Domain: spamwolf.com
Stories and comments across the archive that link to spamwolf.com.
Comments · 25
-
Another estimate
Here's another estimate
Probably should double those numbers since the page is over a year old.
-- this is not a .sig -
Please send me prior art
I'm collecting prior-art for this.
If anyone has anything they think is relevant, please email a copy to prior-art@spamwolf.com
The relevant stuff (what I consider relevant) is being posted at http://www.spamwolf.com/patents/
The best candidate so far (IMO) is this post to news.admin.net-abuse.usenet on 1996-11-17.
I'd really like something prior to 1996-08-26 though.
I'm looking for anything prior to 1997-08-26 that;
compares the sender's address to a list of accepted senders; (friends list)
-and-
sends a challenge if the sender's address is not contained in the list
-and-
the challenge is designed to be answered by a person and not a machine.
-- this is not a .sig -
Re:Do any work?
Do any spam filters work (as in NOT throwing out legit mails) other than ourselves?
All filters have a false positive rate, even us.
There are a number of approaches that have proven extremely reliable - i.e. 0 detectable false positives.
Human secretaries for example.
Another low false positive approach is DCC with a trusted network. The idea here is that only email which exactly matches email sent to a known spamtrap is marked as spam.
Spam assassin can be tuned to require a higher "spammyness" count. This means you can trade higher number of false negatives for a lower number of false positives.
Whitelisting and challenging rather than discarding also reduce false positives.
-- this is not a .sig -
Re:False Positive
Basically the same approach is used by spamwolf
Challenging suspected spam is a lot better than just deleting it, but it's still not perfect.
You can run afowl of important mass mailings.
For example, when Network Solutions sends out domain name renewal notices,
they frequently include enough crap that it looks like spam, and they don't have a valid return address.
Most people want to see the message anyway.
On the other hand, your spam filter doesn't need to be perfect, it just needs to be better than you.
-- this is not a .sig -
Re:better than legislation
... I don't think any one tool will succeed in eliminating spam.
From a spammer's point of view, if my income depends on messages making it through filters, by damn I will bypass those filters by whatever means I can.
There are many different kinds of spammers.
A professional spammer is going to get past almost anything you can dream up.
But an amateur spammer can be stopped by simple techniques.
Anything that raises the difficulty of spamming makes it less likely that an amateur spammer will turn pro.
If spamming is limited to the serious professional, then the problem will at least stop growing.
Spamwolf now in beta! -
Re:Misleading
He isn't fighting spam, he is filtering it. There is a difference. Filtering still costs in bandwidth. Fighting it would eliminate the source and free up the gigabytes of bandwidth lost for this marketing purpose.
Filtering is fine for now, but ultimately it must be fought and defeated.
I assume by "it" you mean that spam must be fought and defeated, not filtering.
The real cost of spam isn't bandwidth, it's our time.
see- http://spamwolf.com/spaminfo.html#whatcost -
Re:This approach is very easy to defeat
Here's how: the spam should be written as a 'multipart/alternative' with an html version of the spam as the primary alternate. The text version contains an innocuous message intended to pass the statistical spam filter. The spam message is entirely contained as an
/image/ within the html. The text of the spam becomes invisible to the reader but not to the poor schmuck who gets the email.
I'm guessing here that the inclusion of a single image tag in the html is unlikely to trigger the spam filter, and supplying a wealth of evidence that the email is 'not' spam in the unseen alternate text will let the letter through.
What you describe might beat a particular implementation, but I don't think it defeats the approach.
Just adjust the content filter to check the part of the message that your email client actually displays.
If your client doesn't display the innocuous part,
then the innocuous part won't be part of the filtering process either.
A nastier hack would be to tack the "innocuous" message (or several innocuous messages) to the end of the spam.
This too can be corrected for, but the approach would need to be improved to consider how humans read things, which is non-trivial.
Stop Spam Now, Ask Me How -
Re:This is not news ...
(* Currently in 2 weeks of use: 1351 good, 650 spam, 6 false positives, and 21 missed spams. *)
Did you have to read all 650 spams to find the false positives?
That is the problem; either you check everything anyhow, or are in constant paranoia of losing something important.
Well, you could combine a content filter with a challenge system, and challenge anything you thought was spam.
