Slashdot Mirror

Either you don't give out your address, meaning that you cannot make wide use of it, or you get too much spam.

Or you install dspam, and never have to worry about it again. I haven't seen a single spam in my Inbox IN OVER 3 YEARS now, nor have any of the users I host mail for.

Thousands of spam messages are blocked or quarantined every day, and I never see them, unless I decide to check the quarantine (which is web-based). I put graymilter in front of that, and the incoming malware connections on port 25 dropped significantly.

I have no problem sticking my public email addresses out anywhere, because I simply don't get spam anymore. Problem solved.

No problem... let them snoop. Now I'll just be twiddling the "Encrypt and sign all outgoing email" box on my MUA, and finally start using GPG full-time for all of my incoming and outgoing email, instead of with just my friends and close colleagues.

There are plugins for Evolution, pine, mutt, Thunderbird and just about every other Mail User Agent you can find out there.

Another great benefit, is that I can automatically block/quarantine/delete any and all email that does not contain a gpg-signed component (i.e. 99.999% of all email out there, mostly spam). dspam does an amazing job, but being able to just reject it at the MTA level would be great.

And for those that wish to converse with me, please make sure to use my GPG key to do so (also available here with detailed instructions).

"This is a risk management practice, and you need to decide where you want to put your risk. Would you rather risk getting spam with lower risk of losing/delaying messages you actually wanted to get, or would you rather risk losing/delaying legitimate messages with lower risk of spam? You can't have both, no matter how loudly you scream."

Yes you can, its called dspam, and it works beautifully.

I, and none of my users, have seen an single spam email in over 3 years. I added graymilter and Project Zen from Spamhaus very recently, and its helped even more.

Sure, there are false positives that get caught and quarantined, but dspam has a nice webui that let's me retrain them and forward them on to my mailbox. The users have the same web interface and can manage their own false-positives in the same way. They can set it to catch more, or catch less with a few clicks in the interface. Some of my users love HTML email from online stores, and some do not. Everyone can tweak and train the heuristics for their own mail, however they wish.

I have no problem now making any of my email addresses visible on the Internet, on forums, wikis, mailing lists or webpages, because I simply do not get spam, so its not a problem anymore.

Bah, blacklists are for wimps :-)

What you want to do is use it as training data for your bayesian filter, so your filter not only blacklists the email address, it learns more of the spammer's armoury. And as you *know* it's going to be spam, you can run it through half a dozen times marked as spam.

So, spammers, suck on this: yumyum@easyweb.co.uk.

It's just we've all been sitting "behind the wall" to see true increases. When the amount of mail that makes it past the filters doubles, total traffic may have increased 10 times or more.

I use dspam and haven't seen a single spam hit my Inbox in at least 3 years now. Not a SINGLE spam , and while a few false positives get trapped in the quarantine (JCPenny coupon emails for our daughter's photographs there or other vendor-specific offers), those are easy to retrain so any more go straight to the Inbox instead. My users love the interface and lack of spam, and I love not being involved in manually whitelisting every week.

I just recently added Graymilter in front of that, and now we see even less.. You can see the results to judge for yourself.

Not only do we no longer receive ANY spam in our Inboxes, but we also gain a huge amount of bandwidth and cpu cycles back because we're not accepting, processing and quarantining mail we are going to reject anyway.

I have no problem sharing and posting my email address in public, on mailing lists or anywhere else now because frankly... we've solved the spam problem.

The whole system works great, and I don't have to "reinvent the mail system of the Internet" to do it. Only those who can't properly configure their tools would suggest such an idea.

My home spam filter does not seem to be affected much. I run dspam which has a feature in that over time it will forget words if they are not used in spam. Since the text is usually different or random, it does not have any significant effect on generating false positives. In the years I have been running dspam with tens of thousands of emails, I have only gotten 3-4 false positives.

By having a baysian filter forget over time, it also helps shrink down the database and helps it adapt as the contents of spam change over time.

Of course I also use other spam blocking techniques, like using realtime black lists (RBLs) and blocking a number of Chinese subnets... I should add tpnet.pl and Verizon as well.

Spam vendors and open source vendors make lots of whacko claims.

