Plan for Spam, Version 2

bugbear writes "I just posted a new version of the Plan for Spam Bayesian filtering algorithm. The big change is to mark tokens by context. The new version decreases spams missed by 50%, to 2.5 per 1000, even though spam has gotten harder to filter since the summer. I also talk about how spam will evolve, and what to do about it."

Great Stuff! Hope to see more

[leerpm]

Hopefully we see even more stuff like this coming out of the spam conference

Re:Great Stuff! Hope to see more

All you need to block spam:

• Open Relays Database ORDB
• Osirusoft RBL
• Spamcop
  
• And Postfix and it's great spam filtering options.

Re:Great Stuff! Hope to see more

I hope this is meant as a troll.

GREAT!

[TerryAtWork]

I run PopFile at work and it rules!

Please carry on with this Bayesian Spam filtering! It'll be the death of spam yet!

Re:GREAT!

[praedictus]

Spam filter that works great is to filter based on , so it doesn't save bandwidth either.

Re:GREAT!

I've been using it too. It's great, the best damn spam filter IMO you can get, if you have a POP3 connection.

popfile

Re:GREAT!

[praedictus]

Oops! try that again. I was mentioning using a filter based on "a href= tags, but the /. page accepted the HTML as valid. (What I get for not previewing) Who sends emails with external web references rather than a link, other than spammers? Also stops the 1 bit tag gif business, but its necessary to d/l the message to run the filter, rather than just scanning the header, and users of Lookout Depress aren't able to filter based on html tags so they're out of luck.

Re:GREAT!

Your message makes no sense

Re:GREAT!

I run Popfile....

They should change the name to Pope file as it only allows the ones through that get their blessing....

Re:GREAT!

[Lemmeoutada+Collecti]

Interestingly enough, I found out about PopFile on /. and started testing it at work. Two days and it was catching 95%+ accurate, tried it at home and took a bit longer, but still very accurate and very simple to use. It takes moments to install, runs completely in the background, and does not require a lot of technical skill. And my favorite feature, a low memory profile!

Re:GREAT!

[thomas.galvin]

Your message makes no sense

Run through my decoder ring, I got "In order to filter based on content, you must first download the message, so you are saving only time and attention, not bandwidth.

base64 encoded emails....or images

I'm using the filters in Moz 1.3 alpha and the Base64 encoded emails are not being recoginized and flagged as spam. I've trained and trained and trained.

They almost always get through.

Anyone else experience this?

Also, how do can you flag an ad that is an image? Block all HTML email?

I dunno.

Re:base64 encoded emails....or images

[delta407]

Also, how do can you flag an ad that is an image?

Razor.

Vipul's Razor marks MIME parts individually, so an ad, a picture of Viagra, or even the "Unsubscribe" button can be marked spam and contribute to the overall score of the message.

Re:base64 encoded emails....or images

[IvyMike]

This doesn't really solve your precise problem, but at least makes some html spam less annoying.

1: Preferences->Privacy&Security->Images->" Do not load remote images in Mail..." should be checked.

2: In Mail, "View->Message Body As->Simple HTML" should or even "Plaintext"

This won't help you filter the spam, but will prevent web-bugged email from confirming that you are a valid spam target, and makes the spam that does get through be far less annoying.

Re:base64 encoded emails....or images

I dispose of all base64 encoded emails.

Problem solved.

Re:base64 encoded emails....or images

[GGardner]

A common thing that spammers to do try and trick filters is use

Content-Type: text/html (or text/plain)
Content-Transfer-Encoding: base64

Because a lot of filters don't know how to decipher this. For me, this makes it a lot easier to filter, though. I get no legitimate e-mail encoded this way, so I just have procmail dump any e-mail encoded this way. Problem solved, and without the CPU burden of decoding or running expensive spam filters.

Re:base64 encoded emails....or images

[Rogerborg]

Great! Where do I find those options in telnet?

Or would you care to specify what mail client your sage advice applies to.

Re:base64 encoded emails....or images

[bunratty]

Look in the parent post, genius.

Re:base64 encoded emails....or images

I've had exactly this problem (with Mozilla and Yahoo both). I dunno why the filter software doesn't just un-encode the MIME parts and then run their filtering algorithms, rather than vice-versa.

I figure they'll catch up to the spammers in another 6 months or so. :P

Re:base64 encoded emails....or images

[Rogerborg]

This is Slashdot. If it's not quoted, it doesn't exist.

I'm sorry, but someone has to say it...

[Yoda2]

But will it enlarge my penis?

Re:I'm sorry, but someone has to say it...

[wackysootroom]

No, but it will make you a million dollars and attract women effortlessly through the power of irresistable pheromones.

Re:I'm sorry, but someone has to say it...

[wheany]

Not once has anything that begins with "Sorry, this has to be said" had to be said.

Re:I'm sorry, but someone has to say it...

Quote from the article: "They may have felt they were forced to do this by the small size of their corpus, but if so this is a kind of premature optimization".

I'd take that as a "yes"...

Slow news day?

[Koyaanisqatsi]

I just posted a new version of ...

While I recognize it's a valid project, this type of announcement is more deserving of a frontpage at Sourceforge or Freshmeat. Now if there was a huge breakthrough, we could expect to see it posted here, right?

Re:Slow news day?

[hoggoth]

Instead of complaining about the Slashdot editors, why not take matters into your own hands?

Build a Bayesian filter that judges Slashdot articles for their appropriateness. Then tag each article and filter out the ones that you don't want to read! Easy.

Except those sneaky Slashdot editors keep tweaking their articles to get by the filters! Damn them!

Archive Version (b/c it's a personal site)

[Amsterdam+Vallon]

January 2003

(This article was given as a talk at the 2003 Spam Conference. It describes the work I've done to improve the performance of the algorithm described in A Plan for Spam, and what I plan to do in the future.)

The first discovery I'd like to present here is an algorithm for lazy evaluation of research papers. Just write whatever you want and don't cite any previous work, and indignant readers will send you references to all the papers you should have cited. I discovered this algorithm after ``A Plan for Spam'' [1] was on Slashdot.

Spam filtering is a subset of text classification, which is a well established field, but the first papers about Bayesian spam filtering per se seem to have been two given at the same conference in 1998, one by Pantel and Lin [2], and another by a group from Microsoft Research [3].

When I heard about this work I was a bit surprised. If people had been onto Bayesian filtering four years ago, why wasn't everyone using it? When I read the papers I found out why. Pantel and Lin's filter was the more effective of the two, but it only caught 92% of spam, with 1.16% false positives.

When I tried writing a Bayesian spam filter, it caught 99.5% of spam with less than .03% false positives [4]. It's always alarming when two people trying the same experiment get widely divergent results. It's especially alarming here because those two sets of numbers might yield opposite conclusions. Different users have different requirements, but I think for many people a filtering rate of 92% with 1.16% false positives means that filtering is not an acceptable solution, whereas 99.5% with less than .03% false positives means that it is.

So why did we get such different numbers? I haven't tried to reproduce Pantel and Lin's results, but from reading the paper I see five things that probably account for the difference.

One is simply that they trained their filter on very little data: 160 spam and 466 nonspam mails. Filter performance should still be climbing with data sets that small. So their numbers may not even be an accurate measure of the performance of their algorithm, let alone of Bayesian spam filtering in general.

But I think the most important difference is probably that they ignored message headers. To anyone who has worked on spam filters, this will seem a perverse decision. And yet in the very first filters I tried writing, I ignored the headers too. Why? Because I wanted to keep the problem neat. I didn't know much about mail headers then, and they seemed to me full of random stuff. There is a lesson here for filter writers: don't ignore data. You'd think this lesson would be too obvious to mention, but I've had to learn it several times.

Third, Pantel and Lin stemmed the tokens, meaning they reduced e.g. both ``mailing'' and ``mailed'' to the root ``mail''. They may have felt they were forced to do this by the small size of their corpus, but if so this is a kind of premature optimization.

Fourth, they calculated probabilities differently. They used all the tokens, whereas I only use the 15 most significant. If you use all the tokens you'll tend to miss longer spams, the type where someone tells you their life story up to the point where they got rich from some multilevel marketing scheme. And such an algorithm would be easy for spammers to spoof: just add a big chunk of random text to counterbalance the spam terms.

Finally, they didn't bias against false positives. I think any spam filtering algorithm ought to have a convenient knob you can twist to decrease the false positive rate at the expense of the filtering rate. I do this by counting the occurrences of tokens in the nonspam corpus double.

I don't think it's a good idea to treat spam filtering as a straight text classification problem. You can use text classification techniques, but solutions can and should reflect the fact that the text is email, and spam in particular. Email is not just text; it has structure. Spam filtering is not just classification, because false positives are so much worse than false negatives that you should treat them as a different kind of error. And the source of error is not just random variation, but a live human spammer working actively to defeat your filter.

Tokens

Another project I heard about after the Slashdot article was Bill Yerazunis' CRM114 [5]. This is the counterexample to the design principle I just mentioned. It's a straight text classifier, but such a stunningly effective one that it manages to filter spam almost perfectly without even knowing that's what it's doing.

Once I understood how CRM114 worked, it seemed inevitable that I would eventually have to move from filtering based on single words to an approach like this. But first, I thought, I'll see how far I can get with single words. And the answer is, surprisingly far.

Mostly I've been working on smarter tokenization. On current spam, I've been able to achieve filtering rates that approach CRM114's. These techniques are mostly orthogonal to Bill's; an optimal solution might incorporate both.

``A Plan for Spam'' uses a very simple definition of a token. Letters, digits, dashes, apostrophes, and dollar signs are constituent characters, and everything else is a token separator. I also ignored case. Now I have a more complicated definition of a token:

Case is preserved.

Exclamation points are constituent characters.

Periods and commas are constituents if they occur between two digits. This lets me get ip addresses and prices intact.

A price range like $20-25 yields two tokens, $20 and $25.

Tokens that occur within the To, From, Subject, and Return-Path lines, or within urls, get marked accordingly. E.g. ``foo'' in the Subject line becomes ``Subject*foo''. (The asterisk could be any character you don't allow as a constituent.)
Such measures increase the filter's vocabulary, which makes it more discriminating. For example, in the current filter, ``free'' in the Subject line has a spam probability of 98%, whereas the same token in the body has a spam probability of only 65%.

In the Plan for Spam filter, all these tokens would have had the same probability, .7602. That filter recognized about 23,000 tokens. The current one recognizes about 187,000.

The disadvantage of having a larger universe of tokens is that there is more chance of misses. Spreading your corpus out over more tokens has the same effect as making it smaller. If you consider exclamation points as constituents, for example, then you could end up not having a spam probability for free with seven exclamation points, even though you know that free with just two exclamation points has a probability of 99.99%.

One solution to this is what I call degeneration. If you can't find an exact match for a token, treat it as if it were a less specific version. I consider terminal exclamation points, uppercase letters, and occurring in one of the five marked contexts as making a token more specific. For example, if I don't find a probability for ``Subject*free!'', I look for probabilities for ``Subject*free'', ``free!'', and ``free'', and take whichever one is farthest from .5.

Here are the alternatives [7] considered if the filter sees ``FREE!!!'' in the Subject line and doesn't have a probability for it.

If you do this, be sure to consider versions with initial caps as well as all uppercase and all lowercase. Spams tend to have more sentences in imperative voice, and in those the first word is a verb. So verbs with initial caps have higher spam probabilities than they would in all lowercase. In my filter, the spam probability of ``Act'' is 98% and for ``act'' only 62%.

If you increase your filter's vocabulary, you can end up counting the same word multiple times, according to your old definition of ``same''. Logically, they're not the same token anymore. But if this still bothers you, let me add from experience that the words you seem to be counting multiple times tend to be exactly the ones you'd want to.

Another effect of a larger vocabulary is that when you look at an incoming mail you find more interesting tokens, meaning those with probabilities far from .5. I use the 15 most interesting to decide if mail is spam. But you can run into a problem when you use a fixed number like this. If you find a lot of maximally interesting tokens, the result can end up being decided by whatever random factor determines the ordering of equally interesting tokens. One way to deal with this is to treat some as more interesting than others.

For example, the token ``dalco'' occurs 3 times in my spam corpus and never in my legitimate corpus. The token ``Url*optmails'' (meaning ``optmails'' within a url) occurs 1223 times. And yet, as I used to calculate probabilities for tokens, both would have the same spam probability, the threshold of .99.

That doesn't feel right. There are theoretical arguments for giving these two tokens substantially different probabilities (Pantel and Lin do), but I haven't tried that yet. It does seem at least that if we find more than 15 tokens that only occur in one corpus or the other, we ought to give priority to the ones that occur a lot. So now there are two threshold values. For tokens that occur only in the spam corpus, the probability is .9999 if they occur more than 10 times and .9998 otherwise. Ditto at the other end of the scale for tokens found only in the legitimate corpus.

I may later scale token probabilities substantially, but this tiny amount of scaling at least ensures that tokens get sorted the right way.

Another possibility would be to consider not just 15 tokens, but all the tokens over a certain threshold of interestingness. Steven Hauser does this in his statistical spam filter [8]. If you use a threshold, make it very high, or spammers could spoof you by packing messages with more innocent words.

Finally, what should one do about html? I've tried the whole spectrum of options, from ignoring it to parsing it all. Ignoring html is a bad idea, because it's full of useful spam signs. But if you parse it all, your filter might degenerate into a mere html recognizer. The most effective approach seems to be the middle course, to notice some tokens but not others. I look at a, img, and font tags, and ignore the rest. Links and images you should certainly look at, because they contain urls.

I could probably be smarter about dealing with html, but I don't think it's worth putting a lot of time into this. Spams full of html are easy to filter. The smarter spammers already avoid it. So performance in the future should not depend much on how you deal with html.

Performance

Between December 10 2002 and January 10 2003 I got about 1750 spams. Of these, 4 got through. That's a filtering rate of about 99.75%.

Two of the four spams I missed got through because they happened to use words that occur often in my legitimate email.

The third was one of those that exploit an insecure cgi script to send mail to third parties. They're hard to filter based just on the content because the headers are innocent and they're careful about the words they use. Even so I can usually catch them. This one squeaked by with a probability of .88, just under the threshold of .9.

Of course, looking at multiple token sequences would catch it easily. ``Below is the result of your feedback form'' is an instant giveaway.

The fourth spam was what I call a spam-of-the-future, because this is what I expect spam to evolve into: some completely neutral text followed by a url. In this case it was was from someone saying they had finally finished their homepage and would I go look at it. (The page was of course an ad for a porn site.)

If the spammers are careful about the headers and use a fresh url, there is nothing in spam-of-the-future for filters to notice. We can of course counter by sending a crawler to look at the page. But that might not be necessary. The response rate for spam-of-the-future must be low, or everyone would be doing it. If it's low enough, it won't pay for spammers to send it, and we won't have to work too hard on filtering it.

Now for the really shocking news: during that same one-month period I got three false positives.

In a way it's a relief to get some false positives. When I wrote ``A Plan for Spam'' I hadn't had any, and I didn't know what they'd be like. Now that I've had a few, I'm relieved to find they're not as bad as I feared. False positives yielded by statistical filters turn out to be mails that sound a lot like spam, and these tend to be the ones you would least mind missing [9].

Two of the false positives were newsletters from companies I've bought things from. I never asked to receive them, so arguably they were spams, but I count them as false positives because I hadn't been deleting them as spams before. The reason the filters caught them was that both companies in January switched to commercial email senders instead of sending the mails from their own servers, and both the headers and the bodies became much spammier.

The third false positive was a bad one, though. It was from someone in Egypt and written in all uppercase. This was a direct result of making tokens case sensitive; the Plan for Spam filter wouldn't have caught it.

It's hard to say what the overall false positive rate is, because we're up in the noise, statistically. Anyone who has worked on filters (at least, effective filters) will be aware of this problem. With some emails it's hard to say whether they're spam or not, and these are the ones you end up looking at when you get filters really tight. For example, so far the filter has caught two emails that were sent to my address because of a typo, and one sent to me in the belief that I was someone else. Arguably, these are neither my spam nor my nonspam mail.

Another false positive was from a vice president at Virtumundo. I wrote to them pretending to be a customer, and since the reply came back through Virtumundo's mail servers it had the most incriminating headers imaginable. Arguably this isn't a real false positive either, but a sort of Heisenberg uncertainty effect: I only got it because I was writing about spam filtering.

Not counting these, I've had a total of five false positives so far, out of about 7740 legitimate emails, a rate of .06%. The other two were a notice that something I bought was back-ordered, and a party reminder from Evite.

I don't think this number can be trusted, partly because the sample is so small, and partly because I think I can fix the filter not to catch some of these.

False positives seem to me a different kind of error from false negatives. Filtering rate is a measure of performance. False positives I consider more like bugs. I approach improving the filtering rate as optimization, and decreasing false positives as debugging.

So these five false positives are my bug list. For example, the mail from Egypt got nailed because the uppercase text made it look to the filter like a Nigerian spam. This really is kind of a bug. As with html, the email being all uppercase is really conceptually one feature, not one for each word. I need to handle case in a more sophisticated way.

So what to make of this .06%? Not much, I think. You could treat it as an upper bound, bearing in mind the small sample size. But at this stage it is more a measure of the bugs in my implementation than some intrinsic false positive rate of Bayesian filtering.

Future

What next? Filtering is an optimization problem, and the key to optimization is profiling. Don't try to guess where your code is slow, because you'll guess wrong. Look at where your code is slow, and fix that. In filtering, this translates to: look at the spams you miss, and figure out what you could have done to catch them.

For example, spammers are now working aggressively to evade filters, and one of the things they're doing is breaking up and misspelling words to prevent filters from recognizing them. But working on this is not my first priority, because I still have no trouble catching these spams [10].

There are two kinds of spams I currently do have trouble with. One is the type that pretends to be an email from a woman inviting you to go chat with her or see her profile on a dating site. These get through because they're the one type of sales pitch you can make without using sales talk. They use the same vocabulary as ordinary email.

The other kind of spams I have trouble filtering are those from companies in e.g. Bulgaria offering contract programming services. These get through because I'm a programmer too, and the spams are full of the same words as my real mail.

I'll probably focus on the personal ad type first. I think if I look closer I'll be able to find statistical differences between these and my real mail. The style of writing is certainly different, though it may take multiword filtering to catch that. Also, I notice they tend to repeat the url, and someone including a url in a legitimate mail wouldn't do that [11].

The outsourcing type are going to be hard to catch. Even if you sent a crawler to the site, you wouldn't find a smoking statistical gun. Maybe the only answer is a central list of domains advertised in spams [12]. But there can't be that many of this type of mail. If the only spams left were unsolicited offers of contract programming services from Bulgaria, we could all probably move on to working on something else.

Will statistical filtering actually get us to that point? I don't know. Right now, for me personally, spam is not a problem. But spammers haven't yet made a serious effort to spoof statistical filters. What will happen when they do?

I'm not optimistic about filters that work at the network level [13]. When there is a static obstacle worth getting past, spammers are pretty efficient at getting past it. There is already a company called Assurance Systems that will run your mail through Spamassassin and tell you whether it will get filtered out.

Network-level filters won't be completely useless. They may be enough to kill all the "opt-in" spam, meaning spam from companies like Virtumundo and Equalamail who claim that they're really running opt-in lists. You can filter those based just on the headers, no matter what they say in the body. But anyone willing to falsify headers or use open relays, presumably including most porn spammers, should be able to get some message past network-level filters if they want to. (By no means the message they'd like to send though, which is something.)

The kind of filters I'm optimistic about are ones that calculate probabilities based on each individual user's mail. These can be much more effective, not only in avoiding false positives, but in filtering too: for example, finding the recipient's email address base-64 encoded anywhere in a message is a very good spam indicator.

But the real advantage of individual filters is that they'll all be different. If everyone's filters have different probabilities, it will make the spammers' optimization loop, what programmers would call their edit-compile-test cycle, appallingly slow. Instead of just tweaking a spam till it gets through a copy of some filter they have on their desktop, they'll have to do a test mailing for each tweak. It would be like programming in a language without an interactive toplevel, and I wouldn't wish that on anyone.

Notes

[1] Paul Graham. ``A Plan for Spam.'' August 2002. http://paulgraham.com/spam.html.

Probabilities in this algorithm are calculated using a degenerate case of Bayes' Rule. There are two simplifying assumptions: that the probabilities of features (i.e. words) are independent, and that we know nothing about the prior probability of an email being spam.

The first assumption is widespread in text classification. Algorithms that use it are called ``naive Bayesian.''

The second assumption I made because the proportion of spam in my incoming mail fluctuated so much from day to day (indeed, from hour to hour) that the overall prior ratio seemed worthless as a predictor. If you assume that P(spam) and P(nonspam) are both .5, they cancel out and you can remove them from the formula.

If you were doing Bayesian filtering in a situation where the ratio of spam to nonspam was consistently very high or (especially) very low, you could probably improve filter performance by incorporating prior probabilities. To do this right you'd have to track ratios by time of day, because spam and legitimate mail volume both have distinct daily patterns.

[2] Patrick Pantel and Dekang Lin. ``SpamCop-- A Spam Classification & Organization Program.'' Proceedings of AAAI-98 Workshop on Learning for Text Categorization.

[3] Mehran Sahami, Susan Dumais, David Heckerman and Eric Horvitz. ``A Bayesian Approach to Filtering Junk E-Mail.'' Proceedings of AAAI-98 Workshop on Learning for Text Categorization.

[4] At the time I had zero false positives out of about 4,000 legitimate emails. If the next legitimate email was a false positive, this would give us .03%. These false positive rates are untrustworthy, as I explain later. I quote a number here only to emphasize that whatever the false positive rate is, it is less than 1.16%.

[5] Bill Yerazunis. ``Sparse Binary Polynomial Hash Message Filtering and The CRM114 Discriminator.'' Proceedings of 2003 Spam Conference.

[6] In ``A Plan for Spam'' I used thresholds of .99 and .01. It seems justifiable to use thresholds proportionate to the size of the corpora. Since I now have on the order of 10,000 of each type of mail, I use .9999 and .0001.

[7] There is a flaw here I should probably fix. Currently, when ``Subject*foo'' degenerates to just ``foo'', what that means is you're getting the stats for occurrences of ``foo'' in the body or header lines other than those I mark. What I should do is keep track of statistics for ``foo'' overall as well as specific versions, and degenerate from ``Subject*foo'' not to ``foo'' but to ``Anywhere*foo''. Ditto for case: I should degenerate from uppercase to any-case, not lowercase.

It would probably be a win to do this with prices too, e.g. to degenerate from ``$129.99'' to ``$--9.99'', ``$--.99'', and ``$--''.

You could also degenerate from words to their stems, but this would probably only improve filtering rates early on when you had small corpora.

[8] Steven Hauser. ``Statistical Spam Filter Works for Me.'' http://www.sofbot.com.

[9] False positives are not all equal, and we should remember this when comparing techniques for stopping spam. Whereas many of the false positives caused by filters will be near-spams that you wouldn't mind missing, false positives caused by blacklists, for example, will be just mail from people who chose the wrong ISP. In both cases you catch mail that's near spam, but for blacklists nearness is physical, and for filters it's textual.

In fairness, it should be added that the new generation of responsible blacklists, like the SBL, cause far fewer false positives than earlier blacklists like the MAPS RBL, for whom causing large numbers of false positives was a deliberate technique to get the attention of ISPs.

[10] If spammers get good enough at obscuring tokens for this to be a problem, we can respond by simply removing whitespace, periods, commas, etc. and using a dictionary to pick the words out of the resulting sequence. And of course finding words this way that weren't visible in the original text would in itself be evidence of spam.

Picking out the words won't be trivial. It will require more than just reconstructing word boundaries; spammers both add (``xHot nPorn cSite'') and omit (``P#rn'') letters. Vision research may be useful here, since human vision is the limit that such tricks will approach.

[11] In general, spams are more repetitive than regular email. They want to pound that message home. I currently don't allow duplicates in the top 15 tokens, because you could get a false positive if the sender happens to use some bad word multiple times. (In my current filter, ``dick'' has a spam probabilty of .9999, but it's also a name.) It seems we should at least notice duplication though, so I may try allowing up to two of each token, as Brian Burton does in SpamProbe.

[12] This is what approaches like Brightmail's will degenerate into once spammers are pushed into using mad-lib techniques to generate everything else in the message.

[13] It's sometimes argued that we should be working on filtering at the network level, because it is more efficient. What people usually mean when they say this is: we currently filter at the network level, and we don't want to start over from scratch. But you can't dictate the problem to fit your solution.

Historically, scarce-resource arguments have been the losing side in debates about software design. People only tend to use them to justify choices (inaction in particular) made for other reasons.

Thanks to Sarah Harlin, Trevor Blackwell, and Dan Giffin for reading drafts of this paper, and to Dan again for most of the infrastructure that this filter runs on.

Re:Archive Version (b/c it's a personal site)

[mayoff]

Yes, it's a personal site, but it's hosted on store.yahoo.com. They can probably handle the load.

Re:Archive Version (b/c it's a personal site)

Uh, moderators. Try modding down this pointless (and illegal) reposting of the article text. The article was submitted by the author himself. He is probably aware of the Slashdot effect and was prepared for it.

Re:IN SOVIET RUSSIA

You, sir, are my hero. A true Stalin.

Interesting Read

[rczyzewski]

I'll be curious how spammers counteract this. Probably just send more and more to those who aren't filtered. I never thought of filtering all combinations of capitalization.
My users were complaining about spam again today. I walked over to discuss it with them and lo and behold, all stuff they signed up for except 2 klez emails.

Problem you say?

[termos]

rm -fr ~/Mail
would do the trick.

Re:Problem you say?

[liquidsin]

I found a slightly better solution was just as simple to type: ifdown eth0

Re:Problem you say?

[rutledjw]

No way! That would be like turning off the TV! Except that instead of no Bachelorette and Real World there'd be no Reg, no /., no...

errr

-yank-

Stop spam?

[slykens]

Filtering is nice, I've been using SpamAssassin with reasonable results for the last few months. It has nearly no false positives but has recently been missing more. Perhaps I should update.

