Slashdot Mirror
SpamNet: Razor for the Masses
UCRowerG writes "From CNET News on Yahoo!: "Conceived by Napster co-founder Jordan Ritter and open-source developer Vipul Ved Prakash, the company is touting the benefits of democracy, networking and collaboration in the war against unscrupulous e-mail marketers." " Since Prakesh is
responsible for Razor, hopefully there will be Linux support as well, but
once again I gotta throw my props at Spamassassin which catches over a hundred
spam for me each day.
Spam is the only mail I get...makes me feel part of something greater than I.
And the first thing the story about the spam-battling startup does is to load some popup advertising.
Wonderful.
...which catches over a hundred spam for me each day.
Is the plural of "spam" really "spam"?
Think of all the Bandwidth wasted on spam. (Downloading, and sending.) Before my cable provider charges me for spending too much time on the net because I'm using their precious data lines, I think they should get rid of those spammers.
Rather than a client side tool like SpamNet, I'd like to see something that sits along side mail servers.
Stop the spam before it gets sent!
Go here for teh [sic] funny.
http://www.cloudmark.com/
... because the guy who posted this obviously couldn't be bothered....
what if they got into the system and overloaded it while still small so as to promote their own links and to discredit the project? Just a wild thought, not that they would ever be that organized.
I am thinking of the recent Google ranking wars, for example.
for most folks using it, it would be enough to put them off their feed if the spammers polluted the data pool early and strongly enough. Presuming that the average user was not an expert user.
I see this as part of a larger problem of people pushing competing viewpoints on the web.
Alledged nasty group "A" against alledged heroic group "B" - gets messy when things like politics and religion get involved.
"It is a greater offense to steal men's labor, than their clothes"
My e-mail is currently hosted at SpamCop, who do a pretty good job of filtering out spam before it even reaches my mailbox. They shunt spam into a seperate folder using the excellent SpamCop blacklist, and can also optionally use additional blacklists including SPEWS, Osirusoft, ORDB, Spamhaus, Monkeys.com, etc. etc.
Combine that with POP3, IMAP, and web access, and also the ability to suck mail out of existing POP3 accounts and I think it's excellent value.
No, they're not paying me to say all that, I'm just an extremely happy customer. :)
No, I long ago suggested spam licenses where we get to go out and give each spammer a bright orange flow in the dark permanent eartag, complete with animal tracking collar. Then we can heard them up and stampede them over a cliff or something.
"It is a greater offense to steal men's labor, than their clothes"
This would be a welcome feature addition for Evolution.
The signatures are used to determine how "close" the email that your are testing is in content to known spam. The source code of this hashing algorithm is publically available.
If this network ever became a real problem for spammers, they will simply use word substitution algorithms or any other number of simple methods to change the email until the nilsimsa's signatures are not close enough to flag the email as spam.
This was the problem with Vipul's razor version 1.0, which was discussed on slashdot, and this remains the problem in Vipul's razor 2.0
Its way more complicated than that. Just read the "whats new" page for a good summary:
http://razor.sourceforge.net/docs/whatsnew.html
I'm frankly quite happy to see Razor come to fruition.
I had exactly the same idea for how to do this (with distributed signature databases) in '93 when I started a well known ISP. The plan was to offer spam-killing as a second-tier service to offer our customers, but alas: at the time, it was considered by management (read: VC) more profitable to allow open spam relays to our subscribers than it was to try to get subscribers to pay for a service like this, so the implementation details went nowhere.
Excellent to see it come to light in the form of working code, OSS style.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
It's a war!
Everything is a war!
War on Poverty!
War on Drugs!
War on Terrorism!
War on Spam!
TO ARMS! TO ARMS!
WAR DRAWS NIGH!
Steve's Computer Service, Hobbs, NM
I've run both Spamassassin and Spambouncer. For the curious, I prefer Spamassassin, and here's why.
I was very impressed with Spambouncer. It was the first spam-heuristic system that I'd used (previously, I'd relied solely on MAPS, ORBS, ORDB, RBL, etc.), and I was very impressed. I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.) That worked very well, and I was happy with Spamassassin. The odd piece of spam would get through, and I still had 1:100 legitimate messages get put in my spam folder. But it made my life much simpler.
Then I tried Spamassassin. The big reason was because I wanted to take part in Razor and know that I was a part of a collaborative process. Also, Spambouncer hadn't been updated in months, which struck me as odd. But I also just wanted to try something different. I found that Spamassassin was better. Not in a way that made Spambouncer look bad, it was just clear that Spamassassin was a superior product. For example, Spamassassin provides a complete scoring in the headers, so you know exactly what criteria caused the message to be block. And I never had to set up a whitelist -- it just works. I still get that tiny little bit of spam that gets through, no more or less than with Spambouncer, but that's really not a complaint. It's very, very rare that a legitimate piece of mail gets caught up in the system. Best of all, the nonexistent addresses on my system that spammers have somehow discovered (big@waldo.net, aldo@waldo.net) can be forwarded via my aliases table to Spamassassin's (Or is it Razor's? I forget.) server to be automatically added to their honeypot collection.
I'll stick with Spamassassin, I think. It appears to be the most mature, stable, simple, straightforward spam filtering product available today. For those looking to set up server-side spam filtering, I highly recommend it.
-Waldo Jaquith
This is unsolicited bulk/commercial/junk email, it is not Spam and these are not Spamer's, Spamer is a proper surname, my surname.
k in =lycos&type=residential&pagesize=10&name=Spamer&lo cation=Hull&initial1=&initial2=
Now experience has told some will not believe this and think it's a troll so 1) check my posting history, I don't troll and 2) here is my entry in the UK online phone directory.
http://ukphonebook.lycos.co.uk/servlet/Search?s
Yes, my name really is Martin SPAMER;
Yes, it really p!$$ me off when people abuse my name;
Yes, it does cause me no end of grief;
Yes, I've heard all the wise cracks before;
No, I don't find them funny.