[...] extremely low false positive rate, with less than one in one million messages being a false positive.

A few years ago, Bayesian classification seemed a promising way to filter spam.

[...] best recorded levels of accuracy have included 99.991% by one avid user (2 errors in 22,786) and 99.987% by the author (1 error in 7000), which is ten times more accurate than a human being!

That translates to better than 99.984% accuracy, which is over ten times more accurate than human accuracy

In the game of cat and mouse between spammers and anti-spam vendors, spammers and hackers quickly developed new techniques to "fool" the Bayesian filtering software.


File these under UFO sightings.

I personaly prefer to use Reactive Autonomous Blackhole List (RABL) in combination with DSPAM.

Setting up RABL is easy as 1-2-3 (with the help of this Gentoo ebuild).

Some other people I trust more then SpamCop have as well installed RABL and we do exchange the data from our blocking list.

SpamCop is all okay but I like to have DNSBL data from sources I know that I can trust them. And I like to have IP's blocked from those dummies sending spam over here in europe. SpamCop has not enought data about those spammers. Only america and asia is well covered, but european spam is still not much found in SpamCop.

I personaly prefer to use Reactive Autonomous Blackhole List (RABL) in combination with DSPAM.

Setting up RABL is easy as 1-2-3 (with the help of this Gentoo ebuild).

Some other people I trust more then SpamCop have as well installed RABL and we do exchange the data from our blocking list.

SpamCop is all okay but I like to have DNSBL data from sources I know that I can trust them. And I like to have IP's blocked from those dummies sending spam over here in europe. SpamCop has not enought data about those spammers. Only america and asia is well covered, but european spam is still not much found in SpamCop.

I did some googling and found some stuff, jogs my memory:

http://www.nuclearelephant.com/papers/t30.html

The section that says Display indicates that you need special glx and dri modules, which might be what I was thinking of. I do remember that it was a bear to figure out exactly what needed to be done. After I followed the instructions exactly, it says you should see "YES" in the direct rendering report. I saw "NO". For a week I saw "NO".

Getting that No turned into a Yes was extremely painful, and since it randomly turned back into a No I haven't bothered to get it working again. You really don't need much video speed to run xterm, vi, make, and g++.

The problem is that even if Motorola puts all those great features in their phones, US carriers are going to force them to disable most of them to make their money. I still remember Verizon's crippled V710, and think that trend is likely to continue. Of course, you could import a phone, but then you forgo the subsidized pricing.

The solution to all of this, is dspam, of course.

We were previously running SpamAssassin for about 4 years with 13 RBLs and blackholes.us, and we were at 90% accuracy or so, and still seeing 10-20 spams slip through per-day.

I gave dspam a test, and after 3 days, we were already up to 95% accuracy, with ZERO spams slipping through.

Today, about 3 years later, we're now at 99.726% overall accuracy, again, with ZERO spams slipping through to any user's mailbox. For false-positives, the users can go to the web interface, check the "legit" emails getting incorrectly marked as spam, and have those sent to their mailbox, retrained as HAM. After a user receives 'n' number of messages from a specific address, they're auto-whitelisted.

dspam blows away anything I've ever used, ever. We're not seeing a single spam in any user's mailbox in 3 years, and we're at about 85% incoming spam per-day with 1 RBL.

I'm very aware of the ROKR, as much as I've tried to expunge it from my memory, however I don't think even Apple would have dared call that abortion of a device an "iPod Phone." (Mostly because they were the ones responsible for ruining it.)

Being an engineer at Motorola must be really hard. There are several times over the past few years when they have gotten so very close to making a great product, only to have marketing weasels from some other company pull the rug out from under them, and cripple the device so much, it becomes useless and widely ridiculed.

The first example I'm thinking of was the Verizon v710 phone -- Motorola even went and advertised it, on their own, in order to generate sales when it was released through Verizon. But the Verizon scumbags crippled it so badly, half the features Motorola advertised never worked. (If I sound bitter it's only because I stuck with Verizon for about a year longer than I otherwise would've, waiting for that phone to come out -- after I found out it was crippled, I beat feet to TMobile and haven't looked back.)

But, man, it must have really sucked to be on the v710 or ROKR design teams.