Anyway, I've said a few times the only way to effectively stop spam is to make it more expensive to the companies having it done. Filtering, blocking ports, refusing mail from RBL'd hosts all helps, but it will not stop until it is fully against the law and people bring legal action to stop it.

Even people who are supposed to be clueful don't get it. I got spammed to buy EZ-Pass for the PA Turnpike. I sent a nastygram to the state DoT. The keyboard monkey responded that I should look closely at the email, that I signed up to receive it. If I had a dollar for every site that claimed I signed up with them I would be rich. What an idiot.

Re:Stop spam?

[Mournblade]

Just curious - did you follow up w/ him to see *why* he thought you signed up to receive the spam? Is it possible that you inadvertantly allowed them to send you spam the last time you renewed your driver's license? I ask because most of the spams I get say "you signed up with one our partner sites" and i've always wanted to (but have been too lazy to) go back and see how far up the chain I could get.

Re:Stop spam?

[slykens]

No, it was clearly spam. The email said it was from "playgolfnow.com" or some crap like that. It *wasn't* from the state.

His response was that I must have signed up for it as the email said so, and we all know that everything on the Internet is true. ;)

Re:Stop spam?

You write to a state office, get a completely clueless reply and now ask for a legislative solution? You're quite the optimist, aren't you?

Re:Stop spam?

[Fastolfe]

While it's true that for many people, some of the spam they receive was inadvertantly "opted in", the vast majority is not.

I have a few e-mail addresses that have only shown up on sites like Slashdot, or in a newsgroup. These invariably get the most spam, and most messages contain that "You signed up at one of our partner sites" disclaimer swearing that what I'm reading isn't spam. Whatever. They're hoping that the confusion this causes is sufficient to cast doubt on your complaint, since it's hard to prove that you were or were not "subscribed" by going to some anonymous 3rd party site and providing them with your details.

Re:Stop spam?

[garaged]

You should upgrade, I use spamassasin (2.5) too, with 3 accounts, 1 in hotmail and 1 in yahoo, both with more than 8 years working, and both unfiltered, I get like 1-2 false negative spam messages at a week, and dont remember any false positive, I will make some statistic fron today, to talk with real numbers next time (i.e. not to delet all spam everyday, wish takes me like 1 minute :-)

Re:Stop spam?

[rograndom]

Filtering is nice, I've been using SpamAssassin with reasonable results for the last few months. It has nearly no false positives but has recently been missing more. Perhaps I should update.

Actually spamassassin has a nice built-in reporting tool

spamassassin -r < *mailmessage*

And if you setup it up to work with with Vipul's Razor for it's all automagically updated.

Re:Stop spam?

[Anonym0us+Cow+Herd]

and we all know that everything on the Internet is true

Especially when it is a spam!

Insightful: +1

Re:Stop spam?

[Deltan]

Correction.. spam will never stop... ever.

You say that it will stop if it's fully against the law and people bring legal action to stop it.

Last time I checked, murder was illegal, punishable by death in many states, yet it still occurs.

Re:Stop spam?

[AnotherBlackHat]

While it's true that for many people, some of the spam they receive was inadvertantly "opted in", the vast majority is not.

I think most of the claims of "you opted in" are lies designed to minimize complaints.
Of the few that are not out right lies, most of those are the results of deception.
For example, joining a cooking iling list, and automattically being subscribed to a tupperware mailing list too.
You haven't really given consent unless you did so knowlingly and willingly.

-- this is not a .sig

Re:Stop spam?

[Doc+Hopper]

I realize I'm not adding much to the discussion, but I've decided on a fun way to track who sells my names. I own the domain "barnson.org". For every place where I submit electronic mail details, they get their own account, so I have account names like "ediets-spam" (no such thing as confirmed opt-in there), "slashdot" (for obvious reasons), and more. I only use one email address per source, so if they sell my address, it's completely obvious who sold it. Pretty fun to watch what happens. If I get mail to any of these accounts that I did not explicitly agree to, the address immediately becomes a spamtrap. Whee!

Re:Stop spam?

[Mustang+Matt]

Won't spam always be more traceable than murder though?

I mean, it has to be sent across a network, if we can completely validate the users on the network I would think we could completely trace back to the abusive user.

Sure there will be networks that don't play by the rules, but they're easily blocked in their entirety.

Am I naive or is this accurate?

Re:Stop spam?

[CoughDropAddict]

Last time I checked, murder was illegal, punishable by death in many states, yet it still occurs.

People spam because it is rational to do so (or at least spammers make them think so). Very low costs, the possibility of a good return, and nothing to lose since there are virtually no spam laws.

A better comparison than murder is the practice of child labor. While it was legal it was a rational practice to engage in, because the return was high and the risk was low -- if a kid gets eaten by a machine you just find another kid. Now that is illegal the practice is almost completely extinct because it is no longer rational -- the police would come knocking at the door, which impedes the goal of running a profitable business.

Re:Stop spam?

[SmittyTheBold]

Correction.. spam will never stop... ever.

. . .

Last time I checked, murder was illegal, punishable by death in many states, yet it still occurs.

Spam is a means to an end - selling your shit to gullible people. Murder is not just a means, but an end in itself. When you want someone dead, there's not really another way around it. With spam, there's always telemarketing and pop-ups.

In addition, murder can be a crime of passion, while spamming is hardly such. I can't remember ever thinking "Oh that bastard cut me off! I'll help him increase his penis size, then give him a work-at-home job! Oh I'm JUST SOOOO ANGRY!"

Re:Stop spam?

[RollingThunder]

I can't remember ever thinking "Oh that bastard cut me off! I'll help him increase his penis size, then give him a work-at-home job! Oh I'm JUST SOOOO ANGRY!"

Man, what a time to be without mod points!

Re:Stop spam?

[AndroidCat]

A definite case of rule #1: Spammers always lie.

The keyboard monkey obviously suffered a damaging near-miss from rule #3.

Re:Stop spam?

[yourmom16]

there are hackers, who hack over a network so i dont think your logic is correct

Re:Stop spam?

[rbullo]

Making it illegal here might limit the problem, but it won't eliminate it, because the internet doesn't have political boundries. Simply pay some company in Korea to do it. You might have to do a little money laundering, but you still get the job done.

Re:Stop spam?

[PurpleBob]

So, I have my own domain, and I'd like to do that too, but I can't find any documentation on how to do it using a mail server like exim. Could you tell me how you did it?

Re:Stop spam?

[Doc+Hopper]

Well, I use Postfix. Since I sign up for these sort of things so rarely, I simply do it manually using /etc/aliases (with Postfix, /etc/postfix/aliases). I point barnson.org's MX to my home DSL line, and the OpenBSD box running as my mail server is at my feet right now. It takes an extra 30 seconds whenever I register for something, but it's been fun to watch which companies sell my information and which don't!

Here are some samples from an aliases file:

quickcooks-spam: matthew
bynarilla-spam: matthew
dietstuff-spam: matthew
beach-spam: matthew

I then run "postalias /etc/postfix/aliases" and voila! If someone sends mail to bynarila-spam on my barnson.org domain, it will end up in my inbox, with an appropriate header. If I ever get a mail to that email address which is not from bynarilla, I can be fairly certain my registration information with bynarilla.com was sold, and then immediately convert that to a spamtrap address:

bynarilla-spam: spamtrap

"spamtrap" is just an account for a mail spool with a job running against it every so often that does a "spamassassin -r < /var/mail/spamtrap" then "rm /var/mail/spamtrap". Note on GNU/Linux, the path would be /var/spool/mail/spamtrap. Anyway, "spamassassin -r" is a Razor report to end up on the global spam corpus.

This machine has a whole lot of spare cycles, so I run the job as a daemon rather than from cron. This way, I can pick up and report spams to spamassassin's Razor implementation before much more than a few seconds have gone by. My domain is very low-traffic, so this is pretty easy on the box:

----

#!/bin/bash
#
# spamtrap.sh
# A small daemon to automatically check for
# the presence of spamtrap's mail spool and report
# any messages caught there.

while [ 1 == 1 ]; do
if [ -f /var/mail/spamtrap ]; then
spamassassin -r < /var/mail/spamtrap
rm /var/mail/spamtrap # (or cat /dev/null >/var/mail/spamtrap)
fi
sleep 15
done

----

I tacked this script onto the end of my /etc/rc.local like this (doing from memory, syntax problems may exist):

# Spamtrap stuff
if [ -x /usr/local/sbin/spamtrap.sh ]; then
echo -n ' spamtrap'; su - spamtrap -c "/usr/local/bin/spamtrap" &
fi

You can get more complicated if you want to do runlevels on a GNU/Linux box or whatever. I leave that as an exercise for your imagination -- the above should work if you tack it onto the end of /etc/rc.d/rc.local on a Redhat-ish box as well.

Anyway, hope that helps. Really, your MTA is irrelevant to this kind of scenario. Every MTA I know of supports some kind of "aliases" setup (or even a virtual-hosting setup), so you just set the aliases to what you want them to go to -- your real mail account, or else some spamtrap account for later processing and reporting.

If you want more details, feel free to email me. I prefer all correspondence from Slashdot stuff go to an account named "slashdot", and my domain is barnson.org. I think you can figure out my email address. Have fun!

Re:Stop spam?

[catbutt]

Last time I checked, murder was illegal, punishable by death in many states, yet it still occurs.

Well if I got spammed fewer times than I've gotten murdered, I'd be happy.

Re:Stop spam?

[hughcharlesparker]

Yes, but I don't have to deal with 15-30 murders every morning.

Why can't we have legal restrictions on spam?

[GGardner]

Conventional wisdom seems to say that we can't outlaw spam. I don't understand why this is. My state has a do not call list. Since signing up for it, I have gotten zero phone solicitations, down from 2 or 3 a day. It is illegal to make a phone solicitation to a cell phone, and also, I get zero phone spams on my cell phone.

Some states, like California, have anti-spam laws, but curiously, they only cover spam sent from California to California. My state's telephone do-not-call list covers all calls to my number, no matter where they originate.

Now, I understand that there would be problems with international spam, but stopping domestic spam would be a huge boon to everyone. It seems like this legislation would be wildly popular, and easy to pass.

Re:Why can't we have legal restrictions on spam?

That list doesn't take effect until 4/1/03, jackass. Nice try, though, you obviously don't understand the situation at hand.

Re:Why can't we have legal restrictions on spam?

The probation board had mercy on me- now I just need to keep my numbers up.

thx

Re:Why can't we have legal restrictions on spam?

[cheezedawg]

Because the last thing we need in this country is the government telling us how and when we can send email or make a phone call.

Re:Why can't we have legal restrictions on spam?

I agree completely. People pay of bandwidth, espically with broadband connections, so it should be illegal to spam broad band connections. Just as it is illegal to telemarket cell numbers. The reason is, you are causing the person receiving the ad to pay for it. The same reasoning the used to exempt cell phones

Re:Why can't we have legal restrictions on spam?

[pbrammer]

What are you talking about? He said his state. The FCC one isn't even approved yet. Now who's the j.a.?

Re:Why can't we have legal restrictions on spam?

[dracken]

...I understand that there would be problems with international spam, but stopping domestic spam would be a huge boon to everyone...

Unfortunately, that is not a solution. It would take the slimy spammer worms one microsecond to evolve.
1 - Rent a computer and a T1 line (online ?) in XXX country
2 - Telnet/Run X desktop/Run XP remote desktop
3 - Click mouse and send spam
The only way to prevent this actively is by penalizing ISP's for open relays, prosecuting spammers based on their physical location. The best way for passively fighting it is to use spamassasin or razor and letting the companies know that any spam and users would abandon their products en masse.

Re:Why can't we have legal restrictions on spam?

[Steve+B]

Because the last thing we need in this country is the government telling us how and when we can send email or make a phone call.

In certain ways, the government does and should do precisely that. If I repeatedly call you at 4 AM to ask if your refrigerator is running or deliberately send you virus-laden e-mail, then you have every right to call upon the long arm of the law to slap down the harassment.

Spamming, being a violation of the recipient's property rights, falls into that category.

Re:Why can't we have legal restrictions on spam?

[GGardner]

IANAL, but from a legal standpoint, I don't think that gets around the jurisdictional issues. Just like it is illegal in most states to participate in online gambling, no matter where the server is, sending spam would be just as illegal, no matter where the server is. I guess that you'd have to at least set up a dummy corporation/entity in , and even then, I don't know that you've circumvented the jurisdictional issues.

Re:Why can't we have legal restrictions on spam?

[ackthpt]

Simple.

Republicans spam, too.

Re:Why can't we have legal restrictions on spam?

Nice try Karnak. How do you know what list he's talking about since he never specified what state he lives in?

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

Such legislation would indeed be very popular. It would also be unconstitutional, as per the first amendment.

The two types of restrictions that would seem applicable to spam that _would_ be legal would seem to be a) a requirement that they not be fraudulent, which doesn't stop the volume of spam at all, and b) time/place/manner restrictions, which might prevent you from getting spam outside of business hours, but cannot completely outlaw spam.

And, as you note, the enforcement would be extremely difficult, with no effect overseas.

Even something as seemingly trivial as requiring spam to be uniformly labeled as such is probably impermissible, precisely because automated filters would use the effect of this legislation to stop all spam, which would be denying spammers the right to send people advertisements, i.e. banning their speech due to the commercial content thereof.

Frankly, I'm not convinced that a do not call list is enforcible; I'd like to see if it's ever been tested in court. Bans to cell phones might be, due to the way the billing is handled, but only while they aren't ubiquitous. Anyone have any cites?

Annoying as spam is, it's a lot like junk mail. It is delivered to your property, it's your problem to dispose of it, but it's not burdensome to toss it in the trash, or hit delete. Just slightly annoying.

Lord knows, I hate all advertising of any kind -- but I'm not prepared to do stupid crap with significant repercussions just to get rid of it.

Re:Why can't we have legal restrictions on spam?

[axxackall]

sending spam would be just as illegal, no matter where the server is

So, what are you gonna do? Send the bill to many goverments? Say they are parts of "the evil axe" and apply sacntions to them? Disconnect many countries from USA (in other words, disconnect USA from the rest of the world)? Send CIA agents to find those servers and shut them down with a not-really-intelligent force (blow the server up)?

You leave in the real world, which is not perfect. If you don't like it - close the door. Applying to email - use certificates and PKI to accept only email from people you want to accept. Or use AI to do the filtering job instead of you. Nothing really else you can do. Today.

Re:Why can't we have legal restrictions on spam?

[knobmaker]

Because it would have no effect on spam. Making spam illegal in the United States would simply move the points of origin offshore.

Why would that be an improvement? No dedicated spammer would hesitate for more than a nanosecond before getting an account at a host in Panama, or wherever they would be safe from local prosecution.

The only workable solution to spam is to learn to use local filtering. Someday, I hope, we're going to learn that passing laws against stuff that annoys us only leads to unpleasant unforeseen consequences.

Re:Why can't we have legal restrictions on spam?

[waveclaw]

Conventional wisdom seems to say that we can't outlaw spam. I don't understand why this is.

Traditionally and in general, anything on the 'net that can be achived through both technical means and legal recourse is almost always implemented via the technical route.

The reasons for this are many; the major reasons are simple. While most people on the 'net have not been lawyers, most of the first people - esp. USENET users - were engineers and scientists. Such people develop a distain for legal recourse after spending (wasting) so much of their time in political and legal battles in the *real world* justifying and defending their work and themselves. Just ask any graduate student standing in line at his college Bursar's office how he feels about contracts and (non-technical) paperwork.

Furethermore, by avoiding the often easy to circumvent and hard to quantify political avenue, the solutions are usually more effecitve in both the short an long term. Many solutions, such as the Baysian SPAM filtering disscussed here, also give these technical people a chance to prove their worth or gain some small measure of fame by association with a good solution.

Remember: Conventional Wisdom is an oxymoron. There are always reasons for something, even if theose reasons are nothing but hubris and desire. It is up to you to accept or change them.

Re:Why can't we have legal restrictions on spam?

[Green+Light]

One reason why you are wrong is that many people have to pay to receive the SPAM.
Not everyone has unmetered Internet access, and they pay for each minute that they spend online. That is just one reason why this is not a free-speech issue, it is an issue of hijacked resources.

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

>>sending spam would be just as illegal, no matter where the server is
>So, what are you gonna do? Send the bill to many goverments? Say they are parts of "the evil axe" and apply sacntions to them?

Get real. We live in the real world.

A much more realistic solution is to drop bombs.

Or let them sign up for the Windows source code.

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

Such legislation would indeed be very popular. It would also be unconstitutional, as per the first amendment.

Bzzzzt. Wrong. Spammers enjoy all the free speech rights of everyone else. Go ahead. Exercise your right to free speech -- somewhere outside my inbox.

Re:Why can't we have legal restrictions on spam?

[p7]

Spam E-mail is considerably different than junk mail. It is a matter of volume. At home I receive maybe 5-15 pieces of junk mail. My home e-mail address on the other hand gets between 100-250 pieces of junk email every weekday (I have had this e-mail address for quite some time, but I don't feel I should have to change it to reduce my spam.) This is making it difficult for me to spot legitimate e-mail from non-whitelisted people. Depending on the subject the spam uses, I may have to take a look to see if it is legitimate. This ends taking some time, that I would have preferred to use doing something constructive.

Re:Why can't we have legal restrictions on spam?

[Xtifr]

Unfortunately, that is not a solution. It would take the slimy spammer worms one microsecond to evolve.

The "evolution" you describe would be useless to a US-based company (or even a company that does business in the US) if it were illegal to spam in the US. Companies that do business in the US are subject to US law (as Elcomsoft was recently forced to remember).

Re:Why can't we have legal restrictions on spam?

[TamMan2000]

a) a requirement that they not be fraudulent, which doesn't stop the volume of spam at all

ah but it would... An unsubscribe button (address, site, whatever) that doesn't unsubscribe is fraudulent. If the fraud laws pertaining to this aspect of spam were enforced, the unsubscription would be a useful thing, not a source of more spam. Depending on your interpretation of the laws, spoofing the headers can even be fraudulent. If spam had to comply to these rules, I think it would not be much of a problem, and we don't have to throw the bill of rights out the window...

Re:Why can't we have legal restrictions on spam?

[kramer]

Even something as seemingly trivial as requiring spam to be uniformly labeled as such is probably impermissible, precisely because automated filters would use the effect of this legislation to stop all spam, which would be denying spammers the right to send people advertisements, i.e. banning their speech due to the commercial content thereof.

Not true. It has never been found unconstitutional for the government to require disclaimers. What people do with those disclaimers is neither the government's problem, or concern.

Do you think Cigarette companies would put those Surgeon General's warnings on their packages if they could claim that the effect of those warnings is that people stop buying their cigarettes, and is infringing upon their legal enterprise?

Hell, the government could just as easily argue that the effect is that more people read the ads since their easier to find in the inbox. The truth is what people do with the disclaimer is their own business and not a matter of law.

Re:Why can't we have legal restrictions on spam?

[babbage]

Please take a look at my notes on last week's spam conference, and in particular the Jon Praed notes (near the end; two speakers came after him).

Praed argued, very eloquoently & persuasively (hey, he's a lawyer :) that there are laws on the books banning spam in nearly every state. All you have to do is find a way to bring those laws to your assistance. In particular, note that:

• Ever have a hard time tracking down a spammer? Ever have one that spoofed message headers? Gee, that sounds like fraud, doesn't it? Indeed it does -- much or even all spam can be considered as fraud, and as such you can attack it from that angle anywhere in the country.
• Laws are pending in various jurisdictions to outlaw spammers' bulk mail software. The catch here is that there is a lot of legitimate bulk mail software that can be abused -- think majordomo, MailMan, etc -- so any laws crafted will have to include clauses that protect legitimate use of such software while banning UCE somehow. Watch for this to develop over time.
• Suggestion: if you get spam that mentions a trademarked product (Viagra, pirated copies of well known software, etc), forward the message to the holder of that trademark. They will almost always be keenly interested in this abuse of their trade name, and will take it upon themselves to go after the spammer.
• If you are in the habit of reporting spam to an organization like SpamCop, do so as quickly as possible: spammers are getting in the habit of leaving their ads up long enough for recipients to respond to, but pulling them down before investigators get a chance to scrutinize anything. The faster these groups can analyze the sources of spam, the better the chances of getting all the way back to the source.
• Final and most important point: the precedent set by the Verizon vs. Ralsky case was very valuable to anti-spam efforts. First, that spam prosecution can be carried out in the jurisdiction that the harm occurred, not where the person doing harm was when causing it. So if California has anti-spam laws, they can potentially be used no matter where the spammer lives. Praed practices law in Virginia, so I'm assuming that their laws are amenable to this kind of application. Second point: ignorance about an ISPs acceptable use policies (AUP) are no defence in court -- certain etiquette standards have emerged over time, and it is assumed that the sender of UCE has to be aware of these standards. As a result, if your ISP has an AUP that forbids UCE, this can be a tangible protection for you in court. This is very good news!

As a lawyer that has successfully prosecuted a number of spammers, Praed was able to talk about all of this with some authority. He cautioned everyone though that laws will never eradicate spam -- as he put it, "people still rob banks since that's where the money is". But legislation & prosecution can still be a very valuable tool in fighting spam, and an important supplement to things like better mail filters. This is a big problem, and is going to need a variety of tiered solutions to control it.

Re:Why can't we have legal restrictions on spam?

[GGardner]

Very interesting. A couple of followup questions -- what are Praed's statistics? How many lawsuits, how many succesfull? Also, what are the typical results of a successful suit? Are they enough to stop a spammer, or small enough to be considered a "cost of doing business"? And if he is successful frequently enough, would there be interest in establishing a legal fund to support this activity? And can we get an interview with him on "Ask Slashdot?"

Re:Why can't we have legal restrictions on spam?

[Lionel+Hutts]

That doesn't work.

My inbox is less clearly my "property" than my front door, and laws banning door-to-door solicitation, commercial and otherwise, are unconstitutional beyond debate.

There may be a way to sneak a spam-ban through the First Amendment, but it's going to take some careful drafting and creative lawyering in the Supreme Court.

Re:Why can't we have legal restrictions on spam?

[Raffaello]

You are mistaken. Anti spam (i.e., unsolicited commercial email) laws already exist, and they are not a violation of the First Amendment.

Why? Because the First Amendment does not guarantee anyone the right to express him/herself at the cost of others. Bulk email is *not* paid for by the sender. It is paid for by all the recipients individually, and their ISPs. The costs are processor resources, and disk space, which are not at all insignificant, as unsolicited commercial email (spam) sent to US email accounts is now 40% of the total volume ! For some large companies, it is more than half!

If you watched the video of the conference (or attended) you'd realize that spam is actually threatening the financial survival of some ISPs, because of the added costs of dealing with mail that no one asked for.

When bulk snail mail is sent, the sender pays. When a person or organization goes door to door, they pay (for canvassers, literature etc.) Recipients do not pay, and that's why these are valid exercises of free speech.

However, if you went door to door every day, and wrote your commercial message on the front page of everyone's daily paper with a sharpie, you would be arrested, prosecuted, and convicted for vandalism, destruction of property (and probably being a public nuisance). Why? Again, because those newspapers are *not* yours, and the First Amendment does not give you the right to express your message *at the cost of others*.

Re:Why can't we have legal restrictions on spam?

[greenrd]

Why would that be an improvement? No dedicated spammer would hesitate for more than a nanosecond before getting an account at a host in Panama, or wherever they would be safe from local prosecution.

Because any company or entity selling the product or service in the US (or at least claiming to sell something) would be vulnerable to prosecution in the US, if the law was crafted right. i.e. "Spam is illegal. Hiring someone to spam for you is illegal." etc.

Re:Why can't we have legal restrictions on spam?

[greenrd]

So, what are you gonna do? Send the bill to many goverments?

No, uh, send it, like... to the spammer? Like Alan Ralsky for example. Anyone doing business (or monkey business) in the US is subject to US law.

You leave in the real world, which is not perfect.

Ah, but in the real world moving to another country, and stopping doing business in the US, is a major hassle and loss of profits.

Re:Why can't we have legal restrictions on spam?

[tfreport]

You are missing the point, a company using spam is doing so to make money. To make money he has to sell a product or a service. So, if he was off shores sending spam, the product he was selling would have to be shipped into the country where it could then be seized. Going offshore would not be an evolution for a spammer, it would be the end of their business model since they still need to sell the service or product. Thus making spam illegal would end spam.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

Oh, don't get me wrong -- I agree that such a thing _is_ fraudulent, and would be perfectly acceptable to attack some _specific_ piece of spam. But all that does is urge spammers to a) not lie (though they can make a sales pitch), and b) not give you an unsubscription option. That's what I meant by it not reducing the overall volume of spam.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

The thing is that the disclaimers have never been capable of permitting widespread, automated, private ignorance of speech. This is a novel issue. I think that disclaimers that would have such an effect, and which would largely be mandated precisely to enable such an effect, would not pass muster.

Note, also, that there is a difference between selling cigarettes (not a free speech issue) and advertising cigarettes (a free speech issue).

The effect of the law is of importance -- even if it will largely be carried out privately.

Re:Why can't we have legal restrictions on spam?

[axxackall]

correction: the spammer will easily prove that s/he is so naive that doesn't know that the person behind email address is living in US.

In fact, many yahoo and hotmail users live outside of US (I do!). Many other doc-com/net/org people as well. No way to say where is the person's country based on the person's email address.

Unless the address is some@ISP.us - there is no way to prove that the spammer has intended to do the business with US residents. How many people in US use email address ending on dot-us?

So, what are you gonna do - move all americans to dot-us domain? Or you gonna protect only people with non-anonymous country-domain in their email addresses?

The only way to protect my house from uninvited people is to use the door. Perhaps with the dog. So, don't waste your time on dreaming to enforce your american laws in other countries - use e-certificates and filters.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

You also have to pay to maintain a mailbox and address to receive mail which hasn't had any effect on junk mail.