That's what Spamwolf does.
-- Stop Spam Now, Ask Me How -
Re:on really fixing email
Can someone please present a way to overhaul the email system so that it works the way it was intended?
I think the email system is already working the way it was intended.
Near instant delivery at near zero cost.
What you probably want is a system that overhauls email so that it works the way you want.
I.e. you only get email that is of interest to you.
Although there are several things that improve on the current situation, (Spam Wolf,
Spam Assassin, Vipul's Razor...)
IMO, the only long term solution is digitally signed email to identify friends,
and a large fee for unknowns.
The fee could be real cash, or hash-cash, or a donation to charity,
or held in escrow, but the principle is the same -
make it cost a lot to send email to people you don't know.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:on really fixing email
Can someone please present a way to overhaul the email system so that it works the way it was intended?
I think the email system is already working the way it was intended.
Near instant delivery at near zero cost.
What you probably want is a system that overhauls email so that it works the way you want.
I.e. you only get email that is of interest to you.
Although there are several things that improve on the current situation, (Spam Wolf,
Spam Assassin, Vipul's Razor...)
IMO, the only long term solution is digitally signed email to identify friends,
and a large fee for unknowns.
The fee could be real cash, or hash-cash, or a donation to charity,
or held in escrow, but the principle is the same -
make it cost a lot to send email to people you don't know.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Good, but not good enough
Doesn't matter how much of our bandwidth SPAM is stealing. Its stealing our bandwidth and what we pay for. Even if its only a nickel.
Try re-reading my post again. Spam isn't what costs,
the less than a nickel cost is dealing with people who complain about spam.
Making spam illegal would dramatically raise the price ISPs pay for dealing with spam.
That price would be passed on to the consumer, and we'd all pay for it in the end.
Would you vote for a law that stopped spam, but raised your taxes $12 a year?
What about $35?
How about $100?
What if it didn't work very well, but still raised your taxes?
Spam Wolf, the best spam blocking vaporware yet!
-
Re:Good, but not good enough30%? Spam doesn't even consume 1% of "our" bandwidth. The average person receives less than 50K bytes of spam a day. Even with a 33K baud dialup line, it takes less 15 seconds to download. Assuming that ISP oversells it's bandwidth 50 to 1, that's still only 0.02%
The major cost of dealing with spam for an ISP isn't bandwidth, it's dealing with people who complain about it. Even so, it probably adds less than a nickel a month to your bill.
The bandwidth killers for email are viruses, then mailing lists. Spam actually comes after normal email in terms of bandwidth usage.
While I'm not opposed to legislation in principle, I'm opposed to your proposal for the following reasons;- It does not specify what the penalties for violating the law would be.
- It does not mention who would be responsible for making the determination that the policy had been violated.
- It's not possible to determine the size of an email with 99% accuracy unless you don't count the headers.
- It's a lot more complex than it needs to be.
- It doesn't prevent spam from individuals. Companies could therefore hire individuals to spam you.
I could list more reasons, but I'm only willing to feed trolls so much in one sitting.
Spam Wolf, the best spam blocking vaporware yet! - It does not specify what the penalties for violating the law would be.
-
How many?I though this was funny, probably misquoted:
And speaking of computing power, even a fast machine today can process about 2 billion instructions per second, but a human brain has 2 to the 14th power neurons and 2 to the 16th power connections between them, all of which can be active at the same time
Maybe he meant 2 * 10^14, which would at least only be 3 orders of magnitude off.
A much closer approximation is 100,000,000,000 neurons, and 5,000 times that many connections.
(For more on the number of neurons in the brain, see R.W. Williams and K. Herrup, Ann. Review Neuroscience, 11:423-453, 1988)
If a single neuron could perform the equivilant of an instruction, then human brains would only be 100-1000 times more powerful than a modern desktop computer, probably less when you consider that they're more like a beowolf cluster than a single powerful computer.
-- Spam Wolf, the best spam blocking vaporware yet! -
Why have Microsoft do it?
Microsoft says it can't be done? Ok, then hire a competent firm of programmers. Give them the source to windows, a time limit (say, six months from receiving a version of the source that compiles to windows) and $5,000,000. If they can't do it, then Microsoft only has to pay the $5,000,000 in penalties. If they can, then Microsoft has to ship the version they come up with in those nine states.