1. unlimited in network calling
2. network coverage
3. Ringtones, Picture Transfer, (partial) Bluetooth easily enabled.

So the crippled Java is a drawback still, but hopefully this answers you.

I've been using express network once in awhile over bluetooth for over a year now.
The thing that kind of bugs me with this new service they offer is that it's $60 a month. I really appreciate having the connection available when needed, but I use it only once every few months at most. No way I'm going to fork over $60 for this. Wondering if they will now clamp down on my occasional usage.
more info
http://howardforums.com/ is a very active cellular forum
http://www.nuclearelephant.com/papers/v710.html has lots of specific info on v710 and e815

I scoff at Bill Gates' "efforts" to reduce spam. What has he done precisely?

Probably just deferred the responsibility to one of his underlings. Aside from that, he talks about crazy methods such as deciding how much money the sender has to pay you before you open the e-mail.

Gates has plenty of articles which detail how much he hates spam. Anyone can sit down and write this, but Gates gets the high exposure interviews with the Wall Street Journal and the AP.

Gates is all talk. If you want to read some articles from some very interesting people, check out A Plan for Spam by Paul Graham. It talks about simple ways to write Bayesian spam filters and does a very good job at describing how they work. Another valuable member of the anti-spam community is Jonathon Zdziarski who has written many books about how to actually get rid of spam. You can also read the Slashdot interview with him.

the day I started using Dspam ( http://www.nuclearelephant.com/projects/dspam/ )

A. v3.2 is the first to include a Windows build supplement
I downloaded version 3.6.0, but there seems to be nada :) support for Visual C. No win32 directory to be found. However on the download page, in the unsupported section, there was also DSPAM v. 3.2.8, which indeed does contain the Windows stuff.

from the FAQ (http://dspam.nuclearelephant.com/faq.shtml#1.15)

Q. Does it work with Windows?
A. v3.2 is the first to include a Windows build supplement, which includes the necessary Visual C++ project files and portage to compile the agent and tools under Windows. Check out the win32/ directory in the source tree for more information. Win32 support is still unofficial, but seems to work well. Of course getting it compiled is one thing, getting it integrated is another. It's probably best to build it under Cygwin using the general distribution.

... in many countries already. And soon (I hope) it may be in the US. We're working with a few congressmen who asked us to help with a bill that's been drawn up.

A mobile phone company is arguing that companies that unlock their handsets violate the DMCA

So I gues that makes thos of us who hack mobile phones terrorists or something?

I would think that if you follow this logic, Verizon crippling their handsets so that customers can't access their own copyrighted works (pictures they've taken and messages they've received) without paying $0.25 is also a terrorist. I can live with that.

A mobile phone company is arguing that companies that unlock their handsets violate the DMCA

So I gues that makes thos of us who hack mobile phones terrorists or something?

I would think that if you follow this logic, Verizon crippling their handsets so that customers can't access their own copyrighted works (pictures they've taken and messages they've received) without paying $0.25 is also a terrorist. I can live with that.

A mobile phone company is arguing that companies that unlock their handsets violate the DMCA

So I gues that makes thos of us who hack mobile phones terrorists or something?

I would think that if you follow this logic, Verizon crippling their handsets so that customers can't access their own copyrighted works (pictures they've taken and messages they've received) without paying $0.25 is also a terrorist. I can live with that.

I submit this as possible evidence to the contrary.

"Software registering these libraries as dependencies: (None Registered)"

Shocker!






*grin* (This post is meant in jest - I actually enjoyed the commentary very much :-)

PS: Agree 100% with almost everything he said. Smart man.

I thought the same after reading the interview. Then I checked out his site and read his essay about Christianity. I'm not trying to slam, but I was far from impressed.

I'm curious, how a thinking, logical, Christian such as yourself feels about the "intelligent design" movement?

Read his website. He's a creationist.

I Just Can't Swallow Evolution

(That section starts about 2/3 of the way through the page.)

This is arguably out of scope for this interview, but I still feel it's something many Slashdotters would be interested in hearing about.

On your webpage you have an essay describing your Christian beliefs and why you have them. You say many things that most Slashdotters (and nerds and scientist in general) regard as utterly ridiculous. You think the earth is no more than 10,000 years old, you think Christianity is logical, you regard the Bible as a historial document, etc.