The hijacking of resouces is a valid issue, but AFAICT it's rare in the U.S. at this point, and while it may negatively effect a small number of people, the effect on spammers and people who want to receive the spam is likely larger if there are more of them. Besides which, a free speech right may be more important; it certainly would seem to be, given the low cost of any particular email even in a metered access plan.

(I know that sounds dumb, but advertising is in part protected because its useful to people to be ABLE to acquire knowledge about what's for sale, etc.)

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

The fact that a law exists in no way establishes its constitutionality. Jim Crowe acts were on the books all throughout the south (and beyond) for decades, but guess what they turned out to be?

As noted earlier and elsewhere, I'm aware of the issue of spam consuming other resources, and that it might be a possible grounds for avoiding regulation being overturned, but it also might not be enough; free speech is a pretty damn weighty issue.

I'm certainly absolutely unprepared to say that speech should only be allowed if the speaker has to pay to deliver it! That's extremely chilling, and skews speech radically towards the wealthy, who already have plenty of benefits.

The First Amendment DOES allow you to speak at the cost of others, the issue is the weighing of the cost v. the importance of free speech.

Re:Why can't we have legal restrictions on spam?

[knobmaker]

I fear you underestimate the cleverness of spammers. Were I a spammer faced with a law crafted to your specs, I would hire offshore "retailers," and claim that they were spamming on their own behalf. I would be dropshipping product from my warehouse in the United States, a common legitimate business practice, and I would be unlikely to be selected as a prosecutorial target. If I were charged under the statute, I could argue most convincingly that I was not liable for the sales practices of my retailers in Nigeria, any more than Seagram's is liable for the sales practices of bar owners.

It's a pointless can of worms. Worse than that, we should all fear the creation of a law enforcement bureaucracy dedicated to deciding which email is legitimate, and which is spam. This is at its heart an issue of personal responsibility. It may annoy the dickens out of you that your time is wasted by spammers, but there are personal solutions that will work much better than any government program.

So get some filters working, and quit looking to the government to make life perfect.

Re:Why can't we have legal restrictions on spam?

[Jadrano]

It's not just about the US, in many European countries spam is illegal already now (clear cases are Norway and Austria), and the European Union as a whole has decided to outlaw spam, it should be implemented this year. I don't know exactly about the situation in East Asia, but I don't think the Chinese and Koreans like it too much that their resources are misused for sending spam all over the world, so they could follow soon. Yes, there certainly will be some smaller countries where spam is still legal, but once spam is illegal in the European Union, the United States, China and many other big countries no one who has sent thousands of spam mails to harvested addresses can reasonably claim that he or she believed that all the addresses were only of people in a few offshore countries.
Furthermore, the US American conception of law has, as far as I know, the principle of being applicable exterritorially, which is in general quite controversial, but could be useful here - it would probably be possible to forbid any companies that do business in the US to send spam, even if the spam is only sent from other countries and only to people living outside the United States.

Re:Why can't we have legal restrictions on spam?

[knobmaker]

Okay! Just like making drugs illegal ended drug abuse!

There may not be much point in arguing against such simplistic ideas. But consider that there will not be the sort of clean simplicity you hope for in any bill crafted by Congress. There will be numerous loopholes designed into the legislation, for the benefit of major corporate campaign contributors, who have their own forms of spam, which are becoming increasingly important to their marketing strategies. Is spam from GM or the IRS really any less annoying than spam from Nigeria?

Re:Why can't we have legal restrictions on spam?

[Jadrano]

Yes, freedom of speech is a weighty issue, but why should it be in danger when everyone can put up a website about anything (be it penis enlargement, low mortgages, teen sluts or perhaps even a more sensible subject) at no cost (if they put up with ads) and anyone who is interested in that can find it with a search engine?
There seems to be some cultural gap between Europe and the United State in that matter, I think in Europe very few people would degrade the principle of freedom of speech to such a formal notion about the media with which one should be able to spread unwanted data, but I suppose there are enough Americans, too, who think that freedom of speech is about the right of people to make their opinions public and the right of people who are interested to access this material.
I find it odd that while there is such insisting on issues about how one should be able to transmit information, restrictions on content seem to be accepted more easily. Laws against obscenity in the United States are much stricter than in many other countries and repression for political views unfortunately isn't over after the McCarthy era, now there are again reports about people being questioned because of "un-american material": The New McCarthyism, Novel Security Measures...

Certainly, the United States isn't the only country with such problems, but I find it strange that, while there are such real issues, again and again Americans think it could be a big problem for the freedom of speech when sellers had to wait for interested people coming to their website rather than waste the time of millions of people who aren't interested (well, maybe even a DOS attack should be protected by the First Amendment because even if there are so many of these data packets, they're all free speech that has to be protected as long as they aren't un-American). I haven't ever heard someone outside the United States seriously seeing the regulation of damaging advertising methods like spamming as a matter of free speech - it's a matter of business regulation, and there are much more important things for people concerned about free speech to worry about.

"There are reminders to all Americans that they need to watch what they say, watch what they do, and that this is not a time for remarks like that. - It never is" - White House spokesperson Ari Fleischer

Re:Why can't we have legal restrictions on spam?

[RobertoTenore]

While everyone comments on the technical difficulties of stopping Spam, what nobody seems to realize is this: every piece of Spam contains contact information for the person who benefits from it. If it did not, it would be useless as Spam. Every single putrid "Mortgage rates have never been lower!" contains contact information for a mortgage broker that authorized, and paid for, that piece of Internet Pollution.

If we ever have the courage to make such Spams truly illegal, then real, honest-to-Gawd legal action can be taken against every so-called "business" that stoops this low. Their only legitimate defense would be, "Gosh, we didn't pay for that! Somebody sent out that ad promoting us that without our knowledge or authorization!" And when the DA subpoenas the books and the bank account for that spammer scum, you've got them for perjury, as well as spamming.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

Well, I'd argue that content based restrictions on speech are fairly limited. Yes, the US is fairly puritanical with regards to obscenity, but beyond that and fairly minor stuff, e.g. libel, we're pretty good. What you seem to be objecting to is more of what happens on the ground. But that's like saying that we allow criminals free reign because crime _occurs_. You're forgetting about remedial action. I do read the New McCarthyism page, and I don't care for much of what I see -- but if the alleged victims don't pursue a remedy for the wrongs inflicted on them there's little to be done. I'd like it if people acted better, but that's not the end of things.

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

Baloney. My inbox is clearly my property. No lack of clarity about it. Every bit as much as my telephone, my fax machine and my front door are my property.

Takeaway points:

1. Junk FAXes ARE regulated -- constitutionally
2. Telemarketers are regulated -- constitutionally
3. Billboards are regulated -- constitutionally
4. Door to door solicitation is regulated -- constitutionally
5. Similarly, junk e-mail can be regulated -- constitutionally

One is free to exercise one's free speech rights at their own expense. Spam is at my expense. If you have a message, commercial, political, whatever, you are free to advertise it on TV, put up a billboard, on the side of a bus, etc. You can stand on the street corner and hand out flyers, put them in store front windows (with owner's permission). Or wonder or wonders, create a web site!

The DMA must think it is a shame that the writers of the constitution did not see fit to impose a duty on everyone to actually have to listen to your free speech. Indeed the purpose of free speech is to make sure the government cannot suppress political discussion that it might not like.

Just an aside: Banning forged e-mail and e-mail served through open relays is not a free speech issue. But I'm primarily focusing on a non-existant, hypothetical kind of spam from a known sender, not sent by illegal means (computer intrusion).

Similar to shouting fire in a theatre, nobody has the free speech right to stand up and start shouting their advertising message in a theatre either. That's the rub, their rights end where my rights begin. Ultimately this is what the governed want.

As for door to door solicitation, it seems that I can legally put a No Solicitors sign on my door and legally have a cause of action against any solicitors.

Perhaps a standardized, simple "No Solicitors" header added to the initial SMTP handshake should be legally recognized to give you a cause of action to recover monetary costs plus punitive damages. A less ideal, but equally effective solution would be to simply require spam to be flagged as such, with a criminial penalty attached. The latter idea would still cost me my bandwidth, plus the cost of supporting all of the bandwidth in the infrastructure, but it would have the same effect of completely eliminating spam. (Why? Because everyone would universally filter it, making it unprofitable.)

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

Similar to shouting fire in a theatre

You do realize that a) the case that made that point is no longer good law (it's been overtaken by Brandenberg), and b) was making a point about speech that very directly and unusually threatened people's lives, as opposed to be being a mere nuisance.

I really loathe the shouting fire thing because it is no longer meaningful. And also because people always leave out the 'falsely' and forget what a firetrap a theather was in the early 20th century.

The PROPER law would be: you cannot say something that 1) is intended as an incitement to unlawful action, if 2) such action is likely, and 3) imminent.

Ultimately this is what the governed want.

That's by far the worst argument you could have possibly made. The governed have also wanted, at various times, only protestantism to be practiced, unpatriotic speech to be banned, competing political parties to be harassed, etc.

The entire POINT of the First Amendment is to remove the ability to limit important freedoms of minorities from the hands of majorities. We could hold a vote in this country right now on whether pornography should be outlawed and there'd be a good chance that people would vote for it to be. (if only because whatever their actual feelings, people would be concerned on how their neighbors perceived them)

The effect of the First Amendment is basically to say 'tough titty.'

This is an absolutely great thing. The fact that you might dislike or even be offended by some of the speech that others thus can freely direct at you is irrelevant with regards to preventing them from speaking.

A less ideal, but equally effective solution would be to simply require spam to be flagged as such, with a criminal penalty attached. The latter idea would still cost me my bandwidth, plus the cost of supporting all of the bandwidth in the infrastructure, but it would have the same effect of completely eliminating spam. (Why? Because everyone would universally filter it, making it unprofitable.)

And that last sentence is precisely why I think that government-mandated spam labeling would be unconstitutional. The government cannot deliberately use private action as a catspaw for acts that would be unconstitutional if it did them itself, as banning spam altogether certainly would be.

Speech CANNOT be banned (barring insanely extreme circumstances almost never seen, and a few exceptions unhelpful to you) based on its CONTENT. This is fundamental. It has apparently escaped you.

Thus spam has to remain unlabeled. It can be regulated as for _fraud_, i.e. in that it cannot be actively misleading or untruthful, but that doesn't require that it actually announce itself as spam either. Only that it not claim to be anything else, not that it need claim anything at all. And this is beyond the level of a mere hard sell, or sales puffery. Libel could also be regulated, but that will be ineffectual against most spam.

Situations where it might need to bear other labels (e.g. FDA nutritional information) are not targeted at it as spam, nor are they intended to chill speech, as you intend. They're a fairly rare exercise of a police power (i.e. promoting public health and safety) and couldn't expand too much anyway. This is about the furthest that state imposition on commercial speech can manage constitutionally, and it's still worth arguing about to make sure that it doesn't become dangerous.

Besides which, your solution is worthless even if it were implemented. Spammers will pick up and move to other parts of the world more freedom-loving than an America that would kick them out would be, send it in, and you'd never stop them through these means without attempting censorship on the scale of China. Would you sue ISPs for blindly carrying that traffic -- or would you prefer the costs and architecture changes and privacy infringements to get them to read your mail before passing it on?

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

You do realize that a) the case that made that point is no longer good law (it's been overtaken by Brandenberg), and b) was making a point about speech that very directly and unusually threatened people's lives, as opposed to be being a mere nuisance.

I see the light. The whole purpose of free speech and free assembly is to ensure that some people could harass other people. Especially as new technology emerges.

If junk faxes, telemarketing and door to door con men can be stopped, so can spam.

I simply disagree, as do most people, that this has anything to do with restricting free speech. Spammers are perfectly free to exercise their right to free speech. They can't make me listen. And they cannot do it at my expense.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

Who's saying you have to be harrassed. If you don't want spam then you should give spammers a reasonable notice not to give you any. This is akin to posting a 'no soliciting' sign -- it only works if you actually post it, and solicitors could reasonably be expected to see it.

Managing to post such a sign on your email account is, of course, an exercise for the reader.

HOWEVER, this does not stop solicitation generally. It cannot.

It is what's called a time, place, or manner restriction. A law could be passed restricting telemarketing from certain hours, but could NOT ban it or have the effect of banning it altogether.

You could prevent people from soliciting at your house, but not when you're out walking in public.

One of the consequences of a free society is that you are going to have to -- unless you remove yourself from it by living reclusively -- be exposed to competing points of view. This is not necessarily a bad thing; and it's certainly better than any alternative I can think of.

Can spammers make you listen? No. I've never said so. But that does NOT mean that you can make them stop spamming altogether so that you don't have to be troubled to not listen.

As for expense, it's minimal. I would argue that the effort spent in throwing out junk mail is worth more. This is by no means the situation with faxes where paper and toner are being consumed, so don't go pretending that it is.

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

Who's saying you have to be harrassed. If you don't want spam then you should give spammers a reasonable notice not to give you any.

By the very nature of spamming, this is harassment. No such notice will ever be binding on the spammer. Spammers are harassers. Legitimate users of bulk e-mail are opt-in.

Let's even skip through a lot of crap and assume that we're only talking about spam that is for legitimate, legal products, that properly identifies the sender, has a valid working "remove me" function, and is not sent through hijacked third party mail servers.

Even in this case, spam can be regulated. The regulation can have the effect of basically making spam go away. If the legimate spam I describe above was required to include an additional mail header to identify it as spam, or some tag in the subject line -- the regulation would be valid -- and the net effect is that spam would disappear.

Managing to post such a sign on your email account is, of course, an exercise for the reader.

Earlier I mentioned this. It could be done at the SMTP connection. If the SMTP server offers a NO-SPAM notice, in a standardized fashion, spammers could be legally required to honor it.

It is what's called a time, place, or manner restriction. A law could be passed restricting telemarketing from certain hours, but could NOT ban it or have the effect of banning it altogether.

There are time, space and manner restrictions on other forms of marketing. If spam cannot be outright banned, it can effectively be banned as I have suggested above. If there were criminal penalties for forged, non-identified and sent through hijacked server spam, and labeling requirements, then spam would effectively be banned -- as only "legit" spam would be left, and everyone would filter it.

One of the consequences of a free society is that you are going to have to -- unless you remove yourself from it by living reclusively -- be exposed to competing points of view.

I don't even know why you say this? I nowhere suggested anything to provoke this. I'm in fact open to other points of view. That doesn't mean that anyone should have to accept spam. This statement you make has no logical connection to the topic.

As for expense, it's minimal

That is irrelevant.

I would argue that the effort spent in throwing out junk mail is worth more.

Spam cannot be compared to junk mail. I can effectively put a stop to junk mail, and have done so. If I get some of the things I junk mail that I get via. spam, I can call the Attorney General, the FTC, the Postmaster General and probably others.


At this point, it seems futile to continue. I don't see this as a free speech issue. Speech can be and is restricted with the blessing of most of society in ways that are beneficial to society. The restricted speech is not outright banned, but effectively is convined to venues that society sees fit. Pornography cannot be banned outright, but can be regulated.

Junk faxes are banned. You mention not pretending about toner, paper, etc. But spam consumes a SIGNIFICANT fraction of ISP's bandwidth. Just ask them. This is a high cost that everyone pays for.

You are entitled to your view. But in mine, spam can and should be banned or effectively regulated out of existance with severe criminal penalties. You are, of course, free to opt-in as you see fit.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

No such notice will ever be binding on the spammer

The only way that a no solicitation notice in real space is binding on someone is that you post it, they violate it, and you bring suit or file charges criminally for the violation.

Likewise, if you think that where you reasonably notified spammers that you don't want spam will be violated, your recourse is IDENTICAL.

No one sues solicitors who respect no solicitation signs, because the situation never arises. Your claim implies that you could never effectively stop spam through legal means (which I agree with), so it's useless to try. Nevertheless, that means that the penalties you mention later would be ineffective as well. Either it works for both or it works for neither. You can't have it in the middle.

The regulation can have the effect of basically making spam go away. If the legimate spam I describe above was required to include an additional mail header to identify it as spam, or some tag in the subject line -- the regulation would be valid -- and the net effect is that spam would disappear.

A law aimed at such an effect is unconstitutional. Even the most restrictive t/p/m regulation HAS to let the speech come through sometime, someplace, somehow.

To make an analogy, you are saying that if someone at your dinner table brought up a disgusting subject that you'd just kill them. I'm saying that I might tell them not to discuss that while people are eating, but that they certainly could discuss it at a more opportune time.

The tagging regulation just will not be legal PRECISELY because it would be effective. It's too effective. Dangerously so.

If the SMTP server offers a NO-SPAM notice, in a standardized fashion, spammers could be legally required to honor it.

That could work. Try that instead.

I'm in fact open to other points of view. That doesn't mean that anyone should have to accept spam.

Spam, first, is content neutral. There have been commercial spams, but there have also been religious and political spams. I hate getting forwarded unsolicited jokes, I'd call them spam-like at the least, and they're expressive speech too. Banning spam bans a great deal of stuff, since spam is not well-defined.

But even if it IS well-defined, the point of view that you need to Make Money Now is still a competing point of view. The Court has been protecting commercial speech very nearly as much as any other ordinary type for decades, because it recognizes that the mere commercial nature of speech doesn't exclude it from the aptly named marketplace of ideas.

[Minimal expense of deleting spam] is irrelevant

I forget which, but one S.Ct. case mentioned that Free Speech meant that people would have to manually take unwanted mail from the mailbox to the trash can, and that it was an unavoidable aspect of our freedoms, and not an unbearable burden for the benefits we receieve.

That's how it's relevant.

Incidentally, note that I hate spam. I hate all advertising, much more than most people. I've filtered my 'net experience so greatly that I hardly get any ads at all.

BUT what I personally do in my private life doesn't, I feel, give me the right to go around telling other people that they cannot say things merely because I don't like it.

The burden on avoiding unwanted content is on the individual; the state is not a valid mechanism for assisting him, saving in preserving his ability to so escape it where not burdensome to free speech.

Re:Why can't we have legal restrictions on spam?

[Anonym0us+Cow+Herd]

You're blurring or expanding the discussion by introducing the unwanted content argument.

A forwarded joke may be annoying, but is decidedly NOT spam.

I'm sticking to a discussion of spam. I'm even narrowing the discussion (not expanding it) to the hypothetical kind of spam that identifies the sender, offers a working remove function, and is not sent through hijacked third party mail servers.

In short we disagree.

Free Speech is about the public being able to freely gather, express and exchange ideas. For people to freely express their views.

You mention bulk snail mail. This is not the same. This costs the sender. Spam costs the sender virtually nothing, and costs the receiver significantly. And don't pretend that the cost is minimal. If it were, people wouldn't be complaining about it. I have to pay for the 50% extra infrastructure that ISP's claim is eaten up by spam. My time is money. Because of the real cost to send snail mail, I get a limited amount of it. Any idiot can decide to spam. The barrier is very low. Spammers don't send postal mail because (1) it would cost them too much, (2) postal mail is very well regulated and most spam content would be clearly illegal.

Commercial speech is not a free speech issue, and niether is spam. There was recently a Nike case about this issue.

Spam can be legally regulated or even banned. Spam has absolutely zero overlap with what the constitution protects as free speech.

I think I have expressed my view clearly. Feel free to disagree. I'm not really interested in expanding the discussion away from the hypothetical kind of spam I mentioned above.

Re:Why can't we have legal restrictions on spam?

[cpt+kangarooski]

You're blurring or expanding the discussion by introducing the unwanted content argument.

A restriction on spam is arguably not content neutral. Therefore it will be reviewed in such a way that if the restriction is overbroad and would bar content that is not spam, or is underbroad, and would not bar content that is spam -- it is unconstitutional.

Thus it is of critical importance that such a restriction touch all and only spam, or else it would inevitably be struck down.

If the problem identified is too much traffic or too much time spent pruning one's in box, a restriction on spam alone as you have defined it, is underinclusive -- unwanted forwarded joke traffic, etc. pose the same problems. A ban on spam solves nothing. This is fatal. The ban is also underinclusive because it will have zero effect on stemming the tide of international spam.

While you might defend anti spam laws as being aimed at their collateral effects, the truth is that the motivation for a ban is a dislike for the crass commercial content of the ads. See for example, the Tinker case, where a school sought to ban armbands protesting the Vietnamese War. The school claimed content-neutrality, in seeking to avoid disruption. But truly they only cared about anti-war sentiment, and this was indicated by not banning other potentially disruptive ideological symbols among students.

Commercial speech is not a free speech issue, and niether is spam. There was recently a Nike case about this issue.

Your confidence in the Nike case is misplaced -- it has been granted cert by the S.Ct. and may be overturned. That case is effectively out of play since no one knows what the resolution will be.

Instead consider the current line of commercial speech cases: Virginia Pharmacy (holding that commercial speech is entitled to first amendment protection because of society's interest in learning about commercial information); Linmark (holding that the govt. has no interest in keeping people ignorant, i.e. from learning truthful commercial information); Central Hudson (that the govt. can only regulate where the regulation directly advances a substantial govt. interest, reasonably tailored to achieve that interest).

Among other things, this demands that the government have a reasonable chance of success at achieving their aim, which is utterly lacking in the case of spam. Lorillard Tobacco.

AOL or Hotmail adopt?

[twemperor]

I really like this analytic approach. I've been using Hotmail's spam filtering, which merely removes e-mails from addresses not in my address book. While this is most of the time effective and very easy to implement, there does seem to be a major problem with false positives. ie I give my e-mail to someone, who's not in my address book.

Does anyone think AOL or Hotmail could start using such a system as the one outlined in the article?

Re:AOL or Hotmail adopt?

[b0r1s]

Hotmail has more advanced filtering, as does yahoo, you just have to be aware of it to notice.

Specifically, if your address does not appear in the To: or Cc: fields, Hotmail will assume it is "Junk" by default, until you tell it otherwise. This stops spammers from creating a single alias on their server, and mailing only to that alias (a common way to get around the other blocks, which target emails with hundreds of recipients).

Yahoo does similar things, I've never used AOL so I don't know what they do.

Re:AOL or Hotmail adopt?

Idiot! Just set your Hotmail filters to let through only the people in your address book AND those emails that have a keyword of your choice in the subject, say "nutbar". Then when you "give your email to someone who's not in your address book", tell them that they have to put "nutbar" somewhere in the subject and that this is only a temporary measure until you add their address to your book. If you have a website, you can explain all this on a contact page. Email harvesters may pounce on your mailto: but they wont have the smarts to record "nutbar" as well (unless you foolishly make it part of a ?subject= string), and any site visitor who's too stupid to follow instructions isn't worth hearing from anyway.

Re:AOL or Hotmail adopt?

[Anonvmous+Coward]

"Does anyone think AOL or Hotmail could start using such a system as the one outlined in the article?"

No. My problem's with the senders, not the messages. What Hotmail should do is send back an email saying "Your message has been rejected because you have not been authorized by this user. If you'd like to request authorization, click here and follow the instructions."

When they properly fill out the form, you get a message saying "so'n'so wants to send you a message. Interested?" and you can say yes/no. If you say yes, they get added to your address book and they can email you until you remove them from it.

With this approach, it requires a valid return address before the message can possibly get to you. That means you're able to tell the person to remove you, unlike today's 'send anything to anybody' system.

If Hotmail did that, I'd actually consider paying for their service.

Re:AOL or Hotmail adopt?

[spleck]

I'd be unwilling to pay for a service that would accost me with dozens of permission slips daily. You still need some way to filter who can get a message (or request) to you. This technique could only hope to do half as well as effective filtering if it included a check to make sure the person requesting permission is human.

Re:AOL or Hotmail adopt?

[Anonvmous+Coward]

"I'd be unwilling to pay for a service that would accost me with dozens of permission slips daily."

I doubt that'd happen. There'd have to be a human on the other end trying to get your message through. That person's not sending SPAM to lots of people if he has to fill out a form of some sort every single time to get a message through.

He/she wouldn't be able to automate it either if they set it up properly. If everybody picked their own 'key word' and rotated them once in a while, and then wrote their own little description of how to arrive at that keyword, then they'd have to figure out everybody's registration manually.

"This picture has three flowers in it, what color is the flower in the middle?"

Until they get that question right, you're not getting a 'permission slip'. Chances are, they won't even try to fill out the form because they'd have to do it for everybody.

Re:AOL or Hotmail adopt?

[Student_Tech]

I use hotmail (sometimes) and my account is set to the second most strict junk mail setting, right bellow only allow these emails through. I look at the spam I get and they are either: A: sent from a non-existent domain (junk.837 for example, and yes they use numbers for their TLD) or B: have < - - J - - > (where J is some capital letter) in them so mozilla doesn't show it but the viewing the source shows it. I like the idea of this filtering, or even filter by content because I could catch 90% of the spam I currently receive on email address that I haven't given to anybody.

Re:AOL or Hotmail adopt?

First, hotmail would have to hire some
ppl in its support dept who understand
SMTP....

Re:AOL or Hotmail adopt?

[Zeinfeld]

No. My problem's with the senders, not the messages. What Hotmail should do is send back an email saying "Your message has been rejected because you have not been authorized by this user. If you'd like to request authorization, click here and follow the instructions."

This sounds like a good idea, only there are quite a few inconsiderate sons of bitches (the self important Dan Berstein for example) who abuse this type of scheme sending you a reply notice every single time you send him a message.

Over the past 2 days I got 86 SPAMs and 3 bounce back messages indicating that my email address had been hijacked by a SPAMmer. What this proposal would do is to cause me to receive in addition annother 50+ rejection messages from email I did not send.

Clueless attempts to work arround spam are causing almost as much harm as the spam itself. When the Real Time Blacklists for open relays started lots of people cheered, unfortunately a lot of the blacklist maintainers now use them as a tool for private censorship rather than to list open relays as originally claimed. SPEWS is currently listing all UUNET domains in an attempt to blackmail UUNET into dropping a site the maintainer disapproves of. No recourse, no accountability, no due process, not even an email address for complaints.

What we really need is an authorization infrastructure so that you can tell that a message definitely did not come from me. At present we only have S/MIME which can demonstrate that the message came from me but does not provide proof for the converse.