-- Spam Wolf, the best spam blocking vaporware yet!
-
Re:Yet another dumb idea that doesn't hold up.
Don't give up on the idea completely. Maybe you can't copyright your DNA, but your finger prints aren't determined completely by DNA. If they were, identical twins would have identical finger prints. You may have to list your mother as a collaborator on the effort, but I think they qualify as a creative expression of an idea.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Apples and Oranges
Very pricey to produce but has 4-5 times the efficiency of copper at 1/5th the weight of aluminum.
Copper is a better conductor of heat than aluminium. 'nuff said.
The article states the foam is 4-5 times better than copper, and 3 1/2 times better than aluminum at conducting heat.
Yet another worthless piece of reporting. I think I'll wait until science news covers this story.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:The problem is...
Hashcash is a specific type of challenge/response system.
These have been tried before, and they haven't worked well.
The major problem is acceptance, not implementation.
My approach is to use challenge as a "saver" to reduce false positives. I.e. instead of just trashing email that is identified as spam, you send back a note that says "your email was identified as spam because . If you feel this was in error, please send me the answer to the following question ... (which can be found using this java app)" Even this has met with resistance in the small sample of users I've questioned about it. Most people think of email as a easy way for others to reach them. They do not want /anything/ to make it harder for people to send them email. Losing a single legitimate email is considered a disaster, and annoying a potential customer is completely unacceptable.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Tracking Spam
I get a lot of Spam and I am thinking about keeping every piece of Spam that I receive for a whole year, just to see how much I end up with.
Has anyone else does something like this?
Lots of people.
Based on my collections, you can expect around 700, just like the article predicts. (The prediction comes from the brightmail people, so it's not surprising that it's accurate.)
Despite the claims of 100-200 spams a day, most people get less than 10 a day, even old timers whose email address shows up everywhere. The average spam size is between 5K and 6K, so a years worth is going to be less than 4.5 megabytes. If you have an old address that's been heavily published, then you can expect around 10 times that amount. Just try saving spam for a week - you'll probably get enough data to convince yourself that the numbers listed in the article are resonable.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:How profitable is spam?
know its cheap, but I'm really curious to see how much spammers really profit from their ads. There has to be a certain profile for the person who really believes that they can enlarge their penis by "clicking here".
Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!
Opinions vary, but I believe that the response rate is 1-3 per 10,000.
Responses aren't sales, but if we use junk mail as a guide, there's approximately a 10%
sell through rate. That means 1-3 sales per 100,000. As a guess, most crap sold via spam
is about 90% profit and sells for about $40.00. A dedicated spammer could easily saturate the market,
which is about 150,000,000 people. That works out to about $50,000.
That's a lot of assumptions, but I believe $50,000 is within an order of magnitude of correct.
Not enough to excite me, but unfortunately more than enough to keep those assholes going.
I have a friend who works for an ISP. He claims a spammer offered to pay the ISP $10,000
a month to cover the cost of dealing with the spam complaints, if they were allowed to continue spamming.
The spammer clearly thought that spam was worth more the $10,000 a month.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:A quick run-down of what ORBZ is (i.e. was)
On March 12, 2002, I pulled all the IPs from the spam in my trollboxes.
Combined, there were 105, which is pretty typical.
I checked these 105 with the handy web page that is unfortunately no longer available (http://orbz.org/)
That web page checked inputs.orbz.org, outputs.orbz.org, relays.ordb.org,
orbs.dorkslayers.com, dev.null.dk, relays.osirusoft.com, bl.spamcop.net, and relays.visi.com.
outputs.orbz.org listed the largest number as open relays at 43.
By combining orbz.inputs, orbz.outputs, dorkslayers, dev_null and visi,
the total went up 5, to 48.
In other words, using standard block lists that only list open relays would have stopped 46% of the spam received.
Spam cop caught 65, Osirus caught 51.
Spam cop and Osirus (despite the name relays.osirusoft.com) do not just list open relays.
Combining all these together caught 82, or 78% of the spam.
Since these were troll boxes, these is no measure of how many false positives there would have been.