No doubt you are aware of the fact that most nerds disagree with you on these things. Indeed, they might even consider you "crazy" for holding them.

Without going into the truths of the beliefs in question, which I'm sure will be debated enough in the Slashdot thread anyway (and I hope you'll join in), what do you think the reason is that so many scientists, nerds and people otherwise rather similar to you think your beliefs are obviously incorrect? Do you think they are all deluded? Do you agree that there might be a possibility that your beliefs are not rational (again, without going into whether or not they are so)?

Best regards,
an AC

From his paper:

http://www.nuclearelephant.com/papers/justifying.h tml

"This family of filters includes the now-popular Bayesian filters (pronounced "bay zee in") as well as other filters using statistical analysis to filter spam (such as Markovian classifier CRM114 and Chi-Square Bogofilter)."

That's why Bogofilter is not Bayesian.

I definitely like the second question.

Some of the previous posters mentioned the rather eccentric views (in my opinion) of the author of Ending Spam (Jonathan Zdziarski). You can sample some of these yourself by reading the essays Mr. Zdziarski has posted on his web site NuclearElephant.com.

While someone might have, in practice, unlimited amounts of money, none of us have unlimited amounts of time. So a book is always an investement in both time and, for those with more finite amounts of money, cash. With this in mind, there is the question of whether one should read a book by someone who is rather eccentric in their views. Will this eccentricity and, in my opinion, limited knowledge outside of narrow areas, also mean that the book is equally flawed?

I'm undecided. My concern is that Mr. Zdziarski's knowledge of Baysian filtering and other topics has the same kind of holes that seem to exist when he applies his intellect to other areas (like evolution of both life and the solar system). While this is a concern, it is not a foregone conclusion. The history of science and, especially, mathematics, is full of giants in their field who were also very eccentric.

Mr. Zdziarski seems to have what I would classify as a narrowly focused intellect and perhaps within these narrow confines the reader can rely on what he writes. DSPAM, the SPAM filter written my Mr. Zdziarski, seems to be a storng competitor to SpamAssassin. So on this basis, perhaps the book may be a good investment.

Indeed. As the other replier to your posts said, this does not in any way invalidate his work on spam. As long as something is testable and built on solid theory, I don't care who said it.

However, the essays on that page really are downright disturbing. Some quotes:

"The Bible is the oldest and most reproduced document in existence. Having this quality, it is the most likely to be authoritative in explaining the logical progression of how we ended up where we are."

"Christianity is Logical"

"Theorists believe that order emerged from chaos, but society is rapidly degenerating, where it should be becoming more ordered if this theory held water. With this observation, it is very difficult to support the theory that the world started in chaos. If indeed it had started in chaos, it would end in chaos. If society is degenerating as we observe, then clearly the world had to begin at the opposite end of the spectrum - order."

"The theory that the earth is billions of years old is almost a laughable concept to me"

All from this essay. I'm sure it gets even worse at the end of it, but I couldn't read the whole thing. Too depressing. How this man is capable of enough intelligent thought do create an apparently decent book on spam filtering is beyond me.

DSPAM project says human doesn't do that better. See here: http://www.nuclearelephant.com/projects/dspam/

What about coordinated colocation facility attacks?

You can hack your v710 too

http://www.nuclearelephant.com/papers/v710seem.htm l

There are some very simple ways to solve this, en-masse...

1. Set up a milter that calls HTML::Strip to strip out all HTML from email. I don't want my webpages on port 25, just like I don't want my email on port 80. Users don't know or care anyway, set it up at the MTA side and they'll get clean emails.

2. Use a real MUA, like pine, mutt or other that allows you to see the actual content of the message, not its abstracted "rendered" equivalent. I simply hit 'h' in pine, and can see the resulting link that the phisher is trying to send me to... if it doesn't match the anchor tag, it gets deleted (and forwarded to spam-$USER, see dspam below).

3. Don't run Windows. Nothing need more be said here. When the same ActiveX control is used by Exchange to "render" email into your mailbox as MSIE to "render" maliscious HTML to your browser, you should be concerned.