With an infrastructure of that type in place it would not be necessary to manually process every single entry. For example Hotmail, Yahoo and the other major ISPs all perform rate limiting on the emails that they send out and on account signups, so you can be reasonably sure that mail sent from those accounts is not spam. The spam you get purporting to come from AOL or Hotmail is actually forged.

Re:AOL or Hotmail adopt?

[Vainglorious+Coward]

Aside from the sheer annoyance value to users (on both ends) of such a system, how is it going to cope with automated (and wanted) email where the sender is a program, not a person? When I sign up to a new distribution list, I don't necessarily know in advance what the headers are going to look like, so I can't pre-white list it before signing up, and the sending DL-software sure as hell isn't going to be able to tell the colour of the flower in the middle. I suppose I could look for other mail headers which indicate it's a list message and white-list that way, but then that's an open invitation for spammers to use the same technique to circumvent your filter.

The spam problem cannot be solved from the client side alone (I'm tempted to say you can't fix a social problem with a technical solution); the ultimate solution will have to remove the incentive for people to spam in the first place. Client-side filters may add to that dis-incentive a little, but not much (only a minority will be using filters). See, spammers don't really care about recipients who are using filters - such people are not likely to fall for the spam anyway. We need a solution that makes it financially untenable to operate a spam business in the first place. And no, I don't have a better solution (no-one does yet - this problem is hard), but I do know that client-side filtering alone is never going to be good enough.

Re:AOL or Hotmail adopt?

[Anonvmous+Coward]

"Aside from the sheer annoyance value to users (on both ends) of such a system, how is it going to cope with automated (and wanted) email where the sender is a program, not a person?"

First, I would counter that it's not an annoyance that people haven't gone through before. ICQ has it, reputable registration places have it, etc. Headache or not, at least you have a sure-fire way of blocking somebody who's being onoxious. As for automated email, you bring up a good point.

What I do in that case is I make an alias that the automated mail can get sent to. 'Slashdot@mydomain.com'. Anything that's sent to that address gets through, and obviously I'm not going to be using that email elsewhere. If Slashdot were to sell my name somewhere, then all I'd need to do is shut down that alias.

Is that useful for Hotmail? Initially, no. They could implement sub-domain use, though. So I could have the address Anonvmous_Coward.Slashdot@hotmail.com, for example. Plus, Hotmail could give me a nice interface for that and all would be good.

That's what I do today. It may not be the perfect answer, but basically what I'm doing is I'm assigning a single address intended for a single user that can be turned off on a whim. It wouldn't be necessary to get an email from them for it to work. I have my own domain so I've been able to play with all this. It's amazing how little spam gets to me now.

" We need a solution that makes it financially untenable to operate a spam business in the first place."

That's why I suggested what I did. It needs to be set up so that somebody can't send me anything until they are authorized. It'd require a human being on the other end working to get my attention personally. If it requires a human for each message sent, then suddenly it gets rather expensive to market that way.

Re:AOL or Hotmail adopt?

[Vainglorious+Coward]

I would counter that it's not an annoyance that people haven't gone through before

I can think of plenty of occasions when I've sent a message, that if I got back a "jump through this hoop" response, I would just say, "screw that, it's your loss that you didn't get my message". That obviously doesn't apply to double opt-in lists that I'm actively wanting to receive, but how about the email I send you telling you your webserver is not secure? There are many occasions where the message is more important to the recipient than the sender, and TMDA type systems often fail in those situations.

It needs to be set up so that somebody can't send me anything until they are authorized

OK, your choice, but recognise that you are fundamentally altering the nature of mail when you make this decision - it will interfere with your communications and it will cost you more in time and complexity. You may well get less spam, but you will also not receive other messages that you may have wanted. More importantly, not everyone else is going to make the same choice; without widespread adoption, the technique isn't going to solve the problem globally. TMDA is great for lists and similar niches, but I don't think it's a solution for all email communications.

Re:AOL or Hotmail adopt?

[Anonvmous+Coward]

"That obviously doesn't apply to double opt-in lists that I'm actively wanting to receive, but how about the email I send you telling you your webserver is not secure? "

You're talking about the difference between a private email address and the address of somebody doing business on the web. You don't expect an automated message when you email your friend saying "your message has been recieved, expect a response in 48 hours..." do you? I'm trying to solve private e-mail problems here, not corporate. If 'global' situations existed, then everybody'd have auto-responders like that to let people know the message wasn't typo'd or something.

The point I'm making is that a webmaster (or anybody who wants to be contacted from their website) has a seperate responsibility to make it easy for you to reach him/her. Though it's a good example of a situation where that might break, it's also an example of an unlikely scenario. Frankly, I'm not trying to solve his problems. But you know what? I'll take a stab at it.

Webmasters get spam all the time. There are bots that go through every domain listed and send an unsolicited offer to webmaster@domain. So how woulud this be useful to a webmaster who also has to watch out for people with legitimate complaints? If he uses a filter, he risks losing an important message. If he uses no filtering at all, he/she risks deleting the wrong mail, or even losing important messages in a sea of junk. (I've had that happen) You're right that it isn't reasonable to expect somebody notifying him of a site problem to jump through too many hoops. In that case, though, all you really need to know is that there is a human on the other end. If you send a mail to webmaster@whereever.com and you instantly get a message back saying "There are 5 images below. Click on the red flower and your previous message will go through." They click on a URL, if they click the right one then the server knows what to do. The user doesn't even need to send a message. If they click the wrong one, nothing happens. No biggie. As long as it's explained to the user why that's in place, it's not a big deal. If that's unreasonable to the person emailing the webmaster, then I don't know what to suggest. I can't please everybody, nor would I attempt to try. It would be up to the webmaster to say "Well, I got too many people sending me messages but not following through, I shouldn't use this scheme anymore." I wouldn't blame him for it.

"There are many occasions where the message is more important to the recipient than the sender, and TMDA type systems often fail in those situations."

Valid point. I won't argue that. Me personally, I don't care. If somebody has an important message to me, but can't get it to me because of a step I put in the way. Tough nuts. I'm in the same boat without it. I risk losing their message to a filter, I risk losing their message to a full inbox, I risk never getting the message because of a broken connection somewhere. Few people treat e-mail like it's reliable. If this system causes somebody else not to recieve an important message, then it's up to them to not use it. No biggie. I'm not going to put a gun to their head.

"... it will interfere with your communications and it will cost you more in time and complexity."

You mean like spam is? Would so many people get their panties in a bunch over SPAM if it didn't create unwanted complexity or time in their lives? All it takes is a little understanding. "Im sorry, but the steps I'm forced to take to fight spam are causing me to lose messages. In order to guarantee your message goes through, then take this one time step."

"TMDA is great for lists and similar niches, but I don't think it's a solution for all email communications."

I disagree. Instant Messaging is extremely popular today, and the ideas I'm expressing here are borrowed directly from how it works. I'll concede that there are challenges. None of them are unsolvable, whether they be fixed through innovative UI or by training society.

Re:AOL or Hotmail adopt?

[Vainglorious+Coward]

I'm trying to solve private e-mail problems here, not corporate

I'm saying it's not possible to disentangle the two without weakening the effect you're after (a disincentive to spam). We all use SMTP. It's the same mail systems, transport mechanisms and protocols whether an email is "personal" or "business". Any global "solution" to the spam "problem" (not everyone using mail even agrees it is a problem) has to be one that works universally, not just for certain types of communication. And it also has to deal with those who deliberately subvert and break protocols (I'm sick to death of spam mailers that will simply ignore SMTP 5xx Permanent Fsck 0ff -type errors and will bang on your mail server several times a second until you drop them at your firewall). It's not that I disagree with anything you write, but as you wind up hinting yourself, this is an issue that is unlikely to be solved by technical tweaks alone. The reason I find Paul Graham and the others' work interesting, is that they're trying to defend against the message itself, because that will always be there, regardless of the delivery mechanism. Protocol tweaks will never keep up with modifications to delivery techniques (cf when did IPv6 first start going through committees? How many years away is it still?).

I actually use many of the types of technique you've been describing, but not on my personal accounts (which fortunately don't really suffer the problem, good hygiene in the first place etc). Many of my users are not so fortunate. I can't see myself putting TMDA-type barriers on my personal account. It would seem, well, rude. But as the admin of a mailing list with thousands of recipients, it would be rude bordering on negligence not to take basic anti-spam precautions, and that includes TMDA for subscription and submission.

Re:AOL or Hotmail adopt?

[Anonvmous+Coward]

"I can't see myself putting TMDA-type barriers on my personal account"

I can, but the main reason is that I already have the contact info and can put the people in it without them having to lift a finger. But that's just a difference. Heh. I think we understand each other clearer now.

Cheers, man.

Re:AOL or Hotmail adopt?

[bogdanx]

that already exists...

http://smarden.org/qconfirm/ and http://www.palomine.net/qdated/ can both do that (in slightly different ways)

Spam needs a global solution

[PhysicsGenius]

Fighting spam as individuals isn't going to work, there are always going to be ways to get around filters and such. I think the problem needs a mathematical treatment at a global level and I would like to suggest a basis for that treatment.

First of all, let's realize that email is communication is data transmission. Spam is noise. This immediately brings to mind Claude Shannin's work on information and entropy. He made it very clear that noise can be reduced to a level that is O log(n) that of the information transmitted. This means that as we have more and more email out there, we are going to get more and more noise, unless we change something.

Let's go back to the definition of information. Basically, it's stuff that nobody knows about. If it is surprising to you, it is information (in non-technical language). That suggests that perhaps the information content (and therefore spam) could be reduced if, instead of secretively emailing our friends individually, we CC'd them on all our missives. This would make the amount of information lower (since people would be less surprised by our further revelations, having seen the foregoing matter) and therefore spam might even be eliminated.

Re:Spam needs a global solution

[notsoanonymouscoward]

This makes no sense to me... spam to me is primarily 1) friends sending stories, jokes, quizzes, etc... or 2) someone trying to sell you something. now if we all cc'd everyone on everything, we'd have even more spam by my 1st definition of spam, and it wouldn't affect the 2nd definition at all. how is this supposed to help?

Re:Spam needs a global solution

[dacarr]

Imminent death of the net predicted!

Re:Spam needs a global solution

[ChaosDiscord]

This makes no sense to me... spam to me is primarily 1) friends sending stories, jokes, quizzes, etc...or 2) someone trying to sell you something.

You might want to change your definition. More common definitions are "Unsolicited commercial email" or "Unsolicited bulk email". Your definition looks like "Email I don't want to get". That's a tough rule to enforce using any system.

That said, the nice thing about your first spam category is most of them will stop copying you on that sort of junk after a "Thanks for thinking of me, but I'd rather not get this sort of stuff in the future. I really don't find it funny and I'm swamped in email as it is," email, they usually stop. If they don't stop, you can blacklist them (they're not going to change their return email address every day like bulk email spammers).

Nice idea but.

[Fnagaton]

As long as it stops all the emails I get from Ubi Lumjobo trying to get me to accept $21.5m from South Africa then I'll be happy. :) Or the people that try to make my breasts larger... Or viagra...

Re:Nice idea but.

[stratjakt]

It's the Big Mac lunches with Cheeto chasers that are making your breasts larger, not spam.

We all hate spam, but you can't blame it for everything. Take some personal responsibility, tubby.

The Irony 'n stuff

[ackthpt]

how spam will evolve

The irony is, Spam evolves, yet people still fall for spam. If it didn't work, we'd have seen the last of it years ago.

I've downloaded MailWasher and have just started looking through it (so I don't know what it uses for filtering.) I've noticed a lot of the recent junk is html with the ploy spelled among comment tags, i.e.:

<-- Job Offer --> Biggie <-- for web --> your <-- designer --> doohickey

Are any of the filters able to handle these?

Lastly, has anyone ever bother to combat spam with spam? I.e. send out a letter explaining what people are likely to get, aside from their credit card charged out to a pr0n site, sugar pills, photocopies of something you can find in any library, identity theft, etc. ?

Re:The Irony 'n stuff

[wheany]

This always comes up.

Just about every filter out there can handle html comments. The people behind POPFile are constantly trying to improve the detection and removal of such tricks. In addition to that, the current development version can handle words that have been
s p a c e d
w^i^t^h
a*l*l
k_i_n_d_s
of weird ways, and other tricks. There is active discussion on the forums about how some spam got trough the filter, and ways to counter it.

Re:The Irony 'n stuff

[NotIrony]

The irony is, Spam evolves, yet people still fall for spam. If it didn't work, we'd have seen the last of it years ago.

So, how is this ironic? The idea behind evolution is to make something more efficient in its niche. And what you're saying is that Spam evolves, and people continue to fall for it, as if it were becoming more efficient in its niche. Or at least just as efficient.

Now, if Spam evolved, and the evolution of Spam caused less people to view it, then that would be ironic. Because the evolution of spam would have produced the exact opposite effect. Or if Spam Filters evolved, and the better the spam filters, the more people read spam. That would be ironic.

But what you said has nothing to do with irony, I fear. Unless you left out a lot of supporting information.

Re:The Irony 'n stuff

[cpt+kangarooski]

I've noticed that several of those I've gotten have been in the form where that's my username. It was but the work of a moment to filter. Where it's more random, I'm sure that a filter can be put together fairly easily. After all, who has comments everwhere like that, other than spammers. I'd look for, I dunno -- three comment tags that surrounded two single words, without a new line. That would probably work.

Most spam though winds up having a domain name or address in there someplace that's good enough.

Re:The Irony 'n stuff

[ackthpt]

There is active discussion on the forums about how some spam got through the filter, and ways to counter it.

And no doubt there are lurkers who keenly follow the discussions, a la Rambus, to go back and refine their spamming technique. I'm sure the opposing terms are arranged to throw off the statistical model, i.e offset a few .99 words with several .01 words.

In retrospect, I dumped 300+ spams yesterday and the messages are becoming increasingly surreal as they attempt to bypass filtering. It seems a safe bet that anyone filtering spam, themselves, is already wary and a waste of effort to spam. I'm so jaded by it that my email client is set to display email only in text format. No HTML, no plugins, nuthin.

So the solution appears to be a combination of statistics and mechanical (programmed) filters. i.e. strip the commented text then run the remainder past the statistical database.

And Spam will no doubt evlove, it that's the word for it, it's so absurd lately that I suggest 'mutate' as more descriptive.

Too bad the feds don't just stop arguing about free speech rights of direct marketers and instead throw a few million into Superbowl halftime ads ridculing anyone stoopid enough to fall for spam, maybe display a quick URL for people to link to for educational purposes. The damage from such a salvo should nip the problem considerably.

Silhouetted figure:"Hi, my name is Bob. I responded to a Spam at work. I lost my job because the link took me to a pr0n site. I also lost all my money because I replied to one of those 'Resuce your debt' messages. My wife, kids and dog left me and even my neighbours laugh behind my back. I guess Spam isn't at all honest."

Re:The Irony 'n stuff

[wheany]

offset a few .99 words with several .01 words.

Name several .01 words I have in my corpus.

Re:The Irony 'n stuff

[ackthpt]

offset a few .99 words with several .01 words.

Name several .01 words I have in my corpus.

In the game of statistics, you may not necessarily reside at the center of the bell-curve, but any saavy marketeer could probably work them out to those who do reside there.

Re:The Irony 'n stuff

[wheany]

Maybe, but he has to consider at least the following:

• What to include (innocent words)
  
• What not to include (incriminating words)
  
• What mailserver to use (some servernames are very spammy in my corpus)
  

And he still needs to get the message across. At least if he is really trying to sell something and not just say "hi, this site is neato http://example.com"

Spam and AI

[cybermace5]

And the conflict rages on. The better filters we use, the sneakier the spam artists get. Now we're developing self-modifying algorithms to detect and kill spam, and I'm sure the spammers are developing self-modifying algorithms to craft filter-tricking spam.

How long before the back-and-forth of spam filters and spam crafters becomes self-aware? It's got to happen. Eventually the spam filters will become a skeptic consciousness that *feels* its way through spam and spots the phoneys, and the spam crafters will become a persuasive consciousness that tries to think and write as a close friend or relative.

Re:Spam and AI

[hrieke]

Okay, so we build an AI and then torture the poor thing with insane emails about penis enlargers and the like?
No wonder Skynet rebelled.

Re:Spam and AI

[corsec67]

Yeah, and in 1997 it will take over the wrold using some spam send to a nuclear silo in russia. And, in Soviet Russia, spam filters your email.

Re:Spam and AI

[johnjtrammell]

How long before the back-and-forth of spam filters and spam crafters becomes self-aware?

There was a war. A few years from now. Spam war. The whole thing. All this... everything... is gone. Just gone.

--Spaminator II: Judgement Day

Re:Spam and AI

[GreyPoopon]

...and the spam crafters will become a persuasive consciousness that tries to think and write as a close friend or relative.

Hey bro,

I meant to talk to you about this last time you and your girlfriend were visiting, but I wasn't sure how to bring it up. I sort of found out through some less, ahem, discreet members of our family that you're a bit unhappy with the size of your member, if you know what I mean. If this is true, there's this web site I'd like to recommend that will probably be able to help you. It'll cost you a little, but it's worth every penny. I was to embarrassed to say anything about it before, but I gave their offering a try last year and both my wife and I are really happy with the results.

{insert html link here...}

The choice is yours, dude. I just want you to be happy.

Love,
Your bro

Re:Spam and AI

[Green+Light]

and the spam crafters will become a persuasive consciousness that tries to think and write as a close friend or relative.

Except that my close friends and relatives don't/won't ask me if I want my penis to be bigger, or refinance my house, buy toner for my printer, etc., blah blah blah.

As the article points out, the SPAMmers still have to deliver their message, and that is their Achilles heel.

Re:Spam and AI

Hee hee. And then all your best online friends will actually be spam crafters!

"Bob, sorry to hear about your divorce. I guess it was time for you to move on, though. Hey, why don't you try match.com? Some other friends of mine have had success with it."

Re:Spam and AI

I was to embarrassed to say anything about it before

Your message makes no sense.

Re:Spam and AI

[cybermace5]

No, they won't send you something like "MAGNA-STALLION MALE ENHANCEMENT 100% GUARANTEED MONEY BACK OFFER!"

But the previous poster is on the right track. Now imagine if The Spam (self-aware entity, selling out to highest bidder of processing time and bandwidth) crafted a letter such as the one above. But instead of being generic, The Spam would craft a completely personal message, based on the buying habits and other records of you and your relatives. The Spam would craft a message tone based on past success, measuring what types of messages made you look. The Slam (self-aware filtering entity) would have to be aware of mass mailings, predict the method that The Spam uses to craft messages, watch sources of spam messages, and look for tone characteristics common across a wide range of recipients and senders.

Of the two, The Spam probably has the easiest job. Too many gullible people in the world.

Re:Spam and AI

this

is

scary.

Re:Spam and AI

[zcat_NZ]

I really can't understand the LOGIC of a spammer who prechecks their spam against spamassassin..

Spamassassin isn't set up be default in any distro that I know of. At the very least it's an extra package to install, and in my case it took me a few hours to get it working.

So they're going to all that trouble to reach people who are 100% AGAINST spam. What kind of response rate do they think they'll get? I'm starting to think that this kind of spam is sent JUST to piss people off, because it sure as hell can't be good for anything else!

Re:Spam and AI

[K-Man]

No, shortly after sentience, the AI discovers Bayesian Penis Enlargement, and takes over the world.

Re:Spam and AI

The spammers don't care who they send their stuff to. They just want to send it and get paid for sending it.

The people that pay them to send it are the real suckers, since they think they get value for their money, which is of course false.

Spammers are con artists ripping up gullable businesses. They are not ripping off the public - nobody buys the stuff they advertize.

It is the businesses who hire them to do the spamming, thinking that they will get people buying their stuff, that gets ripped off.

Re:Spam and AI

Hey,
You're not my bro. If you were, you'd know that the ladies are saying that my dick is uh, um, the LARGEST one they've ever seen...maybe you're suggesting that if I get REDUCTION surgery that I'd get blah blah blah...etc...

better than legislation

[Rojo^]

This is a wonderful tool that is being developed. However, I don't think any one tool will succeed in eliminating spam. From a spammer's point of view, if my income depends on messages making it through filters, by damn I will bypass those filters by whatever means I can. These assholes send penis enlargement advertisements to my mother -- If her gender doesn't stop them, neither will an email filter.

On a different subject, in a story about a week ago, someone posted a link to a peer-peer network of spam emails for MS Outlook available at http://www.cloudmark.com that will trap a significant amount of emails based on (and this is overly simplified, of course) users' votes. Does such a solution exist in the open source world?

Re:better than legislation

>> These assholes send penis enlargement advertisements to my mother

The referal business from her is worth billions. If anyone's seen a lot of cock, it's your mother.

Re:better than legislation

[rgmoore]

This is a wonderful tool that is being developed. However, I don't think any one tool will succeed in eliminating spam. From a spammer's point of view, if my income depends on messages making it through filters, by damn I will bypass those filters by whatever means I can. These assholes send penis enlargement advertisements to my mother -- If her gender doesn't stop them, neither will an email filter.

I hear this argument and variations on it from time to time, but the more I consider it the more flawed it looks to me. There are really two kinds of filters to consider:

1. ISP-level filters applied at a network level by a third party.
2. Personal filters applied at an individual level by the target of the spam.

These two things are not at all equivalent to the spammer because of the psychology of spam. Fundamentally, email readers are likely to fall into two fairly tight categories: suckers who will listen to spam and non-suckers who won't. Anyone who applies his own personal email filter is likely to fall into the non-sucker category, so there's little point in designing a message specifically to bypass those personal filters. The target won't buy your product even if you do get it past his filter. That's not the case with ISP level filters, though, which protect suckers and non-suckers alike. Those are worth bypassing because they're stopping some email that would get to the suckers who would buy your product.

Now it may be the case that the same techniques that are useful for avoiding ISP-level filters will also help get mail past personal filters. That even seems likely, given that many people use ISP-type filters for their personal mail because the ISPs don't do it for them. But it seems to me that there's little percentage in specifically trying to avoid personal level filters that work on a different system from the ISP-level filters because the simple fact that somebody is bothering to use the filter implies that he won't buy from the spammer anyway.

Re:better than legislation

[Rojo^]

Dad, go do something more productive. This isn't helping.

Re:better than legislation

[astroboscope]

Does such a solution exist in the open source world?

Maybe something like Razor? Or Distributed Checksum Clearinghouse?

Re:better than legislation

[phallstrom]

Yes.

http://razor.sourceforge.net/

Re:better than legislation

[AnotherBlackHat]

... I don't think any one tool will succeed in eliminating spam.
From a spammer's point of view, if my income depends on messages making it through filters, by damn I will bypass those filters by whatever means I can.

There are many different kinds of spammers.
A professional spammer is going to get past almost anything you can dream up.
But an amateur spammer can be stopped by simple techniques.
Anything that raises the difficulty of spamming makes it less likely that an amateur spammer will turn pro.
If spamming is limited to the serious professional, then the problem will at least stop growing.

Spamwolf now in beta!

Re:better than legislation

[Thing+1]

On a different subject, in a story about a week ago, someone posted a link to a peer-peer network of spam emails for MS Outlook available at http://www.cloudmark.com that will trap a significant amount of emails based on (and this is overly simplified, of course) users' votes. Does such a solution exist in the open source world?

Hi, that was me . Unfortunately this only works for Outlook (not even Outlook Express), but it's been working great for me.

As others have pointed out, Vipul's Razor is a great open-source solution.

Checking SourceForge , I found the following additional packages:

BogoFilter

SpamAssassin

JoeEmail

Bayesian anti-spam classifier

Anti-Spam SMTP Proxy Server

Bayesian Mail Filter

JunkFilter

SpamProbe - fast bayesian spam filter

Mailfilter

IMAPAssassin

That's just from the first page of search results. If you'd like to see all the results (I did a search for "spam" from their search box), click here .

Spam of the Future!

[zulux]

The real scarry part of the article is about, what he called, "Spam of the Future". It's really interesting. Basically, is a spam message that has a lot of seemingy normal text, that won't get caught in the spam filter. Because it IS normal text. It's then followed by a link - ususally to a porn site.

Here is your opt-in FREE! porn!

Re:Spam of the Future!

The spam of the future will be sales pitches for flying cars.

What's wrong with spam?

[Amsterdam+Vallon]

Without spam, how else would I be able to sit home every day and make $1,000 a week watching TV while playing with my 12 inch penis?

Re:What's wrong with spam?

[Chocolate+Teapot]

Is spam hallucinogenic? You learn something every day on /.

Re:What's wrong with spam?

while playing with my 12 inch penis?

Ahh, yes. The plastic one.

Re:What's wrong with spam?

Too bad you need the viagra for the penis to get that size and you squandered your $1,000 a week in Nigerian investments.

Spamassassin and ENDING spam....

[ajs]

The latest development Spamassassin has an interesting application of Bayesian filtering. Basically, it takes all of SA's existing heuristics, uses that to develop a sense of what is and is not spam, and then pumps the results through a Bayesian filter that learns from these messages.

As with any other SA test, no single element of the chain is trusted enough to definitively call something spam, but if a message would have squeeked through before, this new filter can put the final nail in its coffin through word analysis against previous spam.

So, why did I use a subject about "ENDING spam"? Because one of the tools that spammers have is SA itself. They can use it to score their messages and determine how "spamish" it is. The problem now is that each SA installation will have subtly different scoring, and the message may be "ok" according to the spammer's version, but my version has a better sense of the mail that *I* get.

SpamAssassin is definitely a tool worth checking out if you have not already. Install it in daemon mode (spamd) and then use "spamc -f" in your procmailrc or the equiv for your MTA.

Very nice tool, and a real time-saver for me.

Re:Spamassassin and ENDING spam....

[GigsVT]

Your point is interesting, the spammers are changing their spam to get it past Spamassassin, that means that the authors of Spamassassin control the spam content!

