Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Conference About Spam

Posted by timothy on from the universal-convergence dept.

zonker writes "January 17th will be the first (annual?) meeting of the Spam Conference held in Cambridge, Massachusetts. The informal meeting will feature Paul Graham, John Graham-Cumming, John "Cap'n Crunch" Draper among others (possibly including ESR though he hasn't yet confirmed). The free conference will consist of a number of talks about new ways to combat the growing spam problem, after which everyone's going out and getting some Chinese food. Should be an informative and fun meeting and a chance to meet some interesting people."

13 of 392 comments (clear)

  1. spam? by Dylan_t_p · · Score: 2, Interesting

    slashdots being over-run by spam first aol now this, sounds like a good idea though hopefuly they will find out how to at least get rid of some of the spam, which by the way is getting very bad, I registered a new hotmail account the other day and normaly when you finish creating an acount there is one message, a welcome to hotmail from msn not this time nope there was two one was the welcome the other was a porn mail.....things are getting out of hand

  2. spammers mining public keys by hey · · Score: 5, Interesting
    I was just about to update my mail address in my PGP public key which is on my website but then I released that spammers might mine mail addresses from public keys. Do they?

    MIT (who is hosting this conference) has a key server that presumably hold millions of mail addresses.

    1. Re:spammers mining public keys by carpe_noctem · · Score: 4, Interesting

      I don't know if this is actually being done, but it's a rather novel concept. I did a search for ".com", and unfortunately, I got an error saying too many results had been found. However, it would be relatively easy to write a script to pick 3 random letters/digits out of the english language, and keep submitting them. That way, you'd probably not exceed the limit for returned addys and you'd get lots of data.

      So is it hypothetically possible? Yes.
      Is there anything we can do about it that wouldn't defeat the concept of using a public-key conservatory? No, probably not.
      And finally, are most spammers intelligent enough to harvest email addys this way rather than use scripts they got hungry college students to write for them 4 years ago? Definitely not. ;)

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
    2. Re:spammers mining public keys by Anonymous Coward · · Score: 2, Interesting
      And I think that given the amount of hardware it already takes to send out millions of messages a day, they wouldn't think it was worth it to get many times more in order to do the (computationally trivial these days, but still far more so than just sending some spam) calculations to encrypt it.

      They wouldn't be encrypting the messages, they'd just look at the public key to grab an email address.

      It might be a good idea to set aside a specific account for encrypted email. Then create your public key based on this address, and delete any unencrypted mail that arrives (you'd never see any spam with this account).

    3. Re:spammers mining public keys by mijok · · Score: 2, Interesting

      I agree with you about points 2. and 3. but not 1. Because if you think about it, so many people try to post their e-mail address in a form that would make it hard for spambots to get it (eg. whatever at something dot com). That should be an even more clear sigh that "I don't give a damn about _any_ offers in my inbox!" but the spammers don't care and instead try to make the bots better so why would they take into account PGP users. And another thing is that the value of their list of e-mail addresses is based on how many of them are valid - not how many are "stupid idiots that might buy something so that spamming is still worth doing and thereby harrasing 99.9% of the recipients".

      --
      Karma. Moderation. Is my .sig good now?
  3. What does ESR know about anything? by Anonymous Coward · · Score: 5, Interesting

    This is the guy who brags on his website that he doesn't have a credit card. The same guy who helped "steer" VA Linux to the biggest dot com stock flameout in history. The same guy who runs a blog that is so right wing that his solution to plane hijackings is to arm all the passengers. The same guy who brags he has no formal training in software development. The same guy who was pretty much run off the Linux kernel developer mailing list.

    Who exactly gives a shit what this guy has to say?

    Just asking ...

  4. funny by Yusaku+Godai · · Score: 5, Interesting
    I just received one of the fakest spams I've ever seen:
    Hi Ya, I saw your post on the message boards... I hope you don't mind sharing some information with me ^_^ I'm transfering to your neck of the woods in the spring and would like a penpal. What do you think? ^_^ Care to share some info.. hehehhe..eh If you'd like more information about me you can checkout my homepage if you have time... www.geocities.com/cafecutie21 Hope to hear from ya soon! BYEE~~~ Sammi~
    It's obviously spam, what with lines like "I hope you don't mind sharing some information with me" but this time they went beyond just fake emails. Out of curiosity and boredom I clicked on the link which had a whole fake website for this girl, which ultimately linked to some online dating service. Why would companies turn to deceptive advertising? Why would anyone want to trust a company using such dirty methods.
    1. Re:funny by aiken_d · · Score: 5, Interesting

      I work in both the adult internet industry and internet dating service industry.

      Odds are, the website you clicked through to wasn't set up by whatever matchmaker service you ended up on. The matchmaker service probably has an affiliate program ("send us traffic and we'll give you 50% of all signups"), and some enterprising college kid (or adult) discovered that they could set up geocities websites that link to the matchmaker site, spam the entire world, and make a few bucks from the affiliate commissions.

      There are probably a couple of things wrong here:

      1) The matchmaker site is probably not enforcing its TOS, if they have one. There's a temptation to turn a blind eye to what affiliates do to generate traffic; if people get upset enough about a particular spammer, you can always say "Gosh! They were violating our TOS. We'll kick them off!"

      2) Geocities is pretty notorious for being slow to respond to abuse complaints.

      It's a nasty problem, and one inherent to affiliate programs. Ethical companies aggressively pursue thier TOS and make it really clear that they do before allowing affiliates to sign up ("DO NOT USE SPAM to promote our site; we will not pay you your commissions on referrals generated by spam, we will immediately terminate your account, and we will happily share your personal information with any anti-spammers who complain").