4. Install and configure dspam. Problem solved after only a few phish emails come through. Simply send them back to your internal spam-$USER address and you'll never see them again, including future ones that are similar. If you want to see them again, go into the web interface and send them to your mail, which will automagically re-score them lower so they get through. My users and I haven't seen a single spam get through to any of our mailboxes in MONTHS, not a single one. Beats the pants off of anything else out there that I've used.

5. Education. Teach your users that they should never respond or click URLs in email, ever, period. Show them that PayPal and eBay and other companies never ask you to log back in to verify any personal information. Show them how these systems work, and reinforce it all the time by asking them questions about it. Drill it into them.

If Verizon doesn't care about the money they get from selling ringtones, games, etc, then why do they lock out bluetooth profiles that allow users to load ringtones and games from a computer, or transfer pictures and phonebooks? I had considered Verizon until I heard about this very shady practice.

They love to talk about how they have the "largest calling area," but it's a fair assumption they are making a small mint on ringtones and games.

Symantec tried this about a year ago. Sadly, this is going to affect the businesses of security-based companies all over France.

DSPAM is what worked best for me. It is not easy to set up but definitely worth the trouble.
As of today, 99.985% spam filtering rate.

...when there are so many good Open Source and, mor important, FREE programs out there. I use DSPAM, which works like a charm. It catches my spam far better than the crap we have at work, learns on its own, and is a very powerful system. After a little while of using it, it was catching nearly all of my spam and now I get < 1 spam mail a week in my inbox of that. It's even better than than gmail's spam protection (although not by much).

And I run my own domain, my own mail server, and my own website.

...if it's this easy.

CAPTCHAS (did I even spell that right?) serve no real purpose, as they can easily be defeated by

a) cheap labor in third-world countaries
b) porn sites
c) inevitable software hack

Those are usually acceptible when we're talking about a service, such as Yahoo. But for email, it's useless because

a) it blocks legitimate automated mailings
b) it generates additional traffic
c) it requires the sender to do work, instead of the recipient
d) there's already a better way

I own the V710 and for the most part it is a good phone. I bought it knowing that BT was crippled; I figured on having the phone for the two years and within that time frame Verizon would break down and turn on OBEX (or someone hack it.)Also I like the free wap feature.

I don't know if this is old news on /. but nuclear elephant had a cash prize for anyone that hacks OBEX on V710. No one could although there are a lot of cool hacks that were posted. Especially Super Dave's.

http://www.nuclearelephant.com/papers/v710hackers. html

Being from Mass. I have to rely on Verizon as their service is the best (I haven't tried ATT/Cingular since the merge.)

I would join a suit if one came about in MA just to stick it to them and maybe get some free loot.

F Verizon.

Hey, ISPs! Download dspam!

Anyway, in response to your listed requirements for a cellphone, I wanted to let you know of these resources which have helped me quite a bit:

• cellphone feature search
• cellphone comparison

Motorola A630, MPx220, V500, V505, V551, V600, V710
Nokia 6255, 6260, 6810, 6820, 9500
Panasonic X70
Sony Ericsson Z1010, Z600

Anyway, hope this helps.

Note the date of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!

I think the point of it was to get visitors to the last link he provided... not a bad idea, and no one seems to have noticed... :)

If you're doing shared hosting and you allow your users to run CGIs-- regardless of what CGI it is-- you should have reasonable limits in place that keep child processes in check. Apache has had such directives for doing this for some time, one of them being RLimitNPROC. This directive allows you to limit the number of subprocesses that Apache will run concurrently.

You can even specify subprocess limits on a per-virtual host basis. With Apache 2, you can even limit based on directory. Using RLimitMEM is also a good idea.

Yes, MT's comment system can use some improvement. We're working on that. But these servers are getting hammered; in effect a denial-of-service style attack.

Even a "Hello, world" type script can be hit hard enough to bring down a server, assuming there are no process limits in place. Invoking a modern interpreter to execute a CGI script is no small feat. Perl, Python, Ruby, and even PHP (when run as a CGI as many shared hosting companies do for security reasons) consume enormous amounts of resources at startup regardless of the size or complexity of the script they are summoned to execute.

