MIT Spam Conference Conclusions

RT Alec writes "The 2003 Spam Conference has concluded, reports InfoWorld. (related read: abstracts of the conference discussions). I was unable to attend the conference, but it appears all that was discussed was filters (client and server). I think the key problem is ISPs that do not block egress traffic on port 25. If you need to send mail through a different SMTP server than provided by your ISP, the admin of that server ought to provide you with a means of using it with authentication on a port other than 25 (you do have permission to use that SMTP server, don't you?). It is not too tough to set up an SMTP server to require authentication, or at a minimum to run off a different port. I am suprised that this is never mentioned as a cure for spam. If just AOL blocked port 25, this could reduce spam by 50% (I base this figure on close examination of the headers of the spam I receive). I was pleased to see that Barry Shein, president of The World (a Boston based ISP) was included in the talks. I am not sure by the abstract (see link above) posted if he mentioned blocking port 25. In a recent interview he did not mention it."

spambayes?

[spongman]

Did anyone there talk about Spambayes? I've been using this open-source spam filter for several months now and lurking on their mailing list and I have been really impressed at the lengths they've gone to to provide a mature framework for testing their statistical theories over many varied sets of spam/ham corpora.

While they started out with the bayesian algorithm described by Paul Graham they quickly discovered that the effectiveness of his algorithm tends to depend on the values of some quite sensitive tuning parameters and that diffrent people can get wildly differing degrees of success depending on their configuration and the types of spam/ham that they receive. Gary Robinson wrote an interesting critique of Paul's algorithm and helped the spambayes team incorporate his so-called chi-squared combining scheme (which apparently isn't bayesian at all) which doesn't seem to depend so much on 'magic' numbers and their testing framework showed that it works surprisingly well for both small and large sets of messages.

It's still under active development although most of the ongoing work is centered around the user interface components (POP proxies, Outlook plugins, etc...) whereas the actual spam classifier hasn't changed much in a while.

Well worth looking into if you're getting too much spam. Who isn't?

AOL the source? I think not.

[Powercntrl]

I think AOL is really being blamed for a lot of spam it shouldn't be.

Send spam using AOL's e-mail client and your account is nearly-instant toast, thanks to automated rate-limiting software.

AOL set up rate limiting sometime around 07/98. Yes, it was THAT long ago. Note, as another poster has said, this wouldn't stop someone from using AOL as their ISP and connecting to another SMTP server for spamming purposes, but considering how slow (not to mention expensive) AOL-provided net access is, I doubt any real spammer would use it for even that.

Since most of the /. readers are probably not still using AOL, here's what can be found at AOL keyword: Rate Limiting.

America Online has received an overwhelming amount of complaints concerning unsolicited commercial e-mail, or "junk" mail, and we are doing everything we can to protect our members' online experience. Because many junk e-mailers collect screen names from AOL chat rooms, we put a "Rate Limit" feature in place to deter junk e-mailers from collecting member screen names from chat rooms. The Rate Limit feature is also used to deter members from sending mass numbers of e-mail, Instant Message(TM) notes, or Buddy Chat(TM) invitations that can disrupt the normal member experience.

AOL imposes a rate limit on an AOL member's account for any of the following:

* When a member exceeds the acceptable number of Instant Message notes or Buddy Chat invitations they send in a given time period.

* When a member exceeds the acceptable number of chat room changes or "Who's Chatting" requests in a given time period.

When an account is rate limited, the ability to send Instant Message notes and Buddy Chat invitations or to see who's chatting in a room or move from room to room is blocked for a certain period of time or the screen name's connection to AOL may be disconnected.

While we are working hard to stop junk e-mailers, there are steps that we also encourage our members to take to avoid junk e-mail. For example, you can create a screen name (Keyword: Names) that you use when you enter chat rooms, then use Mail Controls to block all e-mail to that screen name. When you want to e-mail with someone you meet in chat, give them your regular screen name OR go back to Mail Controls, select the "Allow e-mail only from selected AOL screen names, Internet domains, and addresses" option and add your friend's name.

AOL considers the sending of mass numbers of unwanted, disruptive messages or the gathering of AOL screen names to be abusive online conduct and a violation of AOL's Terms of Service. Rate Limits have been put in place to curtail abuse and ensure an enjoyable online experience.

Lets get to the meat of the matter ...

[Ninja+Programmer]

As usual, nobody is reading the article, and hence everyone misses the real meat. Ignore the silly web-zine hack writers and just go here:

http://spamconference.org/

The talks are online.

Re:Antivirals!

[Patrick13]

If you are using windows, and outlook, you can install SpamNet, made by Cloudmark.

I had to stop using Eudora, because I had so many filters (400+) to kill my spam that it took, literally, 5 minutes for my mail to appear in my inbox, which, needless to say was very frustrating and annoying.

Anyhow, I have been using Spamnet for about 7-8 months and, depending upon the time of day that I check my email it correctly blocked between 60% - 95% of my spam.

For example, since it is a peer based spam detection system, so the more users that vote that email from a particular sender is Spam, the more likely you will get it blocked. Eventually, it maps out and makes blacklists based on overall stats.

The point is, I took 2 days off for Xmas and when I checked my mail on the 27th, it filtered out about 295 of about 300 spam messages.