      Cheers
      -b

      --
      If I wanted a sig I would have filled in that stupid box.
  5. speaking of... by ack154 · · Score: 4, Interesting

    Does anyone know what happens to the hundreds of emails I forward to uce@ftc.gov each month? Someone mentioned to send them there, and I tried to read the stuff on the ftc site, but they just say its their "database" for spam. What does that mean? Do they actually do anything with the stuff? Not that the 20 seconds to forward with headers really kills my day. But I just want it to be useful to someone...

    And out of curiosity, what are some other people's ideas on trying to prevent it? Basically right now I just try not to have my email address anywhere online (without some sort of word in it or something along those lines). And I watch what I might sign up for and their "privacy" policies. And I don't reply to the spam I get, since usually that apparently just confirms your address and makes you more valuable.

    So any more tips?

  6. One-dimensional approach by Goonie · · Score: 3, Interesting
    It seems to me that this is a rather narrowly-focussed attempt to stop spam. Could the SMTP protocol be changed, for instance, to make life more difficult for spammers?

    One idea that occurred to me was requiring the sender to do some nontrivial computation (for instance, the receiving mail server sends the product of two (large, but not RSA-large) primes, which the sender must factor and include with the message to be accepted.

    Now, unfortunately, such a scheme has some problems. The huge variation in performance between machines out there means any computation substantial enough to crimp a spammer might cause grandma's 486 to become unusable for sending email. More to the point, it could greatly increase the cost of running webmail services (not to mention mailing lists). Now, the big webmail providers might be prepared to play along - they might even build some dedicated hardware for the purpose of running the protocol fast. However, there's nothing to stop spammers building exactly the same kind of hardware, enabling them to continue to send out spam by the bucketload!

    So, anyway, I don't think my idea is the answer, but surely the whole area of improved mail protocol design would be worth exploring.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  7. It's called theft, harrasment, and interference. by silentbozo · · Score: 5, Interesting

    I run my own business. I rely on e-mail heavily to communicate with customers and clients (I get orders via e-mail, support questions, contract inquiries, etc.) I spend upwards of 5 non-billable hours each week having to take care of the crap that fills my order inboxes, customer support inboxes, and my main mailbox. This crap includes both spam and e-mail worms. I spend that 5 non-billable hours a week AFTER everything goes through filters (if I didn't have filters, then I'd be spending more like 20 hours a week) - and it's only getting worse.

    So, to sum up - it's not just a few e-mails. And yes, e-mail is about communication, and spammers are destroying the value of e-mail as a communications medium. And, by extension, since my business relies on e-mail, spammers are destroying (or at least seriously disrupting) my business. I pay business taxes, my bottom line is being affected by these criminals, and I really wouldn't mind if we just outlawed spam altogether.

    You want to know what's anti-american, anti-business, and anti-innovation? Scum who abuse public resources - namely, spammers.

    What if you were a CEO? How would you feel about all this bad press?

    I'd fire the asshole in the marketing department who decided mass-mail was an acceptable practice, and I'd lobby Congress to outlaw spam.

  8. Clueless, playing in havoc. by AndroidCat · · Score: 3, Interesting
    Interested in spam filters? Come join us in Cambridge on January 17, 2003 at the first conference on spam filtering.

    While anyone will be welcome, we're hoping most of all to make this an opportunity for hackers working on spam filters to get together and compare notes.

    Filters. That's a give-away. Filters are damage-control after the thief has left. Block them at the first HELO, block them after their ISP refuses to handle complaints to abuse@, block widely, block often. Talking heads, I've said it once.

    --
    One line blog. I hear that they're called Twitters now.
  9. Re:One-dimensional approach -- Economics of SPAM by cyberrodent · · Score: 2, Interesting

    Great - now your saying that you can make email better by making it slower! Not only is that one-dimensional but its the wrong vector. There are plenty of legit reasons to have to send out a few thousand solicited messages to a list - think of the bands that want to tell their fans about tour dates and all the nerd techie lists (no offense intended) - We don't want to collectively punish the rest of the internet because of spammers.

    I'm thinking based upon reading these posts that the best immediate solution is going to be smarter filters and more of them. But this is a technical solution - perhaps there is another angle..(dimension?) Hey- and this is largely the focus of the SPAM Conference. cool. The only thing about filters I still want to be able to get the REAL EMAIL from my girlfriend when she sends me a message saying "I WANT YOUR HUGE C**K TONIGHT" We don't want SPAM filter to become SMUT filters - cause while we might all know SPAM when we see it, we still all have different ideas about smut.

    SPAM for FUN and PROFIT?

    the market itself will(should?) eventually do some sort of self-regulation (nice thing about free markets) - I don't think there are terribly many people spamming for the fun of it. Somewhere there is an econmic incentive - some dismally low percentage of people who are ordering Growth Hormone or Penis Enlrgers from unsolicited mail they receive will either make it worthwhile to continue spamming for customers or will lead anyone who can add (or subtract) to attract customers in other ways. Solutions which propose a charge for outgoing messages are heading towards this idea ,But it too is a solution the collectively punishes the rest of the net (and imagine how up in arms we all would be if somehow "they" started charging for email!)

    Marketers are just like little kids (something they actually share in common with techies!) -- when they get a new toy they love to play with it more than the old toys. Email is still a newish toy for them. much more fun than doing direct mail.

    anyone know the click through or sales rates for any unsoliced mail? Unfortunatly there will probably be a similar reaction as when ad-banner CTR dropped - make more of them and make them bigger.

    yrs. cyberRodent

    --
    Talk is cheap. Supply exceeds demand.