Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Conference About Spam

Posted by timothy on from the universal-convergence dept.

zonker writes "January 17th will be the first (annual?) meeting of the Spam Conference held in Cambridge, Massachusetts. The informal meeting will feature Paul Graham, John Graham-Cumming, John "Cap'n Crunch" Draper among others (possibly including ESR though he hasn't yet confirmed). The free conference will consist of a number of talks about new ways to combat the growing spam problem, after which everyone's going out and getting some Chinese food. Should be an informative and fun meeting and a chance to meet some interesting people."

9 of 392 comments (clear)

  1. spammers mining public keys by hey · · Score: 5, Interesting
    I was just about to update my mail address in my PGP public key which is on my website but then I released that spammers might mine mail addresses from public keys. Do they?

    MIT (who is hosting this conference) has a key server that presumably hold millions of mail addresses.

    1. Re:spammers mining public keys by carpe_noctem · · Score: 4, Interesting

      I don't know if this is actually being done, but it's a rather novel concept. I did a search for ".com", and unfortunately, I got an error saying too many results had been found. However, it would be relatively easy to write a script to pick 3 random letters/digits out of the english language, and keep submitting them. That way, you'd probably not exceed the limit for returned addys and you'd get lots of data.

      So is it hypothetically possible? Yes.
      Is there anything we can do about it that wouldn't defeat the concept of using a public-key conservatory? No, probably not.
      And finally, are most spammers intelligent enough to harvest email addys this way rather than use scripts they got hungry college students to write for them 4 years ago? Definitely not. ;)

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  2. What does ESR know about anything? by Anonymous Coward · · Score: 5, Interesting

    This is the guy who brags on his website that he doesn't have a credit card. The same guy who helped "steer" VA Linux to the biggest dot com stock flameout in history. The same guy who runs a blog that is so right wing that his solution to plane hijackings is to arm all the passengers. The same guy who brags he has no formal training in software development. The same guy who was pretty much run off the Linux kernel developer mailing list.

    Who exactly gives a shit what this guy has to say?

    Just asking ...

  3. funny by Yusaku+Godai · · Score: 5, Interesting
    I just received one of the fakest spams I've ever seen:
    Hi Ya, I saw your post on the message boards... I hope you don't mind sharing some information with me ^_^ I'm transfering to your neck of the woods in the spring and would like a penpal. What do you think? ^_^ Care to share some info.. hehehhe..eh If you'd like more information about me you can checkout my homepage if you have time... www.geocities.com/cafecutie21 Hope to hear from ya soon! BYEE~~~ Sammi~
    It's obviously spam, what with lines like "I hope you don't mind sharing some information with me" but this time they went beyond just fake emails. Out of curiosity and boredom I clicked on the link which had a whole fake website for this girl, which ultimately linked to some online dating service. Why would companies turn to deceptive advertising? Why would anyone want to trust a company using such dirty methods.
    1. Re:funny by aiken_d · · Score: 5, Interesting

      I work in both the adult internet industry and internet dating service industry.

      Odds are, the website you clicked through to wasn't set up by whatever matchmaker service you ended up on. The matchmaker service probably has an affiliate program ("send us traffic and we'll give you 50% of all signups"), and some enterprising college kid (or adult) discovered that they could set up geocities websites that link to the matchmaker site, spam the entire world, and make a few bucks from the affiliate commissions.

      There are probably a couple of things wrong here:

      1) The matchmaker site is probably not enforcing its TOS, if they have one. There's a temptation to turn a blind eye to what affiliates do to generate traffic; if people get upset enough about a particular spammer, you can always say "Gosh! They were violating our TOS. We'll kick them off!"

      2) Geocities is pretty notorious for being slow to respond to abuse complaints.

      It's a nasty problem, and one inherent to affiliate programs. Ethical companies aggressively pursue thier TOS and make it really clear that they do before allowing affiliates to sign up ("DO NOT USE SPAM to promote our site; we will not pay you your commissions on referrals generated by spam, we will immediately terminate your account, and we will happily share your personal information with any anti-spammers who complain").

      Cheers
      -b

      --
      If I wanted a sig I would have filled in that stupid box.
  4. speaking of... by ack154 · · Score: 4, Interesting

    Does anyone know what happens to the hundreds of emails I forward to uce@ftc.gov each month? Someone mentioned to send them there, and I tried to read the stuff on the ftc site, but they just say its their "database" for spam. What does that mean? Do they actually do anything with the stuff? Not that the 20 seconds to forward with headers really kills my day. But I just want it to be useful to someone...

    And out of curiosity, what are some other people's ideas on trying to prevent it? Basically right now I just try not to have my email address anywhere online (without some sort of word in it or something along those lines). And I watch what I might sign up for and their "privacy" policies. And I don't reply to the spam I get, since usually that apparently just confirms your address and makes you more valuable.

    So any more tips?

  5. One-dimensional approach by Goonie · · Score: 3, Interesting
    It seems to me that this is a rather narrowly-focussed attempt to stop spam. Could the SMTP protocol be changed, for instance, to make life more difficult for spammers?

    One idea that occurred to me was requiring the sender to do some nontrivial computation (for instance, the receiving mail server sends the product of two (large, but not RSA-large) primes, which the sender must factor and include with the message to be accepted.

    Now, unfortunately, such a scheme has some problems. The huge variation in performance between machines out there means any computation substantial enough to crimp a spammer might cause grandma's 486 to become unusable for sending email. More to the point, it could greatly increase the cost of running webmail services (not to mention mailing lists). Now, the big webmail providers might be prepared to play along - they might even build some dedicated hardware for the purpose of running the protocol fast. However, there's nothing to stop spammers building exactly the same kind of hardware, enabling them to continue to send out spam by the bucketload!

    So, anyway, I don't think my idea is the answer, but surely the whole area of improved mail protocol design would be worth exploring.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  6. It's called theft, harrasment, and interference. by silentbozo · · Score: 5, Interesting

    I run my own business. I rely on e-mail heavily to communicate with customers and clients (I get orders via e-mail, support questions, contract inquiries, etc.) I spend upwards of 5 non-billable hours each week having to take care of the crap that fills my order inboxes, customer support inboxes, and my main mailbox. This crap includes both spam and e-mail worms. I spend that 5 non-billable hours a week AFTER everything goes through filters (if I didn't have filters, then I'd be spending more like 20 hours a week) - and it's only getting worse.

    So, to sum up - it's not just a few e-mails. And yes, e-mail is about communication, and spammers are destroying the value of e-mail as a communications medium. And, by extension, since my business relies on e-mail, spammers are destroying (or at least seriously disrupting) my business. I pay business taxes, my bottom line is being affected by these criminals, and I really wouldn't mind if we just outlawed spam altogether.

    You want to know what's anti-american, anti-business, and anti-innovation? Scum who abuse public resources - namely, spammers.

    What if you were a CEO? How would you feel about all this bad press?

    I'd fire the asshole in the marketing department who decided mass-mail was an acceptable practice, and I'd lobby Congress to outlaw spam.

  7. Clueless, playing in havoc. by AndroidCat · · Score: 3, Interesting
    Interested in spam filters? Come join us in Cambridge on January 17, 2003 at the first conference on spam filtering.

    While anyone will be welcome, we're hoping most of all to make this an opportunity for hackers working on spam filters to get together and compare notes.

    Filters. That's a give-away. Filters are damage-control after the thief has left. Block them at the first HELO, block them after their ISP refuses to handle complaints to abuse@, block widely, block often. Talking heads, I've said it once.

    --
    One line blog. I hear that they're called Twitters now.