uses Brightmail, which screens out about 90% of my email before it gets near me (and not a single false positive). I suspect that ISP-level solution will become progressively more important as spam levels increase.

Of course, client-level screening will still work well as a supplement to ISP-level services.

I personally use both Razor and Spamassain, and between them I get very little left over spam, and no false positives.

Hotmail just started using Brightmail, hence the drop in spam. It's nothing to do with blocklists or Verio.

I'm fairly certain that the core technologies that this service uses were patented in 1997 by Bright Light Solutions, who later became BrightMail.

Here's a snippet from their patent:

1. A system for controlling delivery of unsolicited electronic mail, comprising:

a communications network;

a plurality of user terminals coupled to said communications network, each of said plurality of user terminals having a unique e-mail address, wherein each of said plurality of user terminals comprises a filtering application for receiving incoming electronic mail messages addressed to said unique e-mail address of said user terminal and filtering said incoming electronic mail messages based upon stored filtering data; and

a control center, comprising

a distributor for generating a probe address and transmitting said probe address to at least one site on said communications network, wherein said probe address is different from each of said unique email addresses of each of said plurality of user terminals,

a processor for receiving electronic mail messages addressed to said probe address, and for extracting source data from said received electronic mail messages, and

a database update signal generator coupled to said processor for generating and transmitting a database update signal incorporating said extracted source data;

wherein each of said plurality of user terminals receives said database update signal from said control center, updates said stored filtering data in response to said database update signal, and filters electronic mail messages received by said user terminal in accordance with said updated filtering data.

2. A system according to claim 1, wherein said user terminals filter electronic mail messages sent from other of said user terminals in accordance with said updated filtering data.

3. A system according to claim 1, wherein said probe address is transmitted to sites on said communications network that provide address information for senders of unsolicited electronic mail messages.

4. A system for controlling delivery of unsolicited electronic mail, comprising:

a communications network;

a plurality of user terminals, wherein each of said plurality of user terminals has a unique e-mail address;

a server coupled to said communications network and each of said plurality of user terminals, wherein said server comprises a filtering application for receiving incoming electronic mail messages addressed to said unique e-mail address of each of said plurality of user terminals and filtering said incoming electronic mail messages based upon stored filtering data; and

a control center, comprising

a distributor for generating a probe address and transmitting said probe address to at least one site on said communications network, wherein said probe address is different from each of said unique email addresses of each of said plurality of user terminals,

a processor for receiving electronic mail messages addressed to said probe address, and for extracting source data from said received electronic mail messages, and

a database update signal generator coupled to said processor for generating and transmitting a database update signal incorporating said extracted source data;

wherein said server receives said database update signal from said control center, updates said stored filtering data in response to said database update signal, and filters electronic mail messages addressed to each of said plurality of user terminals in accordance with said updated filtering data.

5. A system according to claim 4, wherein said filtering application updates said filtering data in response to said database update signal by adding said extracted source data to said filtering data stored in said server.

6. A system according to claim 4, wherein said server also filters electronic mail messages sent from each of said plurality of user terminals.

7. A system according to claim 4, wherein said probe address is transmitted to sites on said communications network that provide address information for senders of unsolicited electronic mail messages.

Yahoo and CNet, I mean.

Cloudmark
Brightmail

It doesn't work with Outlook Express 6 so I'm in no position to test it :(

Given What Happened To The Censorware Project (censorware.org), I don't think submitting it to Slashdot as an article is even worth the e-mail.

I'll post it here just for reader enjoyment. I think it's better than many of the stories which WERE posted!

______

Spam "protection" - a modest proposal

by Seth Finkelstein
April 1 2002

The problem of Spam, i.e. junk e-mail, has been plaguing the net for years. This article makes a modest proposal for spam "protection", in terms of a novel economic analysis leading to the benefit of all concerned.

In economic terms, let's consider why there's profit in spamming (sending large numbers of unsolicited emails). This is due to the "cost-shifting" nature of the spam process. It takes very little effort to send a large number of e-mails. But e-mail is not free (as in beer). In effect, the spammer shifts the expense of the advertising campaign, from the seller, onto ISPs and users:

1. The ISP must pay (in resources) to distribute the spammer's ads
2. The user must pay (in time) to delete the spammer's ads

But what does this sorting organization do? Its only task is to try to identify spam from real mail. That is, it is paid to try to identify mail sent from spammers. However, since it is in an adversary relationship to the spammers, the spam-gangs have every reason to try to avoid such identification.

There have been some proposals to facilitate identification of spam by legally requiring labels. But that involves government and law. In fact, it's compelled speech! Instead, since the free market is the solution to all problems, the only proper course of action is to provide spammers with an economic incentive to identify themselves. After all, spam identification is the exact product being sold by third parties, so why pay a middle-man? If one is going to pay, for maximum market efficiency, why not pay the source?