No, I refuse to be bullied into using an alias, how would you feel if I equated your name with thieving scumbags.
So if you wish to get on my bright side, do not use the term Spam or its derivatives use the term(s) unsolicited [ commercial | bulk | junk ] email.
thank you.
Martin Spamer
score RAZOR_CHECK 5.0
I've also got the other "network tests" enables (blacklists), but I assign them low scores since they have a lot of false positives.
Using spamassassin with razor and the blacklists really works. My spam file has 836 spams automatically filtered between March 1 to today, June 19. Of those 836 messages, 511 have the RAZOR_CHECK string in the "X-Spam-Status" line that spamassassin adds to the header.
Not too bad, considering Razor uses a rigid message digest that fails if the spammer adds any "random" content to the messages. Saddly, it seems like that's becoming more common. Rumor has it that Razor is someday going to use "fuzzy" matches with one of two algorithms that somehow accomplish such a feat. Anyone know when/if this is supposed to happen??
PJRC: Electronic Projects, 8051 Microcontroller Tools
I don't believe that computing cycles are the contention point here. The difference is in who is paying for the bandwidth. Consider these two hypothetical cases:
A. Not worrying about razor
The spammer loads up their spam program and gives it a dump file of five hundred thousand email addresses. It takes these, and using its knowledge of spam friendly networks, sends one copy of the spam to 500 different relay servers. Each server receives an identical e-mail with 1000 different bccs. The e-mail body is only 20k, adding the 1000 addresses gives you another 20k or so, so the spammer spends 20 megs in bandwith (20k+20k * 500 mails sent)
B. Worrying about razor
The spammer loads up their spam program and gives it a dump file of five hundred thousand email addresses. It takes these, and the message to be spammed, and sends a slightly modified message to each group of we'll say 10 addresses. This way, if one of the messages gets razor'ed, they only lose 9 possible reads. The spamware sends out 100 emails to each of the 500 spam friendly servers. The e-mail body is only 20k, and the 10 addresses only add 1k or less, so the total message is only 21k now, but it is sent out 100*500 times. The spammer has spent over 1 gig in bandwith now.
That doesn't come cheap.
All I wanted was a rock to wind a piece of string around, and I ended up with the biggest ball of twine in Minnesota
There is another option. If you get your email from a POP3 mail server (chances are that you do, unless you use web-based email), try the Spam Tamer Proxy.
1. It will let all the spam through, but it will eliminate pictures, pop-up windows, web bugs, and other garbage. That makes the spam easier on you and your bandwidth.
2. It will never block legitimate mail. Pictures sent as attachments make it through. (Friends and family send pictures as attachments, but spammers never do.)
3. It doesn't confuse people who send you legitmate email.
So, it's not the same as a spam blocker, but if conventional filtering isn't the right choice for you, I suggest you give it a try.
Only the client of Razor is OSS. The author has explicitily stated that the server will not be released under an Open Source license. This is exactly why I'm implementing Pyzor, which is a razor-like system but where both the client and server are released openly under the GPL.
In short, the spammers are advertising... to themselves!
- Have a picture
I use Spamcop to filter my incomming mail at the MTA level, and I've been exceedingly happy with it. Apart from one or two that 'slip through', the only spam I receive nowdays comes through MTAs I have no control over.
Quick brief on how it works. There are two portions:
- Reporting tool, that allows you to forward spam to SpamCop for analysis. This will pick apart the headers and body, find out where the spam originated from (even if it's gone through legitimate relays and aliasing systems, such as mailing lists), and will send complaints to the relevant owners of the IP block owners, MTAs and web sites. It does a VERY good job of figuring out who's responsible.
- Blocking tool that uses a RBL-style blocking list, which lists IP addresses of spam originators. If enough spam gets reported within 24 hours, the IP sending the spam gets added to the list. You can use this to block addresses where spam has originated from so you dont even receive the spam. People get their IP addresses unblocked only if spam stops being sent from that IP.
The system is very good. It relies on you and others reporting spam to SpamCop in a very workable collaberative effort.
http://spamcop.net/
The single best thing all of us who know how to run traceroute and whois can do is LART THE ISPS THAT HOST SPAMMERS!
I've been forwarding every spam I get that come from a Verio hosted site, or spamvertises a site hosted on Verio to Verio and their parent company, NTT. I'm using bitch-list.net to do so, since they have a bazillion email addresses for Verio. I make sure the email has the spam attached, and since Verio has claimed the cannot read attachments (***cough***BULLSHIT****cough***) I also paste the mail headers into the message, along with a WHOIS and traceroute showing it to be a Verio customer. When they complain, I tell them "MY message isn't spam - your customer contacted me, so a prior business relationship exists. You want it stopped, stop the spammer."
I won't say it is working, but if 10% of everybody who got these spams did as I do, then Verio's help desks would be so clogged that they couldn't HELP but see the damage on the bottom line.
www.eFax.com are spammers
Pyzor works in a very similar way to Razor, but the client and server are open sourced. The Razor *server* is not open sourced.
http://pyzor.sourceforge.net/
Oh, BTW, Spamassasin *uses* Razor.
Government of the people, by corporate executives, for corporate profits.
Seems to work 100%. It sends mail back to any unknown sender to confirm that they really wanted to send me email. Of course spammers never confirm.
http://a-s-k.sf.net/