Spamassassin should automatically let any message through that has AD: in the subject line by default.. Then all the spammers would use AD: to bypass the filter, and we could easily choose on the client side whether to read them or not. A sort of way to encourage ethical spamming I guess.

It would also seem to take some of the pressure off the "arms race" of spammers trying to outsmart filters.

This may not work, and I haven't really though it through very well, but it's just an idea I had after reading your message.

Re:Spamassassin and ENDING spam....

[ajs]

Good idea on it's face, but the problem is that only the sophisticated spammers are using SA to pre-filter mail. A lot of the porno boys just don't care. They'd rather carpet-bomb and let the chips fall where they may....

Re:Spamassassin and ENDING spam....

[lbergstr]

Just in case anyone thought "oh, SA includes Bayesian filtering now" - yes and no. Its usage of Bayes may end up being more effective than Graham's, or (more likely, I think) less effective, but it's not equivalent. SA is using Bayes on a set of scores from different heuristics. Graham is talking about using Bayes on a lower level - on text tokens from the message.

Re:Spamassassin and ENDING spam....

[Matts]

I'm afraid you don't know what you're talking about. SpamAssassin 2.50 uses *exactly* the same tokenising techniques as Graham's filters (in fact some more advanced ones too) as well as SpamAssassin's original set of heuristics. These are combined together to get an overall better picture of the email. See my presentation on this topic that I gave at the recent spam conference.

Re:Spamassassin and ENDING spam....

[ajs]

Incorrect. SA is using that technique (and has for a fairly long time now) centrally to generate their score lists. That's important, and it's a very strong part of SA.

However, in the next release of SA (and I'm currently running it out of CVS, so it's hardly vapor), they will *also* be using full word scoring heuristics. That scoring will result in a boolean "spamishness" which will in turn be assigned a score centrally (whihc users can override, of course).

By way of example, here's a recent summary of one of my pieces of spam:

Content analysis details: (12.50 points, 4 required)
NO_REAL_NAME (1.3 points) From: does not include a real name
INVALID_DATE (1.6 points) Invalid Date: header (not RFC 2822)
BAYES_90 (2.0 points) BODY: Bayesian classifier says spam probability is 90 to 99%
[score: 0.9645]
RAZOR2_CF_RANGE_91_100 (0.0 points) BODY: Razor2 gives a spam confidence level between 91 and 100
[cf: 100]
RAZOR2_CHECK (3.9 points) Listed in Razor2, see http://razor.sf.net/
DATE_IN_PAST_03_06 (0.2 points) Date: is 3 to 6 hours before Received: date
MSG_ID_ADDED_BY_MTA_3 (2.0 points) 'Message-Id' was added by a relay (3)
FORGED_MUA_OUTLOOK (1.0 points) Forged mail pretending to be from MS Outlook
MISSING_MIMEOLE (0.5 points) Message has X-MSMail-Priority, but no X-MimeOLE

As I said previously, the interesting part here is not the word-analysis, but the fact that the database for that word analysis is generated dynamically by looking at your mail, and applying SA's other rules. Self-training of this sort has proven highly successful in tests, and may yield the next quantum of spam-filtering effectiveness.

Notice also that while that 2.0 points from Bayes is a big push to this spam's score, it's not enough to mark it as spam on it's own. This is the power of SpamAssassin. No one test says, "this is spam", and so no one test is trusted on its own.

Re:Spamassassin and ENDING spam....

[lbergstr]

I stand corrected.

So SA will be using Bayes on a list of scores from various heuristics, with one of the heuristics a Bayesian word filter applied to the body text? I wonder if this will end up being more effective than just using a Bayesian word filter on the entire email (headers+body).

Re:Spamassassin and ENDING spam....

[b0rken]

It's too bad that SA is ranking the Bayes score so low. You can, in 2.43, craft a message with a very negative score, even with a fairly spammy body. Take a look at this carefully crafted message

the body was taken from a spam I got (about DVDs) and the headers and footers were crafted by looking at SA 2.43's tests. The result?

X-Spam-Status: No, hits=-21.5 required=5.0

your two-point hit from Bayes won't do anything... (and heck, looking at the message there must have been a bunch of tests that failed to trigger because lines that should have been in the header ended up in the body)

Re:Spamassassin and ENDING spam....

[iain]

Reading this leads me to wonder if SpamAssassin has its scoring inside out. Let me explain.

There's been a fair bit of talk on how to choose the tokens to feed to the Bayes engine. Paul Graham discusses using extended tokens like "Subject*free", and I can't help thinking that SpamAssassin has a ready-made body of tokens; RAZOR2_CHECK, FORGED_MUA_OUTLOOK and so on. So, why not turn SpamAssassin inside out, and instead of letting the Bayes engine report to the overall scoring, let each test become a token for the Bayes engine?

Perhaps it's the engineer in me, but I still feel slightly unhappy about SpamAssassin's scoring theory. The score doesn't fit an obvious model. With Bayes you can sum it up quickly with probability theory, but SpamAssassin's score is a complex heuristic.

Don't get me wrong - I use SA here and it's shit-hot. I just can't quite see it Taking Over The World[tm] in its current form.

I have seen any similar suggestions, but then I've only read brief reports of the conference. I suppose I ought to do a decent test on the scheme before waffling about it, but this is /. after all...

Re:Spamassassin and ENDING spam....

[ajs]

SA does exactly what you say. That's how they develop the scores for each of the tests. The new word-analysis test will then feed off of those other scores in order to train itself, becoming even more accurate over time.

Re:Spamassassin and ENDING spam....

[ajs]

Your carefully crafted message is a great worry of the people who work on SA.

The only defenses against this are:

1. In-transit info (RBLs, recieved headers, forgery detection by an MTA, etc) can hit the score big-time
2. Consensus-based checks (e.g. Razor2)
3. Body analysis (as you note) lends some score
4. If all else fails, your technique will shape later updates to the scoring, and scores will adapt to the abuse automatically.

SA is not perfect, but it makes spamming MUCH more difficult, and I think ultimately will increase the difficulty to the point where spammers are thinking in terms of reaching hundreds or thousands of boxes, not millions. That changes the economics for them, and makes it likely that it's no longer profitable.

Re:Spamassassin and ENDING spam....

[iain]

My understanding of SpamAssassin's "genetic algorithm" is that it's performed by SA Central before making the release, and therefore based on SA's own spam corpus. If their corpus differs from my own pattern of spam, doesn't that imply that their scoring will be less than optimal for my circumstances?

Naturally, this is rampant speculation based on my limited understanding of SA score generation - if the SA heuristics do train themselves on my email patterns in some way I've completely missed, then I take it all back.

Re:Spamassassin and ENDING spam....

[ajs]

Yes, yes, no and yes :-)

SA calculates scores for its other tests centrally. Word-tracking is done locally based on those other rules. It's a way of weighting the centrally-managed scores to your local mail's makeup.

Help the spammers. No, really.

I have just set up a system which parses spam email, locates any Web addresses, strips out the parameters, and then visits the Web site. Just think if we ALL did this. So rather than the poor spammer only getting a .001% hit rate, they get an astounding 100% hit rate. So 1 million emails sent, 1 million instant Web page hits. And it is not like they can complain about this, after all they are ASKING for the hits.

Even better is that my domain gets multiple spams from the same company.

Re:Help the spammers. No, really.

[qengho]

I have just set up a system which parses spam email, locates any Web addresses, strips out the parameters, and then visits the Web site. Just think if we ALL did this.

Heh. I use a program called SpamFire to filter my mail. No Bayesian stuff yet, but it has a Revenge menu with an item called Bug the Web Bugs. This scans your spam mail for web bugs, then opens a page in your browser that sends either random garbage or your choice of message, every two seconds, to the server specified by the web bug.

Re:Help the spammers. No, really.

[astroboscope]

Wonderful. So now we have the spammers and you clogging up the network.

And you're not going to overload their server if it just sends static images/pages.

Re:Help the spammers. No, really.

[qengho]

you're not going to overload their server if it just sends static images/pages.

The idea is not to overload their server, but to fill their harvested address log with junk. Maybe it'll screw up their log analyzer.

Re:Help the spammers. No, really.

Oh ho! The spammer speaks! Screw yourself prick, you know you have it coming. You send billions of spam but cannot take a few thousand retaliations. Filth like yuo should be cleansed from the earth.

Performance

[FrostedWheat]

2.5 per 1000

So it catchs 2 or 3 of every 1000 spam messages. My worry would be how many non-spam messages it catchs?

I'd hate it to tag any personal mail as spam :)

Re:Performance

[avi33]

zero, in theory.

I don't remember the details of the original rules he used to implement this, but something along the lines of "it's acceptable to have a couple pieces of spam slip through, but completely unacceptable for non-spam to be blocked." ...and goes on to describe how a set of flags can be used to tag suspected spam, and ask if it's real or not...essentially building a personalized set of rules based on user preferences.

Re:Performance

[ergo98]

And this is the clincher in any of these spam filters: If the filter automatically deletes messages that it identifies as spam (which could be legitimate business proposal or job offer, for example) then a false positive would be incredibly destructive. If it doesn't automatically delete but instead you periodically go through all of the messages, then it's of little value as you're forced to manually filter the spams anyways. The irony is that the better it is at identifying spams, the more destructive a false positive would be as you casually scan through and delete large clusters of supposed spam.

Personally I think the author of the paper is a bit idealistic in ways when they say "If we can write software that recognizes their messages, there is no way they can get around that". Well then again maybe they aren't: Saying "if we can...recognize their messages" is a pretty wide net presumption, and of course the following conclusion follows, however the real question is "can we realistically make software that can effectively identify with zero incidences of false positives". For people who email between themselves and one or two other people on one subject that isn't a problem, but I suspect that statistical word usage analysis wouldn't be quite as successful for someone with a more disparate mail usage.

Re:Performance

[joshsisk]

So it catchs 2 or 3 of every 1000 spam messages.

I believe he was saying only 2.5 spams per 1000 get through to your inbox. Not only 2.5 per 1000 get caught. That's a little different.

That's about the performance I'm getting out of my spam filter setup (spamassassin), anyway - I think I'm getting about one spam in my inbox per 300 spams in my held mail. Only about once every two weeks do I find an email that is a false positive (and I get about legit 30-40 emails a day).

Re:More than 1.1 billion pigs are killed worldwide

[molarmass192]

Could Bayesian filtering be applied to filter offtopic posts as well?

Add inches to your penis!

[Chocolate+Teapot]

Ooooops! Wrong window. Sorry.

Re:How is spam that big of a problem?

[crawdaddy]

Overblown? The fact that you would need more than one email account to keep from having your time wasted by spam proves otherwise.

Bayesian filtering

[blakestah]

The basics are, you take all good mails, and create a database of words used in them. Make a different database for spam mails. Then, for each incoming mail, compare to each database, and classify as spam or non-spam.

The algorithm starts out conservative, ie: you get most of the mail classified as good. For each "good" email that is spam, you manually re-classify it.

Then, after a few weeks, the filter does all the work. It is basically using word-databases to compare emails and classify them the way you, the user would. Periodically you will receive another spam email, then you re-classify it, and never see an email like it again (in your inbox).

Bogofilter and CRM114 are among the more successful efforts so far, but there are many. And they are FAR more successful than blacklist/whitelist/fixed token comparison filters. But Bayesian filtering is just a near optimal way to replicate the classification of the user, which is also why it works so well.

Re:Bayesian filtering

[ottffssent]

I've found that a combination of whitelisting and blacklisting are extremely effective. The address I give out to companies I order from online is whitelisted - those companies that regularly send me spam don't get on it and those who send me order confirmations and UPS tracking numbers do. My other addresses have blacklists covering huge swaths of the namespace, such as AOL, MSN, Yahoo, Hotmail, and the like. At last count there are 3 exceptions to those blanket condemnations. Of the 1000-2000 spams/month I receive, fewer than 1 a day get through. Granted, 97% isn't nearly as impressive as 99.75%, but it's a whole lot easier.

Re:Bayesian filtering

[blakestah]

I think you misunderstand how easy bogofilter is.

I initially trained on about 200 emails. At first, I got 1 spam per day, or so. There have not yet been any false positives (good mail classified as spam).

A week later, I get 1 spam in my inbox every 3-4 days, and no good mail has been classified as spam. All I need to do it take the false identifications and re-classify them. That means, every 3-4 days I take the spam in my inbox and re-scan it through bogofilter (cat SPAM | bogofilter -S). That is all. It is not any effort, really, after the initial training. Then, the filter does all the work, and you don't need to worry about blacklisting or whitelisting or anything.

The really important thing is that the filter statistically optimizes YOUR manual email classification. The best source of email classifying is YOU looking at an email, and Bayesian filtering is the only method that is optimized to do that.

Re:Bayesian filtering

[ColaMan]

I have a setup for my users at work (using IMAP mailboxes) - I have "Junk-Mail","Missed-Junk" and "Wrongly-Sorted" folders. Bogofilter and procmail sort spams as they arrrive into the "Junk-Mail" folder, depending on each users word list.

If a spam makes it to the inbox proper, all they have to do is move it to a "missed-junk" folder. That folder gets processed every hour by bogofilter, marked as spam and messages moved to the "junk-mail" folder.

If a real email gets wrongly classified, all they have to do is move it to "wrongly-sorted" and it gets noted and the email moved back to the inbox when done.

Handy, and easy for the end user to figure out.

u know wtih all this hassle

[cp5i6]

why not just go back to blocking all of china

Re:u know wtih all this hassle

[mla_anderson]

Because I have actual customers in China and I still want to get their emails.

Re:u know wtih all this hassle

[cp5i6]

heh irony is.. china being one of the worlds most prolific censoring countries... can't do anything about spam.

Spam only cost-ineffective with ISP-level filters

[PseudoThink]

Spam filters are great, but it seems that only the Net-savvy are using them. Savvy users aren't the people spammers are making all their money from--they are making money off the naive and inexperienced users. These users aren't going to go out and install the latest Bayesian filters on their system, and the major email readers won't (and probably shouldn't) come with them automatically activated.

To make spam cost-ineffective for the spammers, we've got to stop it (or flag it) before it gets to the end-user. It would obviously be a mistake to allow ISP's to automatically delete all email that fails their spam filters, but I think it would be appropriate for them to include something in the headers flagging such email as probable spam. Then future email readers could detect this header and handle it gracefully, like moving it to a "spam" folder on the user's machine. Once this happens and Grandpa no longer gets email asking him to test the latest Viagra alternative, spam may become a thing of the past.

filtering effectiveness

[qoncept]

I think I speak for everyone when I say false positives are the only real hinderance to the filtering of spam. I get roughly 20 emails a day, 75% of which are spam. If one of them slips past the filter and I see it, it doesn't bother me so much. Spam is no longer a problem. What is an absolute necessity, though, (and probably less so for me than other people) is that none of my legitimate email is filtered as spam. I'd rather have 100 spams filtered improperly than one legit email.

Re:filtering effectiveness

[Tim+Macinta]

I think I speak for everyone when I say false positives are the only real hinderance to the filtering of spam.

This is one of the reasons I like SpamAssassin so much. Since it tags each message with a spam-ishness score you can set up tiered levels of filtering. After running Spamassassin for several weeks I ran some tests and discovered that none of my false positives ever scored above a 6, so I set up an extra filter for messages which score an 8 or higher that put them into an "almost definitely spam" folder. Everything from 5 - 8 goes into my "potential spam" folder and everything below 5 isn't tagged as spam at all. The bulk of my spam has actually been going into the "almost definitely spam" folder, which I only check every few days and any false positives I get have gone to my "potential spam" folder, which I check every few hours. My point is, it's pretty easy to set up SpamAssassin to work in accordance with to your tolerance for false positives and it can save you oodles of time even if your tolerance level is very low.

Re:filtering effectiveness

[TheSync]

I use SpamAssassin to dump suspected-spam into another directory. Every day I spend about 10 minutes going D-D-D-D-D-D... in the spam directory, glancing briefly at each subject hearder to make sure I don't miss any false positives. They are rare, but have happened 2 or 3 times over a year.

I find that erasing all of my spam in a "batch process" is much more efficient than not using a filter and doing it randomly through the day.

Re:filtering effectiveness

[The+Famous+Brett+Wat]

If your mail quota for the day included one legit mail and one hundred spams, do you think you might miss the legit mail anyhow? There comes a point at which false positives are no worse than manual filtering. Still, if "no false positives, ever" is one of your criteria for a spam filter, then so be it. It's not one of mine, as it happens.

Re:hopeless

[Kallahar]

Yeah, 2.5 per 1000 getting through is a proof that his ideas are obviously flawed. Having a working system is the best proof that an idea works :)

Travis

Re:hopeless

So you'd rather have 1000 out of 1000 pieces of junk mail over 2.5 out of 1000. Way to keep things in perspective! (Actually, what you were doing is trying to show off what little intellect you have.)

But ... how much spam??

[Presto_slashdot]

Interesting read and all, but CmdrTaco, you forgot to mention how many spam mails you've received already today ...

Inquiring minds want to know!
;)

Obligatory plug for TMDA

[Silas]

I'm really excited about all of the neat stuff happening with Bayesian filtering and related technologies, but I just wanted to put in a plug for TMDA, Tagged Message Delivery Agent, which uses a whitelist-centric strategy. Since I began using it, the amount of spam I have to look at is virtually at zero. If you haven't read about it yet, check it out.

Re:Obligatory plug for TMDA

So I'm supposed to magically know everyone that wants to e-mail me and add them to a whitelist so their messages get through huh? How incredibly inconvenient for both parties. How about automatic replies from online purchases and mailing lists? This doesn't sound like a very good idea unless you're an incredibly fucked up geek who thinks spam is really evil.

Re:Obligatory plug for TMDA

[NearlyHeadless]

So I'm supposed to magically know everyone that wants to e-mail me and add them to a whitelist so their messages get through huh? How incredibly inconvenient for both parties. How about automatic replies from online purchases and mailing lists? This doesn't sound like a very good idea unless you're an incredibly fucked up geek who thinks spam is really evil.

For automatic replies, you use a "tagged" version of your mail address. eg. jason-sender-a751af@mastaler.com instead of just jason@mastaler.com.

You don't have to preload your whitelists with everybody you know. People not in your whitelist will get a message that they must acknowledge in order to get added to the whitelist.

Re:Obligatory plug for TMDA

[Wonko42]

When I email someone and get a message asking me to verify that I'm a real person, I feel insulted. The only time I tend to email people who don't know me is when I'm complimenting a software author on something they wrote, or responding to a user who has emailed me about something I wrote.

When I spend a good thirty minutes of my valuable time crafting a detailed answer to a user's question about some aspect of an application I've written that, if they'd read the docs, they could have figured out themselves, only to find that this user's email server considers me a spammer until I prove otherwise, I usually just say "fuck it" and go do something more productive.

Guilty until proven innocent is not an effective way to stop spam. It merely shifts the inconvenience from you to someone who may be legitimately trying to contact you, and if they're like me, they may decide you're not worth contacting after all.

I personally receive hundreds of spam emails a day (in fact, over 75% of all the email I receive is spam). Yet, I very rarely see any spam in my inbox, thanks to Bogofilter. Bogofilter has about a 95% success rate at discerning spam from non-spam, and it gets smarter with each message I receive.

Re:Obligatory plug for TMDA

[Silas]

Guilty until proven innocent is not an effective way to stop spam. It merely shifts the inconvenience from you to someone who may be legitimately trying to contact you, and if they're like me, they may decide you're not worth contacting after all.

I disagree. When I sign up for a mailing list, I'm not insulted when the mailing list management software asks me to confirm my address, because I know that it's for a good reason: to prevent abuse or spam on the mailing list. It doesn't mean I'm guilty of anything, it just means I'm participating in a process that makes the service better.

You mentioned the scenario of answering an e-mail from someone and getting a confirm request. If someone using TMDA sent you an e-mail, you'd most likely already be on their whitelist...no confirmation necessary, no need to say "fuck it".

I realize that TMDA breaks the mold of the traditional e-mail model, where your inbox is open to anyone who wants to send you a message. 95% success rate and the constant nagging worry that a legitimate message might get hosed? Not for me.

I guess I would suggest that the knowledge that every message you receive is from a real person/legitimate sender (as opposed to the pseudo-reliability of filters based on message content) is well worth the very slight inconvenience to the small number of senders (6% in many cases) who have to confirm themselves. It sure has been in my case. I'm not saying TMDA will always be the best solution, but it's worth considering.

Re:Obligatory plug for TMDA

[infiniti99]

When I spend a good thirty minutes of my valuable time crafting a detailed answer to a user's question about some aspect of an application I've written that, if they'd read the docs, they could have figured out themselves, only to find that this user's email server considers me a spammer until I prove otherwise, I usually just say "fuck it" and go do something more productive.

I'm surprised at your perception of confirm requests. When I first set up TMDA, I scanned every undelivered mail for nearly 6 months to ensure that no one was getting pissed off at the confirmation request. I did have some cases where people never got the bounce email (due to technical reasons, which I hope to have solved), but not once did I run into someone who refused to confirm because they were insulted. If a person spends time writing an email, they should not refuse to confirm, otherwise their email would go to waste. It is not like they have to rewrite the email or anything. Just hit Reply and then Send. Done. If their email is not important enough for two more clicks, then I don't need it.

Of course, if a user emails you and then your reply is bounced, that is just the user being stupid/rude. If TMDA is properly used, outgoing mails should always be repliable without confirmation.

Re:Obligatory plug for TMDA

[iain]

Not quite the same thing, I know, but here's what I do:

I use SpamAssassin as a filter, using a trigger score of 4. If (and only if) SA flags it, I bounce it back saying:

\begin{quote}
This message was flagged as spam so I've bounced it back. Sorry.

If I'm wrong (even Perl scripts are wrong sometimes) and you're a
Real Person, look at

http://www.anchovy.durge.org/spam/

which will explain how to get your message through.

Iain's Perl script.
\end{quote}

(Politeness costs nothing. Especially if it's a Perl script doing the talking ;)

The method, FWIW, is to include a particular string in your subject line. It changes weekly.

Why do I add the burden of going to the web site? It's supposed to make it slightly harder for the Evil Spammers to work around it. I'm still considering whether it's a good idea.

Re:hopeless

[ajs]

Everyone but the folks at SpamAssassin have been focusing on the idea that any one technique for identifying spam is doomed to diminishing returns.

Over at SpamAssassin, they've been busily creating a system that collects "good enough" tests by the dozens and uses them to collectively score a message and determine its general "spamishness". The system relies on a complex scoring system that is determined, not by the whim of human programmers, but on the results of a genetic training system that pits one set of scores against another until equilibrium is reached for a given set of example spam and non-spam.

See my other post here for how Bayesian filtering will be used to allow this system to feed back on itself and improve as it sees more of your spam and non-spam....

Spam Archive

[Doctor+Beavis]

The article mentions compiling a vast collection of spam. Such a project is already underway at SpamArchive.

Re:Spam Archive

[alonsoac]

The article mentions compiling a vast collection
of spam. Such a project is already underway at
SpamArchive [spamarchive.org].

The article also mentions that most effective is for each user to compile his own collection of spam, such a global collection of spam wouldn't do the trick for everyone.

Re:Spam Archive

[jmason]

Worth noting that we in the SA project will probably not be able to use these, as they've all been munged to remove some really excellent spam-signs: no Received headers, header case munged, etc.

the master of spam.

[bigbinc]

Paul Graham, great book, ANSI lisp, if there is one person that knows spam it is this guy.

Content filtering means the spammers have won

The victims are expending considerable amounts of individual CPU time to classify mail which they must read (albeit mechanically).

Rejecting mail from IP addresses known to send spam (or teergrubing to tie up spammer resources) puts the burden back on the spammers, where it belongs.

Absent effective out-of-band defenses (such as the courts and the legal system), wasting money on filtering is a foolish effort just to benefit a few innocent sources who choose to share an IP address with spammers. And if they pay money to a spam-tolerant ISP, are they really innocent ?

Because it's free.

[Presto_slashdot]

You probably get no spam to your home or cell phone because it's too expensive to set up a company in China and make phone calls to the US, just to get around the laws. Unfortunately, it *is* basically free to send spam mail. If they could call you for free from outside the US, they would be doing that too.

Standard Spam API

I have been quite excited with all the new ideas being put to use in fighting spam recently. Unfortunately, whenever I find one that is implemented, it doesn't work with my mail server or my client. It seems like there should be a standard API that spam filters could implement, (using soap or xml-rpc or something), so that the various mail servers and email clients could use a single plug-in to add spam filtering. This would allow the people who are good at spam filter code to focous on that one problem, and the people who are good at writing email plugins and GUI code can do what they are good at.

Re:Standard Spam API

[Repugnant_Shit]

Have you tried popfile? Its a perl-based solution, so it should run on anything that perl runs on. I have it running on Linux with KMail, and on Windows with Mozilla, Eudora, and Opera.

Re:Standard Spam API

damn right. I tried intergrating spamassassin with exim and fucked it up badly. An api would help no end.

Re:Standard Spam API

I just tried it - it didn't work. I guess I will file a nice bug report then.

Re:hopeless

[mjh]

Until we have quantum computers, we're stuck with black lists, which work pretty well anyway.

... or software managed whitelists. This software assumes that everyone is blacklisted until they can prove otherwise. This system will work until spammers start using real, working return mailboxes. At which point, 99% of the battle will have been won.

popfile URL

[roalt]

Popfile can be installed as an intermediate between your mail-server and your program, and you can add tags to your mail to decide in which 'bucket' your mail belongs to.

The url for the project is popfile.sourceforge.net

I didn't try it yet, but it I will try it really soon now!

Re:popfile URL

[joeldg]

Popfile rocks.. used it for a while 89% accuracy.. but the 11% is actually relatives/friends sending me stupid forwards, so in reality is is about 99% accurate.. nice..

Re:popfile URL

[egghat]

PopFile rocks. Works good and installation is a breeze.

For me the big plus is that it's

a) a filter between mailclient and server, so I don't have to change anything at the server side

and

b) it's a Perl solution and it's cross platform. Perfect for me as a dual booter.

Bye egghat.