In this scheme, the user pays a mailbox "protection fee" to an umbrella group, let's call it the "Spamafia". In return for this "protection", the "Spamafia" provides the user with a simple mailbox checking system which can be run over mail messages. Because this system works in a manner akin to passing items over a net barrier, it might be termed a "racket". So, the "racket" tests each piece of mail. Those mail messages which originate from members of the Spamafia each contain a certification token. In the process of testing the mail, this token is sent back to the Spamafia, and so redeemed to the individual spammer for a small fee, say a penny or so. In return, the user is given assurance that this message is certified as spam, and so can be automatically deleted without fear of losing legitimate mail. In essence, the spammer is given an incentive to also obtain a small amount of money from each smart user by being straightforward, rather than only trying to obtain a larger amount of money by fooling just a few suckers (and annoying everyone else).

The beauty of the system is that everyone has an incentive to participate. The spammers get more money, as the spams can generate income now from both the suckers, and the nonsuckers paying mailbox protection fees. There's no reason to evade spam-detection, in fact the opposite. The more people signed up to the protection racket, the more certification tokens are redeemed. The smart users get to have a workable mailbox, rather than one filled with junk. And they have the "peace of mind" that the mail being deleted is not important. It's the magic of the market at work.

Unfortunately we're not free and can't be everywhere.

That's not as big an "unfortunately" as you might think it is. The bigger "unfortunately" is that the Brightmail website does not give enough information up front to decide if this product/service is suitable enough to be worth contacting the company about.

• It doesn't explain how the Brightmail server interacts with other mail servers and customer domains.
• It doesn't explain how Brightmail works with variant email addresses.
• It doesn't give any information whatsoever about pricing.
• It doesn't explain how it deals with issues of customer privacy and confidentiality.
• It doesn't explain what security audits have been done on the server software itself.

Brightmail has such a commercial service. They have "sensors" out on the net at large, which are used to identify spam in realtime. Once they've id'd a spam message, they roll it out to filtering relays at the customers site, they do this as often as every 5 minutes. It's extremely effective from what I hear. It's also extremely expensive-I checked into it for my company and it was something like $20k/year IIRC. Way too rich for my blood. Probably works well for folks like Apple and IBM, who can afford to drop that kind of cash.

What would be interesting is if an opensource/community project took on the same approach; seems like it could be done, the basic idea is fairly simple really.

Check out Brightmail.

Brightmail provides advanced message management solutions that enable ISPs, ASPs, wireless service providers, Internet portals and enterprises to protect the integrity, efficiency, security and usability of their email systems. Through Mailwall(TM) protection, the Brightmail Solution Suite pairs server-based filtering and around-the-clock support and analysis to prevent email-borne threats.

The problem with public versions of spam filters, is that spammers have access to the data too, and can tailor spam to pass much more quickly than you can tailor the filters to stop them.

But it's clear that technical solutions alone have a limited effect. Filtering solutions may stop up to 95 percent of the spam, but that doesn't keep it from clobbering those who can't install a filtering system, whether due to lack of ability or lack or resources.

The technical community has been guilty of terrible arrogance in this area. Spam is both a technical and a social problem. If you don't address both causes, you'll never get anywhere. Of course, lots of policy folks don't know squat about technology, and their short-sightedness is just as much of a problem. ("When all you have is a hammer, everything looks like a nail.")

--Tom Geller, Suespammers.org Founder and Administrator

P.S. Full disclosure: Brightmail is a P.R. client of mine, and I wrote the press release referenced above :). I see systems like Brightmail's as important and worthwhile tools, but not the complete answer.

Those of us who signed up a while ago can keep using their filtering (for now, I guess); others have to pay. Actually, they're kicking Earthlink users off the free service, because Earthlink has a paid subscription.

Brightmail works really well, but when I asked about the subscription service, it didn't seem appropriate for small sites. The subscription price is reasonable if spread across a few thousand users, but not for a few dozen; there were also pretty strong limitations on which platforms were supported.

Needless to say, we aren't friends.

Despammed is the best solution I've found. It's filter is better than Brightmail's.

Try using the Spam Calculator on Brightmail's website. It uses several different variables in calulating the cost to all Internet users, and it assumes an annual cost of $255 million. You also have the option of entering your own values for the variables and calculating the annual cost based on those values.

I have been very fortunate in having had the chance of living in several different countries. So far I can say that, based on experience, privacy is better safeguarded in European countries.

I think the two countries where I lived and where privacy was part of the national agenda were Leichtenstein and Switzerland. I have become very disillusioned with the state of affairs in the US when it comes to this fundamental right. The Americans could learn a lot from the Swiss.