So, sure, code can be added to MT to recognize and adapt to a flood of comments coming in, but by the time the CGI runs, it's already chewing up CPU and memory. In my opinion, a better defense for these flood-style attacks is for Apache itself (or third-party in-memory Apache modules) to handle such situations.

mod_security, mod_dosevasive and others are excellent defensive tools for any public Apache server admin to use.

I'd love to know what others have done to configure Apache to prevent denial-of-service attacks.

If I could put DSpam on Exchange, I'd be happier than a clam. DSpam, for those who don't know it, is a great Bayesian filter.

It's been said before (I think in the context of DSpam) that humans don't have a 100% rate for spotting spam, false negatives etc. I know when I train my spam filter, I'm sometimes unsure whether to feed it some newsletters - some mailings/press releases I do actually want, but others, which are very similar in style, I now consider rubbish.

Gates might also have different opinions on what constitutes spam to some members on a human spam filtering team. He might see requests for interviews as spam while the filter people wouldn't. Not to mention after a day of reviewing messages on a screen, somebody might hit the wrong button.

I remember some people claiming certain spam engines (DSpam again?) were actually more reliable than humans. What if I do have a Nigerian friend anyway, who happens to be the daughter of a rich business man who wants to transfer funds to my bank account? ;-)

That plus a combination of blocking senders on the Spamhaus SBL and doing greylisting, which I put in place on my mail server a few months ago, has dropped my personal spam volume to about one every week (out of about 600 a day that try to get through.) Most spams are stopped by the SBL and the greylisting, which is great because very little bandwidth is wasted. Greylisting blocks a lot of viruses too (ClamAV takes care of the rest.)

Needless to say, I won't be installing any HashCash systems on my mail server any time soon. For the moment, until spammers get a lot more sophisticated, they're pretty much stopped dead in their tracks by a combination of existing, widely-deployed technologies.

Apparently Verizon crippled its first Bluetooth phone (Motorola v710). See here:

http://www.nuclearelephant.com/papers/v710.html

The shady thing is that not all of Verizon's customer service agents are above board with this. When you call them and ask has Bluetooth been disabled and does it fully work, they say "no," which is technically true (there is minimal support for a headset, which "fully" works), but the customer gets a rude surprise when they order the phone and they cannot do a simple address book synch.

Apparently these carriers want to make more money selling you software to sync your address or make you pay for ringtones instead of using your MP3s--you know, things that Bluetooth was designed to help you do.

There is no doubt I will not buy the 650 if they cripple its Bluetooth on Verizon/Sprint or any other network (which is sad as Verizon seems to have the best coverage in the NY area). Although the techies will know, you have to think that the carriers basically can work in an oligopoly like manner and not care and just "coincidentally" all adopt a similar stance. Heck, I'm wishing for too much in them getting their act together on this issue when we still are generations behind Europe and Japan and can't get a simple flat-rate plan like we can for land-lines. The entire thing seems to run like the used-car industry.

October 1, 2004 3.2 Release Candidate 1
October 8, 2004 3.2 Release Candidate 2
October 14, 2004 Devel Frozen - Critical Changes only
October 15, 2004 3.2 Preview Release 1
October 20, 2004 Devel Absolutely Frozen. Release to packagers.
October 22, 2004 3.2-STABLE Official Release

I don't understand all this cry about spam. I've been using bogofilter almost since day one and today, if I see one spam a month I'm surprised.

Meanwhile, my spam folder is autocleaned via cron job from messages older than five days. Sometimes it accumulates 1500 messages (yes, that's 1500 spams in five days)[1].

But I had to ignore some guidelines to achieve these results. I didn't teach bogofilter from dead corpus, I just installed it over empty database and taught it live. Also spam cutoff is set to 50 instead of the default 90 (?). I do have occasional false positives (much rarer than false negatives) this way, but I like it anyway.

The best testament to all this is the unmasking of my address on /.

And there are better filters than bogofilter.

Robert

PS I work exclusivelly on Linux, but viruses are annoying anyway, so I installed Clam AV, hence viruses don't increase my spam count.

That "test" was far from being either good or scientific. Critique here: http://www.nuclearelephant.com/papers/cormack.html

And if you're going to rebut the critique, please use actual data and not just something like "he must be biased".