Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Conference in Boston

Posted by michael on from the just-provide-your-email-address-to-register dept.

bpfinn writes "Are you working on your own anti-spam solution? Would you like to compare notes with other coders? You'll get your chance at the Spam Conference in Cambridge on January 17, 2003. Among the speakers are: Paul Graham (of "a plan for spam" fame), ESR, John Graham-Cumming (of "POPFile" fame), and Matt Sergeant from MessageLabs. According to the homepage, this conference will be very informal: "no fees, sponsorships, proceedings, luncheons, contests, etc. Just a series of quick, concentrated talks, and then we all go off and get Chinese food." Slashdotters who are peeved about spam can register here."

12 of 229 comments (clear)

  1. Sweet! by intermodal · · Score: 5, Insightful

    A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
    1. Re:Sweet! by Zeinfeld · · Score: 3, Insightful
      A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.

      Well that is pretty much how conferences start. They begin as a technical session with 5 experts talking and 50 people in the audience, then the next year there are more people and the program gets longer. The year after that there is an exhibition which the year after becomes an exhibition floor. After that the whole thing goes downhill and turns into a trade show.

      That is exactly how the RSA Conference and Interop began.

      I am somewhat disappointed by the means of choosing the papers, basically the first people to propose a talk. As a result the spam conference will only be discussing filtering approaches based on identifying the spam. The alternative approaches based on authenticating the genuine signal simply won't get a hearing.

      The problem with filtering approaches is that they only work as long as the attacker does not have access to the filter. If the attacker does have access to the filter they can repeatedly test and modify their spam until it gets through. That is why the filtering built into Outlook fails, the attackers have access to the filter and can use countermeasures.

      Filtering techniques are a hacker solution, they only solve the problem for the small community of hackers that use them. Once they are used generally they fail.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. Re:SpamAssassin by niker · · Score: 2, Insightful

    The reason why I'm using it (spam assassin) is because spam is a big issue in my e-mail accounts. :( That's all

    --
    Moderators: Don't agree? pray tell why.
  3. Re:security? by SweetAndSourJesus · · Score: 2, Insightful

    Yeah, but then you've got the whole "security thru obscurity" thing working. It's no good to come up with a spam-fighting technology that doesn't work if spammers know about it. That's why we have tools like SpamAssassin, where it doesn't matter if they're aware your're using it.

    --

    --
    the strongest word is still the word "free"
  4. Focus by The+Bungi · · Score: 5, Insightful
    I do hope they focus on the bandwidth problem. We've all seen the recent stories here about the slimeball spammer who's return rate is something to the tune of 0.000001% for 100 million messages. Or some such statistic. And yet he's swimming in $$.

    The better spam filters get, the more horsepower these fuckers are going to put into plying their trade. That 100 million herbal viagra batch didn't work? Oh, OK, let's send out 1 billion messages then.

    Their capacity to add processing power to their operations will grow exponentially as the efficiency of spam blocks increases. But there's only so much bandwidth to go around. Ergo, suffer the ISP (mine and yours, not theirs). Something's gotta give.

    I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

    1. Re:Focus by viscous · · Score: 2, Insightful

      I happen to agree that the bandwidth eaten by spam is the ultimate problem, and that filtering doesn't really address that. But out of fairness I thought I would mention the counter-argument made by the proponents of filtering:

      If you get enough of the large ISPs and electronic mail services to filter all their customer's mail - enough to eliminate (say) 95% of the spam currently getting delivered - then the spammers will only be making 5% of the sales they are currently making. Which may be enough to drive them out of business.

      I don't believe it will work, but that's the party line I expect you'll be hearing at the conference.

    2. Re:Focus by MacAndrew · · Score: 4, Insightful

      I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

      Yes, but ... the crowd that's buying herbal Viagra is a tough one to reason with by definition. Then there are the "get rich quick" suckers -- just try explaining basic math to them.

      There's an old saying that some people will buy anything. Spamming is about locating them. The rest of us get caught in the overspray.

    3. Re:Focus by sfe_software · · Score: 3, Insightful

      I happen to agree that the bandwidth eaten by spam is the ultimate problem...

      For me personally, bandwidth isn't an issue. I'm on DSL, my servers are locked up tight and not contributing to the problem... for me, the problem is that 95% of the time my "New Mail" alert goes off, it's all SPAM. I don't care about the bandwidth issues; doesn't affect my home connection much, and doesn't affect my server's connection at all. It's my time.

      My solution? Well, I haven't found a perfect solution, but (given that bandwidth isn't my main concert) Mozilla's bayessian (sp?) filtering is working well so far. Hopefully the next major Moz release will handle this better.

      Currently (1.3a) it marks SPAM as "Junk" mail automatically. After only a few days it easily recognized SPAM. After a week there have been NO false positives. After 2 weeks it seems to be dead-on accurate.

      Hopefully the next Moz release will let me do more with it (such as NOT playing my "New Mail" sound, marking them read, moving them to a Junk folder, etc). So far 1.3a is showing serious promise, at least in the filtering part. It uses Bayessian filtering (based on the Plan for Spam article linked above -- a good read if you haven't seen it), and is quite good so far. I would personally be happy if, using the Mozilla current implementation, I could never see mail Mozilla sees as "Junk" mail.

      My point was simply that for me, bandwidth isn't the problem -- and I run several (not open-relay) mail servers -- rather, the problem is the time I spend manually filtering SPAM from real mail (running several domains). Bayessian filtering is perfect, as it's based on the individual user. It's what got me to try Mozilla mail again in the first place (first time since M12), and already, just having it mark them as "Junk", it's saved me a ton of time.

      --
      NGWave - Fast Sound Editor for Windows
  5. Spam Conference... by VistaBoy · · Score: 5, Insightful

    Because we're having a conference on spam to begin with already means that the spammers have won. Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?

  6. Prevent SPAM instead of trying to deal with it.... by 8BitWimp · · Score: 5, Insightful

    Its ironic that this conference (and other discussion groups) are focusing on dealing with, filtering, and otherwise trapping SPAM. It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email which would simply not provide mechanisms for the broadcast of SPAM, and the hijacking of mail servers. Spammers are just as ingenious as the folks valiantly trying to filter it. Until we consider a new approach, we will just be battling an ever growing volume of SPAM mail.

  7. Re:Prevent SPAM instead of trying to deal with it. by 8BitWimp · · Score: 3, Insightful

    I would suggest a second and parallel email channel be introduced. Leave the current sendmail system in place. Those desiring better email and no spam will migrate to the new channel. Those who don't care can remain on the SPAM channel.

  8. Great for Spammers... by toupsie · · Score: 3, Insightful

    What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months. I would be on the look out for people wearing too many gold chains reaking of hottub clorine wanting to make your penis larger in less than 7 days while offering you a Micro RC Car.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.