As for privacy on-line, we must all be proactive in protecting it. Some things I routinely do:

• Install JunkBuster and keep your blocking files up to date.
• Use bogus information whenever you are asked to register to a site (the guys from the nyt.com must be wondering why so many Salvadoreans read the Film section on Fridays)
• If you're purchasing something, and have the option to do it on-line or over the phone, go over the phone. Check if the call desk uses a different entry system than the web-based system. If so, chances are better that your payment infos are a bit more protected.
• Sign up with someone like BrightMail to filter all unwanted spam. It's free and it *works*
• In the real world: Refuse to give your social security number or other identifying information unless it's clearly stated by the person asking what they'll use it for. My HMO wanted the infos; I sent them to hell. I still got my medical care.
• If you have the stomach for it, get a or make a good fake ID. There are several titles from the Paladin Press that can guide you on that one. Make sure that you use this for non-official business only.

I think that, bottom line, being street smart about your wanderings on- and off-line is the best protection for your privacy. Don't disclose any information that isn't compulsory.

Cheers!

Well I post to usenet all the time and I use my real e-mail address. I get maybe five spams a day or so. However, I have also signed up to a free spam filtering service at Brightmail. I recommend everyone else do the same. Their filters don't catch everything, but its free and it helps.

JOhn

While spoofing mail at the TCP/IP layer has become trivial, catching the actual spammers is near to impossible. Brightmail has come up with one of the best solutions I've seen so far. They claim 80%+ spam filtering.

I believe in hitting the spammers where it hurts. I got one the other day where someone was trying to sell me land in some other country and wanted me to fax my bank particulars so they could get me a 'good' deal on the land. That guy got black faxes all day long. Doesn't take long to run a fax out of toner :)

Penguins don't always have to play nice. The Linux Pimp

Penguins don't always have to play nice. The Linux Pimp

Penguins don't always have to play nice. The Linux Pimp

I'm of two minds about MAPS. On one hand, the service they provide to the community is valuable. On the other hand, I've had first-hand experience with why some people have said that MAPS is starting to abuse it's position. They aren't always the most understanding about situations which will take time to resolve.

That being said, the idea behind MAPS is a Good Thing (tm), and in my mind, they are far less abusive of their position than ORBS is.

Another good way of handling spam is Brightmail. They have a wonderful system for filtering spam out of POP3 accounts. I've been working with Brightmail on various levels for about four months now and have yet to see them mark a "real" message as spam. Single user Brightmail acounts are free, by the way.

-------

All opinions stated are my personal opinions.

Ok this may seem a little extreme but how much spam do you actually get?

Lemme tell you.

On my Hotmail account, I get 8-10 pieces of spam per day, 2-3 of which aren't filtered out by their anti-spam agents. Their anti-spam system sends spam to a "bulk mail" folder.

On my Earthlink account, I was averaging 12-15 pieces of spam per day before they started using the Brightmail spam filtering. Now, it's 3-5 per week (I quit going to the brightmail site to check the spam count).

The other four accounts I have get maybe 5-7 pieces a week total. I have no idea if any of my web presence providers use anti-spam tools.

It is your problem and your problem alone to deal with.

Quite right. Which is why I was going to dump Earthlink until they added the anti-spam tools.

I should not have to take a stand just because a group of people who don't check their email once every 6 monts complain about getting email.

The reason Earthlink and others have added anti-spam tools, and why things like the RBL are popular, is because their customers requested it. If you like spam, that's great -- sign up with a provider that doesn't filter, or that allows you (like both Earthlink and Hotmail do) to turn off their anti-spam filters.

Email is not just for personal communication and more of an informational delivery system which actually sees more traffic I would wager from mailinglists and other forms of batch oriented traffic.

E-mail may be just another delivery system to you, but to me, it's how I communicate with friends, family, and my customers. Yes, I subscribe to a couple of mailing lists that send me about 150 messages a day. But there's no forged headers, the message clearly states who it's from, and I can easily create rules that allow me to send these messages to their appropriate folders in my mail client.

I don't mind commercial e-mail -- I get a few messages each week from vendors whose products I've purchased, and I appreciate hearing from them. But unsolicited commercial e-mail is not wanted. If I (and G*d only knows why, given the crap that's being peddled by most UCE) wanted these products, I'd hunt for them on the web.

Your arguments about freedom of speech and expression are sadly misplaced. You can get all the spam you want by doing a little research on your "informational delivery system" provider. Just as you state spammers are free to express themselves by sending out their information, I'm free to use any and all tools at my disposal (including picking an e-mail provider that thinks, as I do, that spam is a blight) to ignore them.

You oughta be thrilled at things like the Colorado anti-spam legislation, after all, if spam was clearly marked, it would be even easier for individuals to make their own personal decision on how to handle UCE, without having to involve their e-mail provider. My guess is you're just a spammer yourself and hate the idea. After all, if this idea spread, everybody would make the decision to trash the stuff, and you wouldn't be able to make a buck telling all those fools that you can mail to 300 million e-mail address info about their products.

