MIT Spam Conference Conclusions

RT Alec writes "The 2003 Spam Conference has concluded, reports InfoWorld. (related read: abstracts of the conference discussions). I was unable to attend the conference, but it appears all that was discussed was filters (client and server). I think the key problem is ISPs that do not block egress traffic on port 25. If you need to send mail through a different SMTP server than provided by your ISP, the admin of that server ought to provide you with a means of using it with authentication on a port other than 25 (you do have permission to use that SMTP server, don't you?). It is not too tough to set up an SMTP server to require authentication, or at a minimum to run off a different port. I am suprised that this is never mentioned as a cure for spam. If just AOL blocked port 25, this could reduce spam by 50% (I base this figure on close examination of the headers of the spam I receive). I was pleased to see that Barry Shein, president of The World (a Boston based ISP) was included in the talks. I am not sure by the abstract (see link above) posted if he mentioned blocking port 25. In a recent interview he did not mention it."

Re:filters

[Motherfucking+Shit]

Well, anyone who has a user base of real users (e.g. average, non-techie people) has to accept mail from AOL, because all those users likely communicate with AOLers.

I think AOL is really being blamed for a lot of spam it shouldn't be. Lots of common spamware forges aol.com at various places in the headers. Real mail sent through an external mail server while signed onto AOL has an "X-Apparently-From:" header inserted by AOL. That header contains the actual AOL screen name of the account being used to send the mail. Ergo, AOL isn't really a good choice for spammers to begin with.

-MFS

spambayes?

[spongman]

Did anyone there talk about Spambayes? I've been using this open-source spam filter for several months now and lurking on their mailing list and I have been really impressed at the lengths they've gone to to provide a mature framework for testing their statistical theories over many varied sets of spam/ham corpora.

While they started out with the bayesian algorithm described by Paul Graham they quickly discovered that the effectiveness of his algorithm tends to depend on the values of some quite sensitive tuning parameters and that diffrent people can get wildly differing degrees of success depending on their configuration and the types of spam/ham that they receive. Gary Robinson wrote an interesting critique of Paul's algorithm and helped the spambayes team incorporate his so-called chi-squared combining scheme (which apparently isn't bayesian at all) which doesn't seem to depend so much on 'magic' numbers and their testing framework showed that it works surprisingly well for both small and large sets of messages.

It's still under active development although most of the ongoing work is centered around the user interface components (POP proxies, Outlook plugins, etc...) whereas the actual spam classifier hasn't changed much in a while.

Well worth looking into if you're getting too much spam. Who isn't?

AOL the source? I think not.

[Powercntrl]

I think AOL is really being blamed for a lot of spam it shouldn't be.

Send spam using AOL's e-mail client and your account is nearly-instant toast, thanks to automated rate-limiting software.

AOL set up rate limiting sometime around 07/98. Yes, it was THAT long ago. Note, as another poster has said, this wouldn't stop someone from using AOL as their ISP and connecting to another SMTP server for spamming purposes, but considering how slow (not to mention expensive) AOL-provided net access is, I doubt any real spammer would use it for even that.

Since most of the /. readers are probably not still using AOL, here's what can be found at AOL keyword: Rate Limiting.

America Online has received an overwhelming amount of complaints concerning unsolicited commercial e-mail, or "junk" mail, and we are doing everything we can to protect our members' online experience. Because many junk e-mailers collect screen names from AOL chat rooms, we put a "Rate Limit" feature in place to deter junk e-mailers from collecting member screen names from chat rooms. The Rate Limit feature is also used to deter members from sending mass numbers of e-mail, Instant Message(TM) notes, or Buddy Chat(TM) invitations that can disrupt the normal member experience.

AOL imposes a rate limit on an AOL member's account for any of the following:

* When a member exceeds the acceptable number of Instant Message notes or Buddy Chat invitations they send in a given time period.

* When a member exceeds the acceptable number of chat room changes or "Who's Chatting" requests in a given time period.

When an account is rate limited, the ability to send Instant Message notes and Buddy Chat invitations or to see who's chatting in a room or move from room to room is blocked for a certain period of time or the screen name's connection to AOL may be disconnected.

While we are working hard to stop junk e-mailers, there are steps that we also encourage our members to take to avoid junk e-mail. For example, you can create a screen name (Keyword: Names) that you use when you enter chat rooms, then use Mail Controls to block all e-mail to that screen name. When you want to e-mail with someone you meet in chat, give them your regular screen name OR go back to Mail Controls, select the "Allow e-mail only from selected AOL screen names, Internet domains, and addresses" option and add your friend's name.

AOL considers the sending of mass numbers of unwanted, disruptive messages or the gathering of AOL screen names to be abusive online conduct and a violation of AOL's Terms of Service. Rate Limits have been put in place to curtail abuse and ensure an enjoyable online experience.

Lets get to the meat of the matter ...

[Ninja+Programmer]

As usual, nobody is reading the article, and hence everyone misses the real meat. Ignore the silly web-zine hack writers and just go here:

http://spamconference.org/

The talks are online.

Re:Barry Shein's modest proposal.

[rkent]

Basically, it boiled down to "Spam is currently in a gray area legally, so let's legitimize spam in order to divide the spammers into legal spammers (who pay handsomely for the privilege)

I also kind of got the impression that he thought the rate for this should be prohibitively high (did he say something like a penny per message, or am I making that up?). The point being, to put a system in place so that you are ABLE to charge for it so the magnitude of the problem is more clearly discernable.