If you want to stop spam, tax email

[jlowery]

It doesn't have to be much, just 1/8 cent per email or so. That's all it would take.

Re:If you want to stop spam, tax email

[joshsisk]

Please answer the following:

1. Technically, how could you implement this?

2. How could you prove that an email you recieved was "paid for"?

3. How could you force other nations to do this?

Re:If you want to stop spam, tax email

[Rogerborg]

Great idea!

Now, you tell me how many "emails" I've sent in the past 8 hours from my machine at work over an encrypted SSL link to sendmail running on a non-standard port on my server at home and being sent to a group of recipients on ISP's worldwide, some of whom run their own mailservers.

No, you don't get any of my IP addresses to help you. And no, this isn't a rhetorical question. If you can't answer it, your solution is sophomoric.

Got the answer yet?

Re:If you want to stop spam, tax email

[jlowery]

1. Make the ISP responsible.

2. You wouldn't. The ISP would have to.

3. Add token-response protocols to email messages.
Tax foreign e-mail "imports". Those that don't pay, don't get to import.

Re:If you want to stop spam, tax email

[joshsisk]

Sigh. By "you", I was referring to _you_, the architect of this brilliant plan. I'll rephrase.

1. Technically, how would this plan be implemented?

2. How could an ISP prove that an email recieved was "paid for"?

3. How could the US (or whoever adopts this plan) force other nations/ISPs to do this? Because, unless everyone adopts it, it's useless anyway.

It seems to me that this plan:
A) wouldn't stop spam.
B) would kill the popularity of email (people would just switch to IM or something free).
C) would cost at least as much to implement as it saves.
D) would keep poor people without credit cards from having email. (many people have free email accounts they check from libraries)

now THIS is a true geek

>Based on my corpus, "sex" indicates a .97 probability of the containing email being a spam...

Spoken like a true geek.

My Spam Algorithm:

[eforhan]

Spicy SPAMBURGER

Ingredients:
1 (12-ounce) can SPAM® luncheon meat, cut into 4 slices
1 green pepper, cut into thin strips
1 small onion, thinly sliced
½ cup MIRACLE WHIP or MIRACLE WHIP LIGHT Salad Dressing
½ teaspoon ground red pepper
4 hamburger buns, split
Lettuce and tomato slices (optional)

Instructions:
Cook SPAM®, green peppers and onions in large skillet 5 minutes, stirring occasionally. Mix MIRACLE WHIP and red pepper. Spread evenly on hamburger buns. Place SPAM®, peppers and onions on bottom halves of buns. If desired, top with lettuce and tomato and cover with top halves of buns. Makes 4 sandwiches.

***
I lied. I hate spam of any kind. Bravo Anti-spammers.

-Eric

Re:Spam needs a global solution (Global Solution)

[minas-beede]

OK, signal and noise. What if the signal was all in one frequency band and the noise all in another. Problem separating them? No.

What if, in effect, a similar distinction held for spam in the transmission channel - that spam by itself selected a pathway to the recipient that was never used by the signal? Block that pathway and the spam never gets through.

Spam doesn't select a pathway but spammers do. If you could block relay spam at the open relays it would be dead. You can't, of course - the open relays are controlled by people who don't know the need to block spam. You know that, I know that. If you can't change the people then change the open relays (from the spammers' points of view.) Set up a system that looks like an open relay and stop the spam. An open relay honeypot.

I asked an operator of such a honeypot how he did last year:

> How did 2002 end?

From March 7 to December 26 2002, the total was:

235,624,232

Using one Pentium 90 he stopped spam to 235 million recipients. Think about that number when you see filter people reporting what they stop just for their own domains. This was spam to recipients all over, not simply to the honeypot operators domain: he operates at the relay level. He stopped 100% of the spam, no deception deceived him, no tuning was needed, no valid email was caught - it is perfect filtering. Perfect filtering - who else has that?

And you can do it at home on your DSL or cable connection (the guy above uses sendmail -bd, but Windows users have a program they can use):

http://jackpot.uk.net/

Yeah, I know, spammers are switching to open proxies. So, write an open proxy honeypot. That, too, will be 100% efficient. In addition you now are giving spammers reason to fear every open relay and every open proxy they detect. FEAR. The SPAMMERS have to scramble. They have to scramble and they have to show everything they do to overcome the technique - there is no stealth way to look for open relays and open proxies.

The problem is solved, it is a matter of implementation and of getting active systems everywhere in the net space (so there's no safe IP space for the spammers anywhere.)

Remember: A single Pentium 90, 235 million spam messages stopped in 10 months.

Re:How is spam that big of a problem?

Why are you posting Anonymous Coward? Are you afraid someone will post your email to a few spam lists. :)

Re:hopeless

[rabidcow]

For those coming late to the story, Joel Sponsky demonstrated in his well known column [joelonsoftware.com] recently that Bayesian filtering of spam is an intractible problem.

Where? There's no mention of Bayesian anything on that page. The closest thing I can see is "Bad Spam Filters," which is about a different kind of filter.

Treating the symptoms, not the problem...

[Anonvmous+Coward]

I hope you all realize that at best you're buying time, not solving the Spam problem. It won't take long for these guys to find ways through the filter.

The problems need to be solved on a different level. The problem is not the messages themselves, it's that people are allowed to send these messages to anybody they want without any real challenges as to their authenticity.

Let me explain how I have things set up right now, and hopefully my stance on this issue will be a little clearer. All my messages come into the same mailbox. I have a bunch of email aliases, though. If I sign up for Slashdot, for example, then I create a new alias like 'slashdot@insertdomainnamehere.com'. I then add that email address into my 'email allowed' list so that it gets funneled through into a visible folder. If that address gets abused, I shut down the email alias.

My personal friends are treated a little differently. Once they email me, I add their address into my list of friends, and they get put into a friends folder. I treat this differently than a registration place because my friends all need one address to contact me at, I don't mind them sharing it with each other. If my address changes, then their messages still get through.

I plan on going farther down the road. I'm going to give people an email address, and when they email it they get an automated message with instructdions on how to 'request permission' to send me email. When permission is granted, they don't get that message anymore. It basically means that the only messages that get through to me are the ones that have a human behind them to read the response and then go through the proper channels to reach me.

I'm not claiming to have done anyting new here. I'm basically mimicking the way IM works, and I'm doing it without having to do anything real fancy. Outlook's Rules Wizard is doing quite a bit of the work here. But since people actually have to take the time to request my authorization, it means that it's a message meant for ME as opposed to a message meant for anybody who's out there. With an approach like this, it'd be a lot harder for spammers to get through.

Re:Treating the symptoms, not the problem...

[Silas]

It sounds like you're using TMDA. Or, if you're not, you should be. :) Check out my related post on this story.

Re:Treating the symptoms, not the problem...

[joshsisk]

Is it really worth all that trouble?

My ISP uses spamassassin, and it filters out about 299 out of 300 spams without me having to do anything whatsoever. I get a false positive maybe once every two weeks (and I get a good amount of email). Usually those are forwards or items people BCC:d to a whole bunch of people that I don't care about, anyway. AND if I bothered to add all my friends to my whitelist, I'd _never_ get a false positive from them.

Re:Treating the symptoms, not the problem...

[Fastolfe]

it's that people are allowed to send these messages to anybody they want without any real challenges as to their authenticity.

You go through a lot of work to get your friends "authenticated" in this fashion.

A better solution might be to simply require that every unsolicited e-mail you get be authenticated with a certificate. Set your mail system up to only accept messages to your "real" e-mail address that have either valid PGP or X.509 signatures. Reject everything else with instructions on how to get the tools/certificates to do it.

I do something similar with unique e-mail addresses when signing up on sites. I've also found that it's generally easier to go with username+tag@example.com, where the 'tag' can vary. This is functionally equivalent to username@example.com, but it lets you do some additional filtering without having to set up a new e-mail address. The disadvantage is that there are a lot of sites out there with brain-dead e-mail validation routines that don't permit plus signs. :/

Whatever you do, though, please leave your postmaster@example.com address working and unfiltered. Yes, you will get spam, but if your mail filtering system ends up malfunctioning one day, this address may be the only way someone can let you know.

Re:Treating the symptoms, not the problem...

[Anonvmous+Coward]

"Is it really worth all that trouble?"

It will be when people figure out how to get their message through Spam Assassin. It isn't that hard. The first thing they have to do is stop putting garbage numbers in the subject, then get rid of the excessive spaces, then stop using HTML. Do all that, and you've already cleaned up the major points that Spam Assassin trips on.

Re:Treating the symptoms, not the problem...

[thomn8r]

TMDA is cool, but if you don't have control over your mail server, you're a55'd out. Try Active Spam Killer, which you can use like procmail, or even in conjunction with procmail.

Re:Treating the symptoms, not the problem...

[artg]

How do you identify email that comes from your friends ? If you use their From-address, your filter will be fooled by spammers that raid address books (standard virus technique) to create their own from-addresses.

So the spam looks like it came from your friend : not only does it get past your filter, but you're inclined to open it, too.

Re:Treating the symptoms, not the problem...

[joshsisk]

And SpamAssassin will evolve to take that into account... again, without me having to lift a finger. Here are the various tests SpamAssassin currently performs on a spam email. A bit more than you imply.

Also, note : if you avoid the garbage #'s (or random text) in the subject line, then you've just made it so that you can't email Hotmail, Yahoo, or AOL users because all of those systems will block an email with the same subject if they detect it going to too many users during a certain time. Many other ISPs probably do this as well. The whole reason spammers started adding the random text/numbers was to avoid that.

And remeber - if tools (like SpamAssassin and whatever else) start to get so good that spammers have to spend a large amount of time crafting spam to try and get past them, it ceases to become profitable for them, thus they will have to raise their rates, thus the service seems less appealing to those buying it, thus the amount of spam will decrease.

Re:Treating the symptoms, not the problem...

[Anonvmous+Coward]

" If you use their From-address, your filter will be fooled by spammers that raid address books (standard virus technique) to create their own from-addresses."

That's a good question, but not hard to fix. It wouldn't be hard for the user to change the way their name is displayed, and pick up on that. They could use a signature with a key-word that your filters pick up, etc.

There's lots of ways of doing it that don't involve having the other guy change his email address. Though you bring up a good point, I've never recieved an email like that.

Re:Treating the symptoms, not the problem...

[Anonvmous+Coward]

"And remeber - if tools (like SpamAssassin and whatever else) start to get so good that spammers have to spend a large amount of time crafting spam to try and get past them, it ceases to become profitable for them, thus they will have to raise their rates, thus the service seems less appealing to those buying it, thus the amount of spam will decrease."

I don't think that'll work very effectively. First off, they don't know that the email's being deleted and not read, secondly there'll always be somebody who gets it. Email, as it is today, is too OPEN. SpamAssasin helps close that door a bit, but it doesn't send them a message back saying "Sorry, rejected."

What they need is to be forced to have an address that can be responded to.

Re:Treating the symptoms, not the problem...

[joshsisk]

First off, they don't know that the email's being deleted and not read

Uh, they _DO_ know something very important, however: they know how many people follow the links/call the numbers and then buy the products being advertised. If the sales dip, they will be less likely to put money into spam advertising. If they don't pay the spammers to advertise their products, that is less spam.

Spam exists because it's cheap and it works. If you can make the spammers have to work 1000x times harder for each dollar they get paid, it becomes a less attractive proposition.

but it doesn't send them a message back saying "Sorry, rejected."

Why would you want to do this? It's not like they are going to take you off their list, anyway.

What they need is to be forced to have an address that can be responded to.

See, I don't think that's very realistic in the near-to-mid term. Even in 95% of the countries pass laws saying that it's illegal, spammers can broadcast from that 5%...

Re:Treating the symptoms, not the problem...

[Anonvmous+Coward]

"If the sales dip, they will be less likely to put money into spam advertising. If they don't pay the spammers to advertise their products, that is less spam."

Uh, no. When they see a dip in sales, they'll start looking into how spam filters work and how to get around them. And since email is such an open system, it won't be hard to do. SPAMvertisers are very creative.

"Why would you want to do this? It's not like they are going to take you off their list, anyway."

Because they won't even be able to get their foot in the door. It's no longer a matter of tricking filters anymore.

"See, I don't think that's very realistic in the near-to-mid term. Even in 95% of the countries pass laws saying that it's illegal, spammers can broadcast from that 5%..."

I really wasn't referring to legality here. I don't think the law will do anything to stop spammers. (If it could, the DMCA would have forced P2P off the air) It means that they have to maintain a system that can recieve messages back so they can work their way into somebody's mailbox. Suddenly, it becomes a lot more time consuming and expensive to maintain a marketing operation like that. Set up properly, it'll take human intervention for every single message sent through. Force the system to do work that way, and bye bye spam.

All filtering will do is make them smarter. The end result will be nobody using e-mail at all.

Re:Treating the symptoms, not the problem...

[joshsisk]

Uh, no. When they see a dip in sales, they'll start looking into how spam filters work and how to get around them.

This costs money. Thus making it less attractive to spam.

And since email is such an open system, it won't be hard to do. SPAMvertisers are very creative.

It also won't be very hard to block their efforts. The spam filters will continue to get better, and so will the spammers. But the cost of the spammer's development time will either cut into their profits, or make the spam more expensive. Either way makes it a less appealing business to be in, and raises the barrier of entry so that less "creative" spammers will go out of business... which is less spam, again.

I really wasn't referring to legality here.

Unless you make it illegal, the current email network we have won't be abandoned for a long time. No one is going to adopt a totally new, less open email system where they can't interact with the HUGE installed base of people who use email.

Think about it, would you? Would you stop using email in favor of a closed system that you can't recieve spam on, but no one uses?

All filtering will do is make them smarter. The end result will be nobody using e-mail at all.

I disagree. Spammers can't win the filter war because they can't get away from one thing : they must -no matter how well they disguise their headers, subject or even body text- mention a product and offer a link or phone number. Thus, their mail can be filtered.

Sure, they could get around this by not mentioning a product, or linking to a site or givinga phone number, but if they don't mention a product and give a way for the spamee to go and buy it, why would the advertiser pay them? It is advertising after all.

Also, if the filters get good enough at detecting the marketing text that spammers use, forcing them to insert more and more random text in the body of their messages, eventually the spams will be so incomprehensible, they won't work.

To me, it seems to be a fight the spammers cannot win.

For now, the best solution is do implement filters on your servers and provide users with white-list capability. Works great for me : only about 0.3% of spams get into my inbox.

Re:Treating the symptoms, not the problem...

[Anonvmous+Coward]

"This costs money. Thus making it less attractive to spam."

This costs money, thus making their tactics more aggressive. They're not going to just give up. they're going to protect their growth.

"Either way makes it a less appealing business to be in, and raises the barrier of entry so that less "creative" spammers will go out of business... "

Nope. What will happen is that everybody will have to use such a strict guideline to sending mesages that nobody will want to use e-mail, or people will learn to live with spam.

"Think about it, would you? Would you stop using email in favor of a closed system that you can't recieve spam on, but no one uses?"

I've already ditched e-mail. I use Instant Messaging to talk to people I want to talk to because I'm sick of SPAM. Everybody else is quite happy with IM too.

"I disagree. Spammers can't win the filter war because they can't get away from one thing : they must -no matter how well they disguise their headers, subject or even body text- mention a product and offer a link or phone number. Thus, their mail can be filtered."

Heh, and you think that's not going to filter everybody else in the world?

"To me, it seems to be a fight the spammers cannot win."

Wrong. The Spammers will win. People won't give up the ability to get messages from their loved ones, even if it means having to put up with SPAM.

"For now, the best solution is do implement filters on your servers and provide users with white-list capability. Works great for me : only about 0.3% of spams get into my inbox."

What I've been talking about all along is a white list, only mine mentions a method where somebody new can request to get on it. You don't even need filters with that in place. Spammers will not be able to get through. If, by some miracle they do, you can punt them and never hear from them again.

Filters are not the solution. Period. You cannot make a good enough filter to block all spam. You cannot make an effective filter that doesn't generate false positives. IM, on the other hand, uses the white list and permission request setup that I described, and it's been working for years. I've had the same ICQ number since 97, and I get 0 spam.

Re:Treating the symptoms, not the problem...

[NanoGator]

Uh, no. When they see a dip in sales, they'll start looking into how spam filters work and how to get around them.

This costs money. Thus making it less attractive to spam.

Are you listening to what the AC is saying? Filters are easy to bypass, and nobody will want a system that punts e-mails because somebody happens to trip one of those filters.

It's like the RIAA's attempts to prevent CDs from playing in computers. Because of the nature of music, there's no way to restrict it without making it unusuable to their customers. Email is exactly the same way because it is fundamentally flawed.

You should listen to the guy, he knows what he's talking about. He's helped me set up my e-mail to be spam free. The only way a spam can get through is if somebody hijacks the computer of one of my friends.

Re:Treating the symptoms, not the problem...

[joshsisk]

I've already ditched e-mail. I use Instant Messaging to talk to people I want to talk to because I'm sick of SPAM. Everybody else is quite happy with IM too.

Why don't you just ditch the spam? I get a spam in my inbox maybe once a week, and this is an account where I have two or three domains that have catchall emails that forward to it. I also have all my business email for two different business forwarded there (and those email addresses are on the web sites for those businesses, with a mailto:, with no subterfuge at all). Spam is no problem for me whatsoever.

Heh, and you think that's not going to filter everybody else in the world?

Why would it? If a spammer sends an email with a link to cheapviagra.com, blocking emails that link to cheapviagra.com shouldn't be a problem. Ditto for phone numbers. Sure spammers could stir up trouble by sending out spam that wasn't for their products but again, this raises their costs and makes it a harder business to be in.

You sending your mom a link to your website shouldn't be an issue, since it's not hitting 100,000 mailservers all at once.

Wrong. The Spammers will win. People won't give up the ability to get messages from their loved ones, even if it means having to put up with SPAM.

Duh, if all you want is messages from loved ones, sure, use a whitelist. There is no way a spammer can send you spam if you are using a whitelist _and_ not accepting mail from people you don't know. However, if you are trying to recieve business emails from people you don't know, then you can't really do this.

Filters are not the solution. Period. You cannot make a good enough filter to block all spam.

They work great for me. 0.3% of spam making it through is acceptable to me.

IM, on the other hand, uses the white list and permission request setup that I described, and it's been working for years. I've had the same ICQ number since 97, and I get 0 spam.

Sure, but as I said above, this doesn't work for everyone. For my various businesses, I need to receive emails from strangers who I have never communicated with before.

Re:Treating the symptoms, not the problem...

[joshsisk]

Are you listening to what the AC is saying?

AC? I've been debating with someone that has UID # 589068, not an AC. Check their username.

Filters are easy to bypass, and nobody will want a system that punts e-mails because somebody happens to trip one of those filters.

As I have repeatedly stated, I get a spam penetration rate of about 0.03%. I get a false positive rate that is comparable to that, and I wouldn't even get that if I bothered to set up my whitelist for everyone I know. This is acceptable to me. I get FAR more spam by snail mail than I get in my email inbox. When I had local phone service, I got way more telemarketing calls than I currently get spam in my inbox.

For me, spam is basically a nonissue.

It's like the RIAA's attempts to prevent CDs from playing in computers. Because of the nature of music, there's no way to restrict it without making it unusuable to their customers. Email is exactly the same way because it is fundamentally flawed.

My counter to this is that filters are working for me, and working great. You and user # 589068 _say_ that they can't work in the end, but that's completely your opinion. All I know is they work GREAT right now, and this implies to me that they have a good chance of working great in the future.

You should listen to the guy, he knows what he's talking about.

That's a little fishy, first you call him an AC even though he is not, then you know him?

He's helped me set up my e-mail to be spam free. The only way a spam can get through is if somebody hijacks the computer of one of my friends.

You needed someone to help you set up a whitelist? Why should I listen to _you_ if you couldn't even accomplish a simple task like that on your own?

Again, as far as I am concerned, my computer is spam free. If they need to send me 300 spams for ONE to get through, I'm fine with that. If I could set up a system to automatically shred 299 out of 300 credit card offers that come to my house, I'd jump for joy!

Actually -

[sean.peters]

You don't speak for everyone. On the contrary, I think that most people realize that e-mail delivery isn't guaranteed - and therefore they expect that truly vital messages will need to be backed up with a phone call or some other means, to be sure the message was delivered.

I would prefer to lose one or two legitimate mails in return for a virtually zero rate of missed detections.

Sean

Re:Actually -

[Anthony+Boyd]

I would prefer to lose one or two legitimate mails in return for a virtually zero rate of missed detections.

You don't speak for everyone. :)

Difference with MacOS X 10.2's Mail.app?

[tbmaddux]

This is all quite interesting from a technical standpoint, but what can I gain as a user of Mail.app in MacOS X 10.2 (Jaguar) from this? My Junk filter catches spam and tosses it into a separate folder. I occasionally go through it and send the spam off to SpamCop. What I like about Mail.app is that it's easy to keep training by marking as Junk (for spam it failed to identify) or Not Junk (for occasional false positives). It seems to work well and doesn't require a lot of interaction from me except for interacting with SpamCop (my choice).

It doesn't catch all the spam, and it occasionally has a false positive. This will be true of any spam filter we implement, because spam continues to change. SpamAssassin runs on some of the mailservers I connect to, but it tends to perform worse than Mail.app. So until we can get each user's spam filter customized at the server, spam identification is going to have to stay client-based. It sounds like Paul Graham's tools are getting a little more efficient, but does any of this make a big difference for the end user?

Re:Difference with MacOS X 10.2's Mail.app?

[Tom+Rini]

I think the main thing which can be gained (and, FWIW I'm a Mail.app user too for some of my accounts) is that maybe the next version of Mail.app will be more effective at catching things. I've been doing an unscientific comparison of spamassassin (+ razor) on my main account, and bouncing spam to both a bogofilter (0.9'ish) and Mail.app account and seeing who catches what. So far I've had a few more false negatives with Mail.app than bogofilter and spamassassin + razor. So there is room to improve.

The other noteworthy part here is that as time has gone on (and spam evolved a bit) Mail.app has had more false negatives than the other combinations, so there is room to improve.

This is not a new idea...

http://lsa.colorado.edu/papers/dp1.LSAintro.pdf

I thought that too...

[siskbc]

...until the email server at work got hacked and someone stole the entire address list. Since then, all of us have been getting spam by the bucketloads. And since I depend on people being able to get my current work address, I can't change it. Thank God for SpamAssassin!

Re:I thought that too...

so now the spammers are accomplishes or are using stolen goods.

get them cops out to bust em.

Re:How is spam that big of a problem?

It's all fine and dandy to have a spamtrap account if you never plan to read it, but what if you want to get online bank statement notifications or other important notices? I just noticed my friendly credit card company (Capital One) took it upon themselves to introduce my previously spam-free e-mail account to their business partners so they could introduce me to the wonderful world of buying fucking flowers for valentines day. Thanks alot assholes. And no, they have NO option to opt out of this fucking crap. The spam is posted from the same address as the statement notifications with a friendly disclaimer saying they're not in any way affiliated. Nice.

Re:More than 1.1 billion pigs are killed worldwide

Pigs are some of the most intelligent beings on our planet. Why do we kill them by the billions? Just to enjoy the transient pleasure of tasting their flesh?

Pigs would be pretty rare if we never killed them.

Re:hopeless

[blakestah]

I think you are wrong.

Bayesian filtering merely using a statistically optimized method to duplicate the classification of the user for which it is working. If trained on enough of YOUR email, it will work exceedingly well in classifying YOUR future email.

Put another way, I tried blacklisting filtering, and fixed token filtering, and performance was pretty poor. In contrast, I am quite happy with bogofilter's performance. But, of the various methods, only Bayesian filtering takes the preferences of the individual user as its primary basis for sorting email.

BTW, your link is pretty much useless in showing why Sponsky may or may not think Bayesian methods are intractable. He more or less just rants that draconian MTA based filters are doing harm - I agree with him. But the word Bayesian doesn't even appear on the page to which you linked. And that makes you a Troll.

My favorite Baysean token

[daves]

... is "0D". Some HTML editor out there, apparently only used by spammers, encodes it's output with an ASCII "0D" at the end of each line. These spams get the highest scores I've seen.

Re:hopeless

[Malcontent]

"Who knows, maybe Joel's wrong."

Has he ever been wrong before? I have read a few of his writing and I wasn't impressed. It's not like he is some sort of a deity or something.

I am curious as to why you would site him as some sort of an infallible source.

spews.org problems need to be addressed

[wessto]

I host several domains as a hobby for my family. Recently my ip address made it into a listing on spews.org. Am I a spammer? By no means. Am I screwed? Absolutely. After reading spamming newsgroups I found that I am not alone. At first I was just getting blocked because I was sending mail ( my own smtp server ) from a "known" spamming source when in fact I'm not a source of spam. My IP happens to fall into a larger block of ip's that my ISP owns, some of which are sources of spam.

This was a minor setback, but now other services are starting to use bulk email sources as deny lists for their offerings. My free dns provider, zoneedit now prohibits me from adding / modifying any of my zones. This is simply not acceptible to me. The way spews is set up, it is not easy for my ip to get off the list. My ISP cannot just call them up and take me off. There has to be a way to avoid this, and eliminating spam at a higher level would be a good start.

Re:spews.org problems need to be addressed

[Tackhead]

> My ISP cannot just call them up and take me off. There has to be a way to avoid this, and eliminating spam at a higher level would be a good start.

Eliminating spam at a higher level requires that your ISP be part of the solution.

Being listed on SPEWS is an indication that your ISP is part of the problem.

Instead of asking your ISP to call SPEWS (which it can't) to get your block unlisted, why not ask your ISP to call the spammer (which it can!) and terminate service to the spammer.

SPEWS is eliminating spam at the higher level -- by forcing ISPs that harbor spammers to choose between servicing their spammers or legitimate customers.

If your ISP refuses to boot the spammer, they've made it clear to you who they'd rather do business with. Perhaps you should make your preference just as clear to your ISP.

(I am not SPEWS. But if I knew who SPEWS was, I'd buy them a beer.)