Actually, I think I've been trolled. I mean, come on, 2400baud? Sheet, reply to this with a valid e-mail addy and I'll dig around and see if I've still got a 14.4 laying around I can send you (it's external, not a winmodem, so it should work on Linux or on any box with a serial port).

Last time I looked, the "San Francisco inventor, Sunil Paul" was also chairman and co-founder of Brightmail, which has been executing on patent 6,052,709 for quite some time. Brightmail also hosted Spam Summit 2000 in Washington, DC last May.

I think that privatized solutions, especially services offered by Brightmail, Inc., are a much better alternative to government-imposed regulation.

A rather clearer-than-usual version of "I don't know jack about this, but here's my opinion anyway". I'd rather pay attention to informed analysis, which doesn't support your position.
/.

Discriminating against "commercial" speech will be unconstitutional. Spam about Zeus: OK. Spam for a book about Zeus: illegal? Spam is nasty horrible stuff, but can you persuade the Supreme Court that spam is yelling "fire" in a theater? Inciting imminent riots? Obscene with no artistic, scientific, or political value? That's the hurdle. Better to focus on feasible solutions. However...

Better tech is the only realistic solution to spam, but this type of bill could hypothetically make some anti-spam technology less effective or even illegal. Already there are some emerging solutions to catch bulk email as bulk mail (compared to "mail from a bad address" blocking or "mail with the wrong words" filtering) and catch it at the ISP level. What happens if a RPN organization complains that 1. their spam is legal and 2. their spam has more protection than commercial speech? If content is what matters, does RPN spam, which is somehow less evil than comm. spam, get more protection against ISP level filtering?

This law only gets the really stupid and naive spammers, who generally don't spam very much and more than once. They pay someone to run their ad (with a real phone # and address); they get a thousand nasty calls; they give up and go back to their classified ads or whatever they were doing before. The person they hired to do the computer work is long gone. Sure, ignorance & no excuse and all that, but you've only stopped 0.01 percent of the spam. The satisfaction of watching them pay will last about as long as it takes you to get back to your inbox.

Real spammers hide their tracks, hijack resources, change mail-drops frequently, use offshore credit card processing, and if they're really into it move everything out of the country. And if they're in the U.S., they're probably already violating the law. Why would they care about new laws? Laws already violated include:

• Anti-theft (they use stolen credit cards to pay for their one-time-use ISP accounts).
  
• Contract law (they probably signed and/or agreed online to not spam at that ISP).
  
• Identity fraud (unauthorized use of a domain name, damage to reputation. See the flowers.com case).
  
• Anti-theft again (resources stolen from the hijacked domain name. flowers.com again).
  
• Anti-spam law (California has an ADV: law already. That's more than 1/8th of U.S. email addresses. Has anyone seen more "ADV:"'s? If spammers cared, more would be used).
  

We really, really don't want legislators fiddling with internet standards right now, no more than I'd want my (wonderful person but can't program a VCR) grandmother to insist on "helping" me in fixing the innards of my computer. Good intentions don't cause competence, and with legislators good intentions can be bought with a few donations and a sob story. Let them think that they helped with spam, and next thing you know they'll want to help with other things. library filters. ipv6. dsl vs cable modems. things they don't understand but by gosh a new law should fix everything. Call them in if the technology fails. It hasn't.

Hmm, just a while ago a slashdot article about spam reminded me of looking at my own situation. I receive a lot of spam, mainly due to the fact that I once signed many guestbooks (those were the times when I thought you could leave your uncoded e-mail address around without receiving thousands of spam mails) and this made me take a look round the net for some methods against this (I was already using a procmail filter to cut out possible spam).

Anyways, so I came across brightmail. It is, indeed, pretty damn good. It's basically a POP-filter that acts as a proxy between you and your POP server and filters out SPAM. The spam mails are kept for 30 days and can be retrieved through some HTTPS interface. Now, I haven't received any spam in the past three days (it's already filtered out numerous messages). And I'm happy :). You might wanna try it.

Note: no, I don't work for Brightmail or have any kind of relation to them other than using their service.

See Brightmail, I think it is fairly close to what you are talking about. Unfortunately it is a proprietary, for-profit system. Not sure if they have patents. There is an overview of the system design. I believe the software is written in Perl!

See Brightmail, I think it is fairly close to what you are talking about. Unfortunately it is a proprietary, for-profit system. Not sure if they have patents. There is an overview of the system design. I believe the software is written in Perl!

If you have a POP account, try using Bright Mail. Go to www.BrightMail.com and check it out. If you don't have a POP account, try to convince your ISP/company to buy the site-wide version.