Pretty strong evidence that most of the spam we receive
isn't even bounced off an open relay at all, much less a Chinese relay.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Spam laws
And for those who consider spam free speech: E-mail messages cost bandwidth. An individual e-mail does not cost much, but when multiplied by the number of spams an individual may receive, and multply that by a corporation's user base, it could add up to a lot of money wasted in unnecessary bandwidth usage. It's definitely not free speech! Just ask the spammees.
If a spammer paid you a 1/10 of a cent for each spam, would that make it ok?
Didn't think so.
Spam is bad for a number of reasons, but the relative costs to the
spammer/spamee isn't one of them.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Who's fighting who?
You've got it backwards. It's spammers who threaten anti-spam sysadmins and ISPs: sometimes with frivolous lawsuits, but sometimes even with death threats. Just take a look around news.admin.net-abuse.email [google.com].
All the anti-spam ISPs do is operate mail servers that refuse mail from spammers and those who host them. That's not "threatening"; it's just perfectly reasonable stewardship of their property. If every time I let you in my store you knock my stock off the shelves and crap on my floor, I'm going to pretty soon decide you don't get to do business with me any more.
Before we force Verio to force others to close their open relays, How about some evidence that closing open relays helps stop spam.
Take a look at the spam you receive. Where's it from? Most of the spam I get is from China and Korea. How come? Thanks to the anti-spam movement, the majority of domestic ISPs have shut down open relays and implemented anti-spam policies. The spammers have to go to places where the anti-spam movement hasn't reached in order to send their spam.
One of those places, evidently, is toad.com. No anti-spam ISP is going to "threaten" John Gilmore about that. They're just going to refuse to accept mail from him.
(The volume of spam is increasing for the same reason as the volume of email is increasing: there are more people online. Cities of one million people average more murders than villages of two hundred, too. That's why murder stats are reported per unit population.)
No, I haven't got it backwards.
Just because spammers fight dirty, it doesn't mean the vigilantes don't too.
Spammers are probably a lot worse individually, but there are a lot more vigilantes.
The anti-spam people do a lot more than just block email from spammers.
The most obvious example is that they also block email from ISPs that host
web pages which spam points to. But they have their share of death threats,
frivolous lawsuits, hacking attacks, denial of service attacks, boycotts, libel,
slander, and cussedness too. You probably don't do any of these things,
but as I said, there are a lot more vigilantes than spammers.
Most of the spam I receive is emailed to me directly from address blocks
which resolve to US hosts. Less than 10% goes through a relay.
And a larger percentage of spam is "personalized" with an ID word this
year compared with last.
But don't take my word for it - after all I don't take yours.
Check your headers, see for yourself.
I don't believe that blocking open relays will reduce spam even 10%,
nor do I believe that stopping 10% of the spam in the world is
worth sacrificing a tiny bit of network connectivity.
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Book Expenses
A lot of students that I know consider software [purchases] just like a book expense. If they are taking a Flash course, they buy the software. If they are taking a design course, they buy Photoshop, both at Educational prices. Other things like Matlab or AutoCad or Pro/E are [definitely] educational purchases as well.
Yes, exactly.
When I was in college, I only bought used books, and then I sold them back.
But if I could, I'd just borrow the books from other students.
Exactly the same as what I did with the software I used.
(I never learned to spell either, but I did learn to use a spell checker.)
-- Spam Wolf, the best spam blocking vaporware yet! -
Re:Common sense! NO open relay = no block
I thought the same thing at first, but really, with caching I think it would work. I actually thought they already do this...
They do - it's call a block list or black hole list. Some people test servers and post a cache of which ones are open relays. That way you don't have to go to the trouble of performing the test yourself.
The trouble with block-lists is they also block legitimate email along with the spam. This can be very annoying to those who are found guilty by association, but most people believe the collateral damage is an acceptable price to pay. Of course, most of the people who say that don't pay the price...
The best solution for this particular problem IMO would be setting up some central email server that are properly run. I.e. tell anyone who's running an open relay that they have to switch their users to a state run email server, and shut their server off.
-- Spam Wolf - the best vaporware on the net. -
Re:Overzealous Spamguarding
No need to re-invent the wheel.
You've just described Vipul's razor
-- Spam Wolf - the best vaporware on the net.