Re:spews.org problems need to be addressed

This might indicate that by paying your ISP
you are helping to finance spammers, if your
ISP is indeed a spammer-nest.

So, one spin would be that SPEWS is trying
to hinder you from funding spammers.

Re:spews.org problems need to be addressed

[Dimensio]

Have you asked your ISP why it makes their network an undesirable communication source for others by hosting spammers?

Re:spews.org problems need to be addressed

[Raffaello]

I had a similar experience with my ISP. One day, I was suddenly unable to receive email from certain people who I knew were not spammers. But my ISP was convinced that they were. They never told me why exactly, but I'm pretty sure they just happened to be coming from the wrong block of IP addresses.

I actually had to reroute all of my mail through a different account in order to continue normal email communication with family members at work!

Lesson: any filtering done by the ISP must be overridable by individual subscribers, or their supposed email service is worthless.

Re:spews.org problems need to be addressed

[wessto]

Thank you to all who pointed out that the problem is at my isp. I am in the process finding another isp. Any suggestions for verizon telco in southern ca?

Re:More than 1.1 billion pigs are killed worldwide

[ackthpt]

Could Bayesian filtering be applied to filter offtopic posts as well?

Unfortunately, it might work at first, but we've seen offtopic posters and first posters evolve. Alas, they seem to be a form of semi-intelligent life and once their numbers start to dwindle you can almost bet some internet environmentalist society will crop up and declare them endangered "where once, great herds of them swept majestically across the plains, now only a few cling to the ever encroaching egalitarian dark forces of the internet.

It's probably just easier to round them up and send them to Guantanamo.

The ramifications of filtering

[osgeek]

If you want to filter spam for yourself, great. You probably appreciate all of the issues involved.

The irony is, though, that the better joe-surfer has spam filtered *for* him, the less he'll realize that it's a problem -- and the less political stink spam will have associated with it.

Qmail + Qconfirm?

[sullrich]

I've been using qconfirm http://smarden.org/qconfirm/ and it has eliminated my spam problems completely. We have a nice web interface that our users can surf into manually releasing any messages that may be important, otherwise they sit in queue waiting for the sender to validate (confirm). I have also eliminated the double bounce issues that sometimes would come up. Full details on this setup is listed at the above link. Give it a try! -GG

sneakemail.com

[Stalemate]

sneakemail.com is my new way of eliminating spam.

Re:IN SOVIET RUSSIA

Quit modding this down! It's the honest-to-god TRUTH!

Registration

[ackthpt]

I recently assembled a PC (check my journal for various details) and registered, online, a number of the packages and hardware that I assembled it with. I've kept a yahoo.com email address for special purposes, as you suggest (slashdot registration, etc.) and it had remained spam free for years. Now it gets spam. Guess who sells email addresses or has a hole in their boot?

If only I'd given a different address for each I could figue out definitively who the culprit is.

Alas

[yndrd]

That hasn't worked for snail mail. Junk mailers don't stop sending their mail just because they have to use postage; they just up the price for their masters.

Re:Spam only cost-ineffective with ISP-level filte

[jfengel]

You bring up an interesting point. If everybody in the world were the sort of people on Slashdot, there would be no spam. Even at very low cost, there would be zero response, and it wouldn't be worth their effort.

The problem is the real morons. The kind who are taken in by the stupidest spam tricks, like the "future spam" he describes (nonsensical but grammatical set of English text designed to slip past Bayesian filters, followed by a URL.) What kind of a moron would click on such a URL? The kind of moron with more money than brains. (Probably not much money, but clearly zero brains.)

It would be lovely to filter out those emails before they reach the morons, but that's unfortunately impractical and illegal in the general case. Maybe we all need to subsidize a cheap ISP for morons.

My plan for spam

1. Collect spammers scalps
2. ???
3. Profit

Focusing on the last bit of text

[hrieke]

Way down in the footnotes:

[13] It's sometimes argued that we should be working on filtering at the network level, because it is more efficient. What people usually mean when they say this is: we currently filter at the network level, and we don't want to start over from scratch. But you can't dictate the problem to fit your solution.

This is where the problem of spam will be solved, by having a web of trust between the mail servers, that sign the message in a maner which makes it easier to back track a message and if these servers also do filting, well we kill two birds with one stone. The problems are:

• CPU intensive
• Need to look at every message
• Seeding the filter database
• Building trust with other servers

And others of course.
Think about this one, what does the typical email a porn star would get look like? What we think of spam, might not be someone else's.
How would the system scale?
And what would stop a spammer from installing a server with a bogus filter database, or just signing off on each message as being legit?

Perhaps filtering based on each user's personal corpus of valid email is the only workable solution, or that spammers will kill off email as a usable means of communication.

Re:Focusing on the last bit of text

[JoeBuck]

If you're a geek virgin, words referring to sex indicate spam. If you're in a torrid long-distance relationship, those same words indicate a message that you do not want to miss. But that's the beauty of Bayesian spam approaches: the probabilities are based on your own preferences.

ifile

[Eunuchswear]

Why does no-one ever mention ifile? They seem to have been doing this for quite some time (since 1996?) and have a neat trick for avoiding all those boring "training" steps (you tell ifile how to classify messages by moving them into the folder you think they should be in).

Re:hopeless

[Mendax+Veritas]

You don't give a specific URL, and the only thing about spam on Joel's front page currently is a rant about SpamCop blacklisting the server that hosts his "Joel on Software" mailing list. So it's hard to evaluate your claim that Joel "proved" something about Bayesian spam filters. Given Joel's habit of making big pronouncements and supporting them with hand-waving, I tend to doubt that he proved anything.

In practice, I find that bogofilter (a Bayesian spam filter) works better and requires less maintenance than SpamAssassin, which, in turn, is better than any of the anti-spam tools I had used previously (such as SpamBouncer, which I found almost useless).

fuck state do not call lists.

i say we start our own. we are the people who dont respond to spammers, you'd think theyd be happy to remove us.

anyone with me?! start up a do not spam/call list?

Insightful? No, it's flamebait.

[FatAlb3rt]

You don't have a problem with spam? So no one should have a problem, right? Spam does not depend solely on you doing something stupid. Any mail you send to someone could be improperly fwd'd or even posted somewhere that you don't want it to be. From there, you're screwed.

Damn AC.

Re:How is spam that big of a problem?

[xXunderdogXx]

I'm very savvy about where my good email addresses go, and never had to worry about spam-- but I recently started getting Windows Messenger popups. (I disabled it shortly after getting them) But the point is that spam will continue to be a problem to anyone who uses the internet at all.

Spammers will continue to create new and ever more effective ways of bombarding us up to the point that even the most savvy of us will be unable to ignore the problem.

[cliche]If you're not part of the solution, you're part of the problem![/cliche]

Another way to filter out SPAMs

[ottffssent]

Spam filters seek to classify emails as spam/nonspam based on differences in the emails. The spammers however have absolute control over the content of their emails, so such methods are doomed to a life of one-step-ahead. There is one characteristic of spam which can never be changed by the spammer: spam is computer-generated and mass-mailed. Legit emails are not.

My idea is this: The system maintains an initially empty whitelist. When mail is received from a sender not on the whitelist, autoreply with a message explaining the situation and requesting an email back whose first line or subject contains a random word or phrase from the dictionary. Human beings will grumble, respond, and get added to the whitelist. Spammers won't give your email the personal attention it needs to get past, so you remain blissfully unaware of it.

Re:Another way to filter out SPAMs

[Violet+Null]

spam is computer-generated and mass-mailed. Legit emails are not.

Some legit email is definitely computer generated. I sign up for /., it sends me an email with my password. /. will not care about an autoreply, so I would never get that email.

If you standardize an autoreply, so that websites could parse and return it, then so could the spammers, easily enough.

Finally, you'd be doubling the amount of bandwidth spent on email, as each spam would now have a corresponding auto reply.

Re:Another way to filter out SPAMs

[21mhz]

You, too, should take a look at TMDA.

Re:Another way to filter out SPAMs

[ChaosDiscord]

If you standardize an autoreply, so that websites could parse and return it, then so could the spammers, easily enough.

Sure, the spammers can autoreply, but it requires a working Reply-To address and a willingness to pay the bandwidth bill. By and large spammers don't have working Reply-To addresses and steal bandwidth by abusing poorly configured mail servers. So an automated system will in fact be "good enough" to stop many spammers.

Now, if we tweak the system so that the autoreply-reply requires some small amount of processing power (say, 5 seconds on a "typical" PC) and cache positive results (Bob replied correctly once, so I won't challenge him again), the situation gets easier. I personally won't mind because I don't contact that many new people so 5 seconds here and there won't even be noticable. Legit mailing lists will only grow by a (relatively) small number of subscribers each day and so their day to day cost will be relatively small. (And if it's a real problem the subscription information can clearly state "the message will come from example-list@example.com, please add that address to your trusted senders list!") A spammer forced to reply to the millions of addresses they spammed will have a serious problem, that sort of compute time will cost them real time.

Re:Another way to filter out SPAMs

[Violet+Null]

Sure, the spammers can autoreply, but it requires a working Reply-To address and a willingness to pay the bandwidth bill. By and large spammers don't have working Reply-To addresses and steal bandwidth by abusing poorly configured mail servers. So an automated system will in fact be "good enough" to stop many spammers.

I think the argument "spammers won't do it because it'll waste bandwidth" is dismissable based on empirical evidence. Spammers don't care about bandwidth. As you noted, they're often using other people's. So this isn't a problem for them.

Now, if we tweak the system so that the autoreply-reply requires some small amount of processing power (say, 5 seconds on a "typical" PC) and cache positive results (Bob replied correctly once, so I won't challenge him again), the situation gets easier.(snip)(And if it's a real problem the subscription information can clearly state "the message will come from example-list@example.com, please add that address to your trusted senders list!") A spammer forced to reply to the millions of addresses they spammed will have a serious problem, that sort of compute time will cost them real time.

The problem with this is if you have a system where someone needs to add someone to their trusted senders list -- and being on that list is permanent, instead of being challenged with each email -- you'd get spammers who would use a forged reply-to that may be good for a number of people (eg, one used by AOL, Yahoo, Microsoft, Amazon, etc).

Re:How is spam that big of a problem?

[Anonvmous+Coward]

"Use another account for regular everyday things, and make sure it sin't something simple like abc123@hotmail.com. I do that and never get spam to my real accounts. This whole spam thing is way overblown."

You remind me of the guy who fixed his leaky roof by using an umbrella in his house.

Let's get rid of stop signs and red lights too...

...because they tell me how to drive my car.

Laws are necessary when a practice can be used to cause others harm.

Re:Spam needs a global solution (Global Solution)

[GGardner]

A single Pentium 90, 235 million spam messages stopped in 10 months

I'm curious if you have any idea how many spammers that represents.

Also, isn't it easy for a spammer to workaround a spam honeypot -- create a hotmail account, add it to your spam list, and verify that it did go through.

Re:Blocking spam should be illegal.

[wheany]

What good will just responding to spam do? You have to buy everything advertised in spams. Only terrorists fail to do that.

And you could do even better by forwarding the spam to everyone on you addressbook.

Undeliverable

Does it work to send back an undeliverable message to the spam sender? Is there software to do this?

Filtering Backed By Laws

[Steve+B]

Ultimately, what it will take is filters good enough to block most of the existing crop of chicken-boners, backed by laws recognizing circumvention of the filters as a form of computer cracking. The latter would make it legally risky to develop, distribute, or use filter-busting tools (which have no conceivable legit use outside of filter-improvement research, for which a narrowly carved exception could be made).

More than 1.1 billion hippies post off topic

[muzzynat]

Ok do the following, then maybe I'll care about your opinion: 1. Solve world hunger so tribe in africa don't need pork to survive 2. Find jobs the farmers who currently raise hogs as a for primary or suplimental income, that require the same skills, knowlege, ect. that they have been building for generations. 3. Find me an example of a civilization that is flourishing with out pork. 4. Find a place to sell grain considerd feed quality for animals but not people. 5. Do the above with the following animals. Cattle, Chickens, fish, sheep. I appoligize for the off topic post, but people who refuse to realize that more is at stake that pig lives bother me. Additionally anyone who says pigs are intellegent has not ever been around pigs, in addition to being intellegent, they are also quite mean.

Re:More than 1.1 billion hippies post off topic

[orthogonal]

Ok do the following, then maybe I'll care about your opinion: 1. Solve world hunger so tribe in africa don't need pork to survive ....

Yum, cat farms!

Tastes just like chicken, and keep down the rat population.

Meeeeeeeooowwww!

Re:More than 1.1 billion hippies post off topic

[rworne]

Solve world hunger so tribe in africa don't need pork to survive

A shocking note:
You know, in many parts of Africa and the Middle East, swine are considered unclean and unfit for eating due to cultural or religious belief.

Even more shocking:
Yes, I am aware of the cultural differences among the many different peoples of the world, and I am a US citizen. I can even find Iraq on a map!

--
Yeah, but bacon tastes goooood! - Vega

Re:More than 1.1 billion hippies post off topic

You know, in many parts of Africa and the Middle East, swine are considered unclean and unfit for eating due to cultural or religious belief.

In many parts of Africa and the Middle East, the people are unclean swine due to cultural or religious belief.

Re:More than 1.1 billion hippies post off topic

[some+guy+I+know]

1. Solve world hunger so tribe in africa don't need pork to survive

Raise human-edible crops in the same area where you were raising pig food before.
IIRC, you can feed ten times as many people per unit area of land if you don't process the food using animals (i.e., feed the animals the food, then eat the animals).
However, the reason for most famine in the world is political, not due to actual lack of food.

2. Find jobs the farmers who currently raise hogs as a for primary or suplimental income ...

I don't care what happens to these dealers of death, any more than abolitionists cared about what happened to slave dealers 150 years ago.

3. Find me an example of a civilization that is flourishing with out pork.

We won't know until we try.
It's like, many years ago, someone saying, "Find me an example of a civilization that is flouishing without the death penalty".
Someone was first, and now all civilized countries in the world have abolished the death penalty (for humans, anyway).

4. Find a place to sell grain considerd feed quality for animals but not people.

Methanol fuel.
The plastics industry.
Also, more farms would grow "people quality" food if the market for "feed quality" food declined, which would also help with your point 1 above.

5. Do the above with the following animals. Cattle, Chickens, fish, sheep.

Yes, I agree, do it with all animals.
And while you're at it, get rid of animal testing, hunting and fishing, and other immoral practices.

Re:hopeless

[Konings]

No he didn't. He was miffed because spamcop blacklisted his providers ip and was bouncing email from his list. He discussed bouncing spam mail vs tagging spam mail and suggested that tagging was a better solution. The word Bayesian doesn't show up anywhere on a search of his site.

Re:Spam needs a global solution (Global Solution)

[Rogerborg]

Sounds great, but it's trivially detectable by trying to use the relay to mail one of your hotmail accounts.

I do take the point that many spammers are simply too dumb and lazy to do that, but I expect there's evolution in action amongst them and we can't expect that situation to last forever.

HTML color matching is a nice idea

[soorma_bhopali]

"discovered that "per" and "FL" and "ff0000" are good indicators of spam. In fact, "ff0000" (html for bright red) turns out to be as good an indicator of spam as any pornographic term." This is a really good and novel approach. Along with key words like "XXX", bright colors are a sure indicators of SPAM. Afterall who uses bright flashing red colors in his/her daily emails?

Re:HTML color matching is a nice idea

For one, our HR people love to use flashing red text and animated GIFs to spice up their otherwise boring e-mails.

;-)

Re:Spam only cost-ineffective with ISP-level filte

[rela]

The problem is the real morons. The kind who are taken in by the stupidest spam tricks, like the "future spam" he describes (nonsensical but grammatical set of English text designed to slip past Bayesian filters, followed by a URL.) What kind of a moron would click on such a URL? The kind of moron with more money than brains. (Probably not much money, but clearly zero brains.)

It's curiosity. They don't know, so they click. Even warnings that clicking on random things in your email box is a bad idea don't stop it. The clicker HAS TO KNOW.

You already know. You are not curious, merely annoyed. So you don't click.

I don't see how you can educate people other than with the 'burned fingers', like the speeder that can't keep his foot off the gas pedal... until it gets him into a major wreck. A co-worker of mine has finally learned not to run email attachments after getting infected with a trojan he clicked on out of curiosity.

Despite what individuals may do, this is just part of overall human nature.

Re:More than 1.1 billion pigs are killed worldwide

[muzzynat]

Actually, spam is a pork product, but barely. They liquify pork byproduct and can it. Im not kidding the stuff is liquid when they put it in the can. Kinda dispointing, I always thought that they shot the cans right though the pig. Now if only they did either of the above to real spammers.

been using spamassassin all this month

[AssFace]

I went through over 500 spam a day down to about 3 or so and I figured out that those last 3 are due to the fact that they are bypassing the filter (I have a bunch of different urls and the server that it is all hosted on also has its own name - so mail sent to that username at that host doesn't get sent through any filters and the way that the filters are setup there - pair.com - I can't trap that particular servername).

I have been very impressed with SA and am writing scripts to track the stats even better (I love seeing what it has pulled out everyday).
So far I have had zero false positives out of about 1-2megs of mail being filtered everyday for nearly a month now.

SA has multiple different ways of searching the mail - any one of them can be easily bypassed by any given e-mail - but all of them together are really damn good at getting rid of spam.
I'm very impressed with it and how well it learns (although straight "out of the box" - or perhaps I should say "straight out of the tar.gz" it brought me down from 500+ spam to 5-10 a day and then I tweaked how my accounts were filtering into SA and that fixed the rest.

the only solution:

[edrugtrader]

maintain a list of email address that you will accept from... there are many solutions already in place to deal with getting new people on your list. this is the only way.

Not Difficult

Just ask your ISP to either:
1) stop lumping you in with spammers
2) stop hosting known spammers

or change ISPs.

My 0.03$ (adjusted for inflation)

[IWantMoreSpamPlease]

Because of where I work, I have to use Outlook Express. I know, sucks to be me. OE does have a filter setting so I can at least start putting keywords in and have mail sent to different boxes. I have found that a large (greater than 95%) of spam sent to me is "personalized", meaning that somewhere in the spam is my name.

Co-workers, friends, family, don't call me by my name, so I add my name to the kill-filter list and most spam goes bye bye. I only wish OE had an option to kill-filter anything with HTML in it since nearly 100% of my incoming spam contains HTML, sound, images and whatnot.

I'd love to see M$ get their act together and fix OE and Outlook and include modern filterin techniques (such as discussed in the main article) but I doubt it'll ever happen.

Re:My 0.03$ (adjusted for inflation)

Why don't *WE* get together and make an Outhouse/Outbreak/Outlook anti-spam plugin? Even if it is written in a cruddy excuse of a language, if it's well supported and free, we might be able to let the masses enjoy 97% less spam and the spammers enjoy looking for a real job.

Want some Via&lt!--hghieehgi&gtgra?

[daves]

I've started seeing html mail with naughty words split with html comments. The filter tags the spam from header fields, and learns that "gra" is spammish.

The spammers are starting to jump through hoops to get around this. It must be working on a large scale.

Pardon me for the munged subject. I can't see how to get a "greater than" symbol into Slashdot.

Re:Want some Via&lt!--hghieehgi&gtgra?

[user+no.+590291]

I've seen a bunch of that, too. It just means the filters will have to normalize the message, by stripping out the comments.

I've also seen a great preponderance of text only messages encoded in base64. I assume this is also an attempt to evade filters.

AIM spam

Anyone know if someone is working on something to combat the ridiculous amount of spam via instant messaging? I've been receiving daily spam instant messages via AIM for the past month. The messages are always from different screen names and are always advertising webcams. It's getting really annoying. The simple solution is to just block people not on my buddy list, but that just as bad as other types of false positives.

Re:How is spam that big of a problem?

[ryochiji]

If you have your own server or host, you can setup different aliases for various online services that require email addresses. So if you go to randomsite.com, you can create an alias called randomsite@domain.com. When you start receiving spam at that address, you simply forward everything to /dev/null. You also get evidence that randomsite.com is selling email addresses, should you wish to persuit the matter further.

Combine that with the usual safeguards, and you probably won't receive any spam. I know I don't, at least...

Re:My university does this.

[leerpm]

I atttend Dalhousie University here in Halifax, Canada. Our NOC implemented a spam filtering tool ( I think SpamAssasin ) and it marks emails that it believes to be spam, by adding an "X-Is-Spam" SMTP header to the email. Anyone who wants to use this can then just add a corresponding rule in procmail. Lee

Re:How is spam that big of a problem?

[stumblingmonkey]

Ever try playing hostmaster or postmaster for multiple domain names (or a single one at that). There are times when having all your DNR's or requests for DNS changes sent to abc123@ might seem like a good idea, but that just brings us back to the problem at hand.

I shall crush your filter!

[Rocko+Bonaparte]

Start message with: kitten computer candy mother father pig money happy birthday yams game scanner program office printer scanner paper car automobile doing ...
... penguin telephone camel
At the end: HOT HOT RUSSIAN TEENS! [insert link here]

So how about that? That kind of stuff is already used on search engines!

Re:I shall crush your filter!

[bugbear]

Wouldn't work. The algorithm only cares about the most statistically significant 15 words. TEENS easily beat yams.

Re:I shall crush your filter!

Except "russian" and "teens" never appears in my real email, so the filter will catch it because it has a high spam rating.

Re:I shall crush your filter!

[rkent]

Mr. Graham:

Have you experimented with the threshold of how many significant features you use? I recall in
Bill Yerazunis's presentation, he discussed keeping all features, not just the top several. But his weren't, to the best of my knowledge, scored contextually; do you find that contextual scoring outweighs keeping more features?

Re:How is spam that big of a problem?

[AssFace]

lol

I suppose if that method works for you, then rock out with your cock out.

but for those of us that own urls and/or companies that are web facing (in that everyone out there needs to see it in order to bring in money - not just a page that your parents and your best friend visit once a month) - you need to have an email (or in many cases - many emails) that is public.
(or in my case you also have a bunch of urls that you thought were amusing)
those emails get hit by bots and then you are added to lists - not to mention that you are added to lists once you have registered a domain name.
(obviously it helps to filter out the X@domainname.com where X is not one of the valid emails for that address - many hosted companies will simply let anything through that is at that url, and spam takes advatage of that)

like someone else on here said - while your method works for you, to then wonder why it is a problem for others is naive.

In the end - I use spamassassin and it f'in rules.

Re:How is spam that big of a problem?

[zootread]

Simply use a free account for any registration required sites / internet posting and only check it when necessary to confirm registration. Use another account for regular everyday things, and make sure it sin't something simple like abc123@hotmail.com. I do that and never get spam to my real accounts. This whole spam thing is way overblown.

Well, that won't work in a lot cases. I can create an e-mail account on my ISP (Roadrunner) and within hours I am getting spam without having even used it. The must be allowing easy access to the account list. Free accounts are worse (hotmail, yahoo), create an account and you're guaranteed to get spam, even if you've kept the e-mail address a complete secret.

On the other hand, at work, I don't get a single piece of spam because I am careful with the address.

Re:More than 1.1 billion pigs are killed worldwide

[ravenwolff]

I don't think it would be nearly as complicated to check for duplicate posts...

How about this solution?

[mnmn]

Every person has a public and private key assigned by the govt. He sends his public key in each of the emails with the email has. The recepients mail app checks the key via a database run by the govt. The database can be very redundant since keys dont change much, just like DNS.

Now if the root key servers go down, after a latency the cache values go bad, email clients would then automatically accept all email. This would hold any sender accountable, at the price and risk of lack of privacy in say political mailing lists.

Re:Spam needs a global solution (Global Solution)

[minas-beede]

"Also, isn't it easy for a spammer to workaround a spam honeypot -- create a hotmail account, add it to your spam list, and verify that it did go through."

Yes. So far many don't (I don't know of any that do, but spammers do, eventually, stop sending to a honeypot.) Ralsky never caught on to the Moscow honeypot that was whacking him last year (I think he's the one who told Shiksaa - visit NANAE to find out who she is - that SPEWS was killing him, just at the time of the major whacking Ralsky was getting.) (Chuckle.) I looked for spammer dropbox addresses in trapped spam 3 years ago - I figured they'd use the same address every once and a while in the list of victims. I sorted the list of recipients, sorted again, removing duplicates, and compared. No differences: each victim showed up once. They could do it, they don't. Years of experience has taught them that they can test for open relays and abuse them incautiously - nobody does anything to counter them. They think they own the internet because people ignore their attempts to relay. It's easy to knock the smirk off their faces: pay attention to illicit connection attempts.

There is a project already in motion to collect all recipient addresses for honeypot-collected spam in a central location. If any address shows up too frequently then that's a suspicious address. The real problem isn't what the spammers do or could do, it is that too few people use this very simple method to wreck the spam path.

My original honeypot went down last week (I retired in 2001; I haven't really checked to see what the current managers are doing with it.) This year I only captured relay messages, delivered nothing. When it went down last week it had captured over 100 relay test messages in January. You can also go after spammers with these (and I did - no results yet to report, I'm hoping for some big results.) Spammers could detect that - but too late.

There's a sneakier version of what you suggested that the spammers could use. I won't tell them what it is.

Volume is the key - many honeypots are needed, quickly, to whack them before they adapt. Same for open proxies. It is an absolutely simple approach. You could set up Granny's system to run a honeypot and it would work, if she has a connection to a segment the spammers search for open relays. http://jackpot.uk.net/

Try Jackpot and see for yourself, if you can.

Re:How is spam that big of a problem?

[knobmaker]

This whole spam thing is way overblown.

Maybe having spamtrap addresses works if you only use the internet as a personal communication medium. But what if you run an online business, and need to keep email addresses on your websites?

That's why antispam technology is important to me.

MATH THEORY

[EEgopher]

(exhales loudly as he reclines the brown chair)
Upon reading these extremely fine articles, my mind picks and dances at one particular point, and that is the SIZE of corpuses to use for the training. It seems to me, that at infinitely large bodies of training material, both spam and non-spam tokens would have equal chances of being passed or rejected. Even for large (4000) bodies of corpus, would you really want to be training with equal numbers of spam examples vs. non-spam examples? It seems to me that the filter could cycle unto itself, giving the word "the" superior priority to "mortgage", and so-on-and-so-forth such that the filter would have learned so many words -- regardless of good vs. bad -- that the filter would again (raises fist to clear throat) turn in on itself; cycle unto its own voidance.
Does anyone have any ideas on this? If I missed something from the article, such as the "weighting" system he gives to known "good" text (which I still see as being futile at large sample sizes) please inform me.

Re:MATH THEORY

[Raffaello]

Yes, you have missed something. The word "the" would not appear *predominantly* in either spam or good emails. Therefore, the word "the" would have a neutral liklihood (say, .4) for spamhood, and a neutral liklihood for real mail.

The filter Graham wrote concentrates on tagging mail that *both* has a high liklihood of being spam, because it contains words or terms (header items, IP addresses, etc.) that only or almost only appear in spam, and has low liklihood of being real mail, because it doesn't contain the terms that only appear in my real mail.

Museum of Spam

[ch-chuck]

Just as every Elvis fan longs to visit Graceland, SPAM fans worldwide now have their own pilgrimage to make. In Austin, Minnesota a 16,500 square-foot SPAM Museum opened in September 2001.

Museum visitors will be welcomed to the world of SPAM luncheon meat with a variety of interactive and educational games, fun exhibits and remarkable video presentations.

Problem with anti-Spam on the Server

[WatertonMan]

The big problem with most current spam filters is that they work at the server level or else require an extra "intermediary" pop-like server between you and your regular mail server. This is a problem because they assume a "one size fits all" approach to Spam. The problem is that one man's spam is an other man's interesting offer. Further they require the maintainer of the server continually update the corpus that trains the filter.

The real fact of the matter is that for most people the hassle is nearly as bad as the spam! I don't want to spend the time setting up such things. And when people have set them up *for* me I get too many false positives, if only because my interests differ from them. Thus any filter has to be trained with user data and be trainable in an unobtrusive, easy fashion.

The only software I know of that does this is Apple's Mail program in OSX. Unfortunately the program has many limitations and annoyances. (Damn that drawer) However Apple's approach to Spam ought to be followed by all other email clients. Adding Bayesian inference to an email client is very easy. Putting it in the sever is a mistake because you *can't* easily click and lable an email as spam. As with unfortunately too much Open Source software, the interface has been ill conceived.

Re:More than 1.1 billion pigs are killed worldwide

[thomas.galvin]

Pigs would be pretty rare if we never killed them.

Actually, there is a bit of truth to this. There are a lot of cows in America. Why? Because they taste good, or so I'm told, and they make nice clothes.

There are more trees in America now than when Columbus landed. Why? Because we can make all kinds of nifty things out of them, so people grow and sell them, and replant what they sell.

Simmilarly, hunting "culls the herd" a bit, controlling a population that would otherwise likely starve to death.

And, for what it's worth, I'm a vegitarian.

Re:Spam needs a global solution (Global Solution)

[minas-beede]

I should mention that while 235 million spam messages stopped is wonderful and impressive it isn't the focus. Spammers can send relay spam because they can easily and reliably find open relays. The real goal of honeypots is to undo that - make finding open relays difficult and unreliable. Some open relays may still relay only 50 messages/day for about 1000 recipients. Setting up honeypots in the same zone with these makes the real open relays less easy to find, and that is the real goal. We need to destroy, completely, the ability of spammers to find open relays. Causing them grief using information from trapped relay test messages is another way to make finding open relays too difficult for them.

Put enough painful traps in an IP region and the spammers will have reason to not test at all in that region. Then it won't matter if there's an open relay in the region becuase the spammers will never look there for it and won't find it.

(Sure, secure all you can, but securing them by making them honeypots is far more powerful than just bolting the door, so to speak.)

The same discussion works for open proxies and for any other TCP/IP service they decide to abuse. Punish them if they try. Drive them away. Make not bothering you (or anyone else) the course they choose. Make them suffer if they don't choose wisely.

Mac OS X options?

[jaysones]

I use Mac OS X and Entourage. Can anyone recommend a good filter for me? I use the built in one, but it's not as accurate as it used to be. Anything that gets by, I report to SpamCop and use the Entourage Bouncer script, but I'm starting to doubt that Bouncer is any good.

Re:Mac OS X options?

[DuBois]

One word: Spamfire.

Filtering spam is like...

...closing your eyes when someone hits you with their fists. But it's better than nothing.

Why not cut the flow of shit at the source? Why can't countries fight against spam by enforcing laws and stopping this waste of time and network resources (=spam) once and for all?

Whoever mentions "freedom of speech" gets shot in the head. You can speak all you like but you can't make me listen to your "speech". Spam is forcing me to listen.

Re:Spam needs a global solution (Global Solution)

[21mhz]

Spam doesn't select a pathway but spammers do. If you could block relay spam at the open relays it would be dead. You can't, of course - the open relays are controlled by people who don't know the need to block spam.

These people learn quick, after their servers make their way to the open relay blacklists. Just make sure it happens every time when you receive a spam that have been apparently sent through an open relay. Forward the spam to relays@ordb.org with the first line: Relay: IP_address , or pop up ORDB and fill in the form.

No Spam Laws Please

[idesignit36]

Someone always has to post a comment to the effect that "spam would go away if you just make it illegal...blah, blah, blah...." hmmm...lets examine that shall we? Every internet connected country would have to outlaw spam in theory for this pipe dream to work. Then, you would have to have a super secret international spam police. Then magically overnight everyone would be so scared to send spam that it would just stop.... ha thats laughable. The U.S. outlawed various narcotics and that sure as heck stopped all the drug sellers and users didnt it. Come-on The knee jerk reactions American's make to any unpopular subject is always government regulation. Instead of taking actions on ones own we are always inclined to be babysitted, until that imposes on our freedoms, then all of a sudden we want government out of the picture. Take a few simple steps on your own and reduce if not eliminate your spam consumption. A) DONT sign up for lists that you know are junk! If you do, sign up with a throw-away account. B) use an email address that isnt easy for spammers to find using dictionary attacks like "bob123@aol.com". Creating an address 11 characters or longer without common words will help reduce the number of spam collectors finding your address. C)Don't post your address where it can be easily collected by mail harvesters. D)Don't use yahoo, MSN, and the like for email and then complain that you get spam. They are FREE accounts. How do you think they make money to keep offering those accounts? Why do you think they offer free accounts? To sell your email address to spammers!!!!!! E) Support programmers and companies who offer defenitive EULAs against selling your address and or provide or offer methods to block spam effectively. F) Consider using software that sends an autoresponder to anyone trying to send you email that you have not recieved from before which requires them to authenticate themselves before thier mail can reach your box. Put the work on spammers and not on your sys admin or yourself

'till they implement this newfandangled algorithm,

[skermit]

Try Cloudmark's SpamNet. It's amazing. It's P2P based with almost 270,000 people right now, and it blocks about 60%-95% of my incoming spam (depending on whether or not it's made its rounds through the P2P network yet). I love it and they offer a quick and dirty plugin for Outlook 2000 and Outlook XP. Enjoy!

I'm wasting too much time on this...

[duncanatlk]

I dread to think how many (well intentioned) hours I've wasted on this problem. A part of me wants to provide a workable solution to my company, but I am reluctant to implement a system that blocks even one legitimate message. So I continue to research a better solution everytime this topic appears on Slashdot. I am beginning to think I should just wait for adequate legislation.

Re:Spam only cost-ineffective with ISP-level filte

[bheer]

The kind who are taken in by the stupidest spam tricks, like the "future spam" he describes (nonsensical but grammatical set of English text designed to slip past Bayesian filters, followed by a URL.) What kind of a moron would click on such a URL?

No kidding. Here's an example from my mailbox -- Moz's 1.3a spam filter didn't recognize this one. Note that I actually *know* people who write like this IRL.

Frank

You've gotta see this website: http://www.geocities.com/lordrings179/

I downloaded Lord of the Rings: The Two Towers and I'm now watching it on my computer. Picture quality is great and it was tottally free.
They've got a whole bunch of other games and movies as well. Take a look. Also, please forward this email to anyone you think would be interested.

Re:Spam only cost-ineffective with ISP-level filte

[bongoras]

"Maybe we all need to subsidize a cheap ISP for morons."

Good idea... we already have the cheap ISP for morons. Now who's going to kick in some money to help pay for everyone's bill?

Hmm,

Not bad, but I'm having better luck with SpamNet - www.cloudmark.com

Re:How is spam that big of a problem?

Not all free emails are equal, I have a yahoo account I haven't told people about, it has recieved I think 1 maybe 2 spam in the 9 months I have had it. I created a hotmail that I haven't told people about and it has recieved 5-6 spams in the 1 month I have had it.

Either I'm lucky, people pick on hotmail more, or Yahoo does what I tell it on their subscriptions forms.

Another POP Proxy program, SpamPal

[uncleFester]

Another program is SpamPal, which also acts as a pop proxy. It also has a plugin structure, and one of the plugins is a Bayesian filter. This is in addition to included support for using available spam blacklist stuff like SPEWS, ORDB, SpamCop and a whole bunch of other DNSBL lists (even the ability to block entire domains like .kr, .ch and so on). It's a rather cool piece of software.

Re:Another POP Proxy program, SpamPal

[TheBishop]

I use spampal. I love it. I don't use the bayesian feature of it, mainly because I don't have to. The DNSRBL's work just great for me. But that doesn't mean I don't appreciate it, it just makes a good product even better.

and yes, spampal is FREE.

One part missing in spam filtering....

[Kjella]

...at least in any version I've looked at, is "language" filter. Maybe 90% of the email I recieve is in norwegian, with hardly no spam. Most of my english mail is spam, simply because I have very little legitimate mail in english. Is there any guesstimate (a la winXPs "language recognition")? By the way, that function is a major PITA for writing english references in a norwegian paper.

Kjella

Re:One part missing in spam filtering....

[Matts]

Install SpamAssassin. It has an ok_languages option that you can set to only allow through languages you want, and it's pretty accurate at guessing.

Re:One part missing in spam filtering....

[mooman]

Does this *need* language recognition? I'm assuming that there are enough differences in the words between the two languages that your Norwegian emails will have relatively few English words and the English emails with probably even fewer Norwegian works in them.

Most of these bayesian methods really don't care what the words *are*. (CM114 doesn't even store words for that matter, it stores hashes.) So in your case, your non-spam (good mail) corpus would be heavily weighted with a lot of words that I probably can't pronounce, but are unique to your good mail. Your spam corpus would supply mostly English words. Since you'll need to "feed" these two corpi into any of the Bayes tools, you'll be essentially "teaching" it the differences.

Then any new mail getting filtered will get tested against these two sets. Clearly your Norwegian mail is more likely to get matched as non-spam than your English mail will.

I would almost expect better response from this approach (once you have some content in your corpus) since you're not counting on someone else's use of the language or approach of implementation. Maybe they use Norwegian and English a little differently than you...

If you still want to screen based on language, you could always just add a filter to whatever mail client or filtering tool you use that just checks for the top 10 words in Norwegian and assumes that that message isn't English. (this site seems to have just such a list) You could do it the other way too. The top 10 english words are: (the, of, and, a, to, in, is, you, that, it )

Anyway, I'd be curious to see if bayesian filtering resolves the issue without explicit language checking.. I'd almost expect that it would....

Fraud is the cause

[swb]

Fraud is the cause of spam. If the FTC/FBI/Attorneys General would see Spam not as a problem of unwanted mail, but as a problem of people committing fraud on a widespread basis and enforce those laws, we'd be fine.

Chances are the fraud, deception and other similar laws are far more severe than any penalties for sending spam -- if spammers had to think about a trip to a federal, pound-me-in-the-ass prison for getting caught for perpetuating interstate fraud because the government was making an effort to find and prosecute these people, they might choose a different line of work.

Spam laws in and of themselves will only lead to an awful bureaucratization of email and they won't be enforceable anyway.

Re:Fraud is the cause

[Anonvmous+Coward]

"Fraud is the cause of spam. "

I don't think your solution would solve the problem. There are far too many people sending it to enforce, and there are boundary problems too. If they email me from North Korea, then what?

The cause of SPAM is an email system that's far too open. "Hey look, I can get my message to everybody." Tighten that up, and suddenly e-mail's not such a big vulnerability anymore.

Re:Fraud is the cause

[swb]

But that assumes that all of the spam comes from hijacked mail systems. We've seen several recent stories about pro spammers that use DSL or other purchased ISP accounts for sending spam.

I think that if there were enough pressure on people who dealt with fraudsters (spammers, banks, etc) that it'd be tough to be in business and sending email would be the last of your concerns.

Howdy, tps12

eSolutions here. I can't find this column you speak of on the Sponsky-blog (he does go on about spam at one point, but has nothing on the mathematical limits of filtering.) Has he a proof somewhere of the NP-completeness of this problem?

This strikes me as dubious -- it navievely seems AI-complete. How does Sponsky even come up with a rigorous definition of "spam"? It's a user-specific concept -- what if my Mom forwards me spam, saying "how do I get rid of this?" What if a spammer does the same thing from a one-time hotmail account -- would it get past the filter?

Nothing can be said without viddying his proof, but something smells wrong in diaperland.

Yours in Christ,
eSolutions

Re:Spam only cost-ineffective with ISP-level filte

[GigsVT]

Well, there would be less spam, but there would still be some.

See, spam doesn't have to actually sell anything. There is some level of spam that is just spam companies (they call themselves marketing consultants) convincing people that spam really works, even if it doesn't. The company may not sell anything, but that's OK, the spam/scammer can just move on to another company, or try to convince the company they need to "run their ad longer".

Great job

[BlueRibbon]

It's great so much people like you are trying to stop that disease that's growing in the Cyber World - Spam.
I know that there is still a big run to reach the time when we will receive 0 (zero) spam messages, but with your help, with the help of one government's laws, and maybe with a bit of sense from the spammers themselves, we will reach it!

Re:Spam needs a global solution (Global Solution)

[minas-beede]

"These people learn quick, after their servers make their way to the open relay blacklists. Just make sure it happens every time when you receive a spam that have been apparently sent through an open relay. Forward the spam to relays@ordb.org with the first line:

"Relay: IP_address"

But I am the open relay. That's my approach. I'm only "open" for the spammer relay tests - the spam gets flushed (actually usually it is archived but as far as the spammer is concerned it's the same thing.) Jackpot will stop storing spam received form a particular IP when a specified number of spam messsages from that IP is reached.

You really ought to try Jackpot - it's a neat program. http://jackpot.uk.net/

What you say does very often apply for open proxies - a lot of spam I've trapped came first through an open proxy.

Re:Spam only cost-ineffective with ISP-level filte

[dazed-n-confused]

I'm not very tech-savvy, though I admire those who are. I hate spam, and used to get lots of it. Here's my fixes.

My ISP makes Brightmail spam filtering available to all users at no cost... if they opt in to it. All Brightmail's catches are held in a spam folder until you get round to reviewing and deleting them. It takes a couple of clicks to wipe out a dozen spams.

Anything that gets through Brightmail then is filtered through the Spamcop mail forwarding service I've set up - my ISP allows me multiple email ID's, so I don't download or read the "public" one any more. Anything that's blocked by Spamcop is ipso facto more insidious than the Brightmail harvest, so I happily punish the "clever" spammers by reporting them to their ISPs, web hosts, etc. With Spamcop's "quick reporting" option, it only takes a couple of clicks to report dozens of spammers.

Not much gets through both. If it does, I delete it. The problem's become almost invisible to me.

(I'd still kinda like my own Bayesian filter, though...)

I'd like to experiment with my own anti-spam ware

[orthogonal]

I'd like to experiment with my own anti-spam software; to do so I'd like to be able to modify a pop/smtp proxy.

Anyone know of a decent GPL'd (BSD'd, MIT'd) pop and smtp proxy coded in C or (better) C++?

How about one that runs under MS-Windows?

Thanks.

How to filter image only content?

[nurb432]

The new wave of Spam, at least what I've been seeing is they have hard to filter topics, and NO content, except a linked in image.

The image has all the data on it, in graphical format. Both words and images. It's readable to a human of course..

How does one propose the programs 'view' an image and determine if its selling you something or just a picture of someone's kids.. ?

Microsoft was granted a patent on this...

[bergeron76]

I wonder what the implications on the OpenSource community are going to be because of this? Details can be found here.

Re:Microsoft was granted a patent on this...

[bfree]

Simple, it means all OpenSource development will be done outside of the U.S. and by people who will not travel to the U.S. It also means risking your country (in my case Ireland) becoming the next target for the War on Terror if I contribute but what the hell, you only die once and I'd rather die fighting! To quote:

United States Patent 6,161,130
Horvitz , et al. December 12, 2000
Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set
Abstract
A technique, specifically a method and apparatus that implements the method, which through a probabilistic classifier (370) and, for a given recipient, detects electronic mail (e-mail) messages, in an incoming message stream, which that recipient is likely to consider "junk". Specifically, the invention discriminates message content for that recipient, through a probabilistic classifier (e.g., a support vector machine) trained on prior content classifications. Through a resulting quantitative probability measure, i.e., an output confidence level, produced by the classifier for each message and subsequently compared against a predefined threshold, that message is classified as either, e.g., spam or legitimate mail, and, e.g., then stored in a corresponding folder (223, 227) for subsequent retrieval by and display to the recipient. Based on the probability measure, the message can alternatively be classified into one of a number of different folders, depicted in a pre-defined visually distinctive manner or simply discarded in its entirety.
Inventors: Horvitz; Eric (Kirkland, WA); Heckerman; David E. (Bellevue, WA); Dumais; Susan T. (Kirkland, WA); Sahami; Mehran (Stanford, CA); Platt; John C. (Bellevue, WA)
Assignee: Microsoft Corporation (Redmond, WA)
Appl. No.: 102837
Filed: June 23, 1998

And then:

We claim:
1. A method of classifying an incoming electronic message, as a function of content of the message, into one of a plurality of predefined classes, the method comprising the steps of:
determining whether each one of a pre-defined set of N features (where N is a predefined integer) is present in the incoming message so as to yield feature data associated with the message;
applying the feature data to a probabilistic classifier so as to yield an output confidence level for the incoming message which specifies a probability that the incoming message belongs to said one class, wherein the classifier has been trained, on past classifications of message content for a plurality of messages that form a training set and belong to said one class, to recognize said N features in the training set;
classifying, in response to a magnitude of the output confidence level, the incoming message as a member of said one class of messages;
automatically updating the training set to include classification of message content for an incoming message which has been classified by a user in another one of the predefined classes other than said one class specified by the classifier so as to form an updated training set; and
automatically re-training the classifier based on the updated training set so as to adapt the operation of the classifier to changes in either message content that affect message classification or in user perceptions of the content of incoming messages.

Prior Art anyone? Or is the only way to fight this in the U.S. the obviousness defence? Applying a bunch of rules to an incoming email to give it a spam value seems obvious to me? Could they have stepped to far with their claims and made unix style small tools immune from the patent?

IANAL RU

Already Becoming Widely Available

[billstewart]

Enough people don't like spam that most big ISPs are offering some kind of spam-prevention service; the real question is when this will become the default. Many ISPs already reject mail from open relay sites, cutting down their spam load a good bit. While it may be a mistake to use an ISP that accepts and then deletes messages without the user's permission, lots of ISPs offer "we'll kill your spam for you" services, and many also offer "we'll mark spam for you" features that come with instructions for setting popular mail clients like Outlook, Netscape, and Eudora to filter the spam, and at least make it obvious in the Subject line so you can delete before reading.

Less controversial than ISPs trashing suspected spam is ISPs trashing virus email - that almost never gets false positives, and almost nobody minds (or at least, almost nobody minds if the virus part gets deleted, if it was an attached document on a real email message.) That won't stop Good Times Hoaxes, which are wetware problems rather than software problems, and it's a much more common feature for corporate email systems (because they're usually the suckers\\\\\\\customers for Certain Popular Email Systems and Certain Popular Word Processors which make it easy to auto-execute code.)

The more serious problem

[Lord+Bitman]

This is a guy who shrugs off his false-positives as "understandable, because they were very spam-like when you look at them"
What if you are a person who deals with financial data over e-mail? What if you routinely help people with their web pages? What if you send long blocks of code?
What has been done here is to publish statistical results based on ONE MONTH of mail sent to ONLY ONE PERSON.
So are these results in any way relevant? No.
Have a banker, a programmer, a web page designer, a salesman, and someone who runs a porn site, all run this alg.
but then I guess those kinds of people don't deserve to get their legit emails, so ignoring potential datasets for these people is okay and doesnt in any way invalidate the supposed effectiveness of a filter.

Re:The more serious problem

[bnenning]

What if you are a person who deals with financial data over e-mail? What if you routinely help people with their web pages? What if you send long blocks of code?

Then the filter will adapt to the types of legitimate messages you receive, that's the entire point.

Re:The more serious problem

[Lord+Bitman]

The only way it adapts is by sliding around probability figures.
If your legitamite mail frequently has "Buy for between $30-$70/ea.", all it can do is protect your legit mail by allowing such things to pass through. That kind of adapting is Not Helpful.

Re:The more serious problem

[miltimj]

Most people do not receive that kind of legitimate mail. It'll work for most people, and actually seems like a very good implementation (I'll fall short of using the word "solution"...)

Re:The more serious problem

[bnenning]

If your legitamite mail frequently has "Buy for between $30-$70/ea.", all it can do is protect your legit mail by allowing such things to pass through.

No, what will happen is that those particular words will not be indicators of spam for you. But it's unlikely that those words are the only indicators in your spam messages. According to the article most messages end up in the "spam" or "not spam" categories by a very wide margin, so even if some of the words traditionally associated with spam appear frequently in your legit mail, it's not going to break the filter.

E-mails containing "sex" filtered

[jesser]

Based on my corpus, "sex" indicates a .97 probability of the containing email being a spam, whereas "sexy" indicates .99 probability. And Bayes' Rule, equally unambiguous, says that an email containing both words would, in the (unlikely) absence of any other evidence, have a 99.97% chance of being a spam.

This sounds like a good reason not to use a Bayesian filter. A Bayesian filter has no way of knowing how catastrophic it would be if it filtered out a real e-mail containing those words from a cute girl at my college. Unless I had received such an e-mail before, which I have not.

Re:E-mails containing "sex" filtered

[dlapine]

You need to read the entire article. The example is used to show why tokening the entire word rather than looking at just the root is important.

His filtering technique are such that he generated only 5 false positive in 5 months, 4 of which were only filtered because they had similar characteristics to actual spam, and therefore, not a catastrophic loss.

Whitelist + filters in client work great

[q2k]

I use Pocomail as a mail client. It's filters allow me to leave all mail on server, except mail from addresses already in my address book, plus whatever other filters I set up for mail lists, etc. it took all of five minutes to set this up, and no spam gets downloaded. I'm running POP, what the client is really doing is marking spam as already read, so it stays on the server. I peek at the server once a day to grab any good mail that got caught, and then delete the rest. Yes, I do have to take that extra step of looking at the mail on the server, but I'm only seeing the headers so its not that big of a deal. It takes all of 30 seconds to scan the headers,and now that I've been doing this for a while, its very clean and I rarely have anything on the server worth keeping. The Banysean stuff is cool and all, I just don't see that it's enough of an improvement over me current system to justify installing a new app.

Disposable Addresses and Filter Nets

[billstewart]

Disposable addresses really help a lot, for the reasons you've mentioned, and they're easy to create if you've already got your own domain name. You give Somebody1 an address of Somebody1@yourdomain.com, and Somebody2 an address of Somebody2@yourdomain.com (or mangled or obfuscated versions of that), whitelist them, blacklist any that get abused, and do something appropriate to unknown addresses (probably blacklisting them, but possibly bouncegramming them.)

There are also tagged versions of Unix email clients around, which let you receive messages to yourname+tag@your-isp.net, letting you do the same with tags that you did with addresses in your own domain, but surprising numbers of humans and web-forms seem unable to use those addresses correctly. (They also don't work for me, because my email forwarder doesn't know how to translate myname+tag1@emailforwarder-domain.com into myrealname+tag@my-real-isp.com.)

Fastmail.fm has a nice intermediate version, using subdomains - tag@username.fastmail.fm is equivalent to username+tag@fastmail.fm, so you can give people human-readable tagged names and do all the same processing tricks. It's pretty limited use in their free service, but has much more flexible tools in their paid service.

The other approach that helps with filter-evaders is collaborative filter nets such as Vipul's Razor or Cloudmark. Some recipients will still get stuck reading the spam, but they'll mark it so most recipients can auto-trash it.

Re:Spam only cost-ineffective with ISP-level filte

[nas]

See my web log for an idea for an ISP level filter. The basic idea is to temporarily reject messages that look like spam. Spammers cannot deal with that delay. I'm testing it right now and the results look good.

Re:Spam only cost-ineffective with ISP-level filte

[bnenning]

These users aren't going to go out and install the latest Bayesian filters on their system, and the major email readers won't (and probably shouldn't) come with them automatically activated.

Sure they should. The mail client for Mac OS X does. It starts off in "training" mode where it only flags what it thinks is spam but keeps it in your inbox. Once you're satisfied that it's working (you train it by correcting its spam/nonspam decisions), you switch to "automatic" mode and spam goes into a Junk folder.

Base64 encoding

[stand]

I've also seen a great preponderance of text only messages encoded in base64. I assume this is also an attempt to evade filters.

I have also seen this a lot lately. Are there any legitimate reasons to base64 encode your entire email message or are there any standard mailers that base64 encode mail? If no and no, then you should be able to tag any base64 encoded mail as spam, no?

Re:Base64 encoding

[vegetablespork]

I can't think of any "legitimate" reasons, though some mailers might do it by default, making it a bad thing to filter on that basis alone.

Probably better to convert, then filter based on the content as before.

Fairly Simple Spam Mail reduction tips.

[jellomizer]