Barry also mentioned many other "features" of spam from an ISP's point of view, not the least of which is that naive people hold their own ISP responsible for the mail they get, which is sometimes pornographic and exposed to children. I don't think he was seriously suggesting ISPs should let this go and furthermore profit from it, but rather that, if they were authorized and able to charge for it, they could flip the spammer's economic model and improve relationships between ISPs and their clients.

Re:Antivirals!

[Patrick13]

If you are using windows, and outlook, you can install SpamNet, made by Cloudmark.

I had to stop using Eudora, because I had so many filters (400+) to kill my spam that it took, literally, 5 minutes for my mail to appear in my inbox, which, needless to say was very frustrating and annoying.

Anyhow, I have been using Spamnet for about 7-8 months and, depending upon the time of day that I check my email it correctly blocked between 60% - 95% of my spam.

For example, since it is a peer based spam detection system, so the more users that vote that email from a particular sender is Spam, the more likely you will get it blocked. Eventually, it maps out and makes blacklists based on overall stats.

The point is, I took 2 days off for Xmas and when I checked my mail on the 27th, it filtered out about 295 of about 300 spam messages.

Re:Blocking 25 too heavy handed

[tweek]

Do you have ssh access to your mail server? If so, just forward local traffic on port 25 through the tunnel to the remote machine.

ssh -L25:remotemachinename:25 remotemachinename

Works like a champ. I tunnel my IMAP and SMTP connections this way.

Re:Read-Only Internet Access Is Bad

[dinsdale3]

In my opinion, this is a terrible idea, for a number of reasons. The first reason is the First Amendment of the U.S. Constitution. This would inhibit free speech by anyone who wants to send mail to anyone else.

Sorry, the First Amendment says CONGRESS shall pass no law... A private ISP can restrict your speech as much as they want when you use their service (within the bounds of contracts, etc).

Re:One person's treasure is another person's junk.

[zonker]

Bayesian filters could just as easily be written in Perl

enter my fave project, popfile. :)

Re:Spamming vs. sending legit mail.

[platypus]

The best anti-spam method I've seen, bar none, is a friend of mine's opt-in method. His filters indicate the email addresses of people whose mail he's willing to accept, and dumps the rest in his spam folder.

I hope your friend isn't on a mailing list and ever wants help. If people reply directly to him, they may directly land in his spam folder. Ok, I'm exaggeriting, this can be solved with filters also.

A very annoying method people use is filters which auto-reply if your email is not in a positive list, giving you instructions how you should resend your mail.

You sometimes get these messages when replying to list-messages and cc'ing the original sender. Since I'm not on this world to accomodate these people's mail-filters, I just killfile them.

AOL _DO_ filter outbound SMTP

> AOL set up rate limiting sometime around 07/98 [google.com]. Yes, it was THAT long ago.

And it made a big difference to the level of AOL origin spam.

> Note, as another poster has said, this wouldn't stop someone from using AOL as their ISP and connecting to another SMTP server for spamming purposes, but considering how slow (not to mention expensive) AOL-provided net access is, I doubt any real spammer would use it for even that.

AOL implemented transparent SMTP proxying during 1999-2000. They don't block outbound smtp entirely, but all outbound SMTP traffic is forced through their servers, is rate limited and is inspected for basic spamminess.

The admins can and would like to do more heavy duty filtering, but AOL legal won't let them.

AOL also rolled out their own DNSBL - ORBS style- but this was killed by AOL legal after open Earthlink customer relays smarthosting via Earthlink's main servers caused that ISP to be blocked.

Instead of fixing the fucking problem, Earthlink started screaming to the media about anticompetitive practices and threatening to sue.

Never min that AOL already won that battle - against Sanford Wallace in 1995 (Cyberpromo vs AOL - AOL was the defendant) - AOL legal forced the immediate shutdown of AOL's testing and blocking systems.

AOL admins would _like_ to do more about outbound spam. Their lawyers are a bunch of pussies and won't let them.

Re:My notes for the proceedings (very long post!)

[helphand]

Excellent notes! For those who want to quickly find a particular speaker on one of the sesions, Oliver Schmezle put together a handy webcast timetable available here http://www.schmelzle.net/techblog/2003/01/18

Personally, I found the sessions by the following speakers well worth the listen. Interesting and informative.

• John Graham-Cumming, POPFile - Session 1 at 00:52:00
• Joshua Goodman, Microsoft Research - Session 3 at 01:44:30
• Jon Praed, Internet Law Group - Session 4 at 00:34:00

I was there

[jpm242]

In a nutshell,

- Lots of talk on Paul Graham's Bayesian approach and the derivative works that some people have been doing.
- Speakers were for the most part very inciteful, interesting, and funny (!)
- Some talk on the business side of things (Barry Shein)
- Some talk about exisiting "solutions". Our solution is the best (pretty boring. and nothing really interesting there).

Some stuff to remember and/or worth mentionning:
- When designing a spam blocker, use differrent corpuses of mail for developing, tweaking and testing. That will reflect better the real-world situation. (the only interesting thing the Microsoft guy said)
- The business of spam is more complex than it seems. It's about multi-layer marketing schemes and the spam itself is the product, not necessairly the Viagra or the penis enlarger
- Spammers are intelligent and getting clever to evade spam blocking software (one notable example of a mail written in monospace font, using HTML, and formattedd to write vertically, instead of left-to-right. The scanning software sees nothing recognisable!)
- The non-free e-mail subject did come up.
- You can always trace to the source. Maybe the sender is forged, but you can always go up the smtp relay chain. there will be a point where someone has an open relay (or it's the source itself)
- The MIT's infinite corridor is actually finite.
- Spam-control is really at its infancy, probably like anti-virus software was like in the mid 80s.
- Spam conference study have no need of penis enlargement, study says.

JP.

Please moderate this to that it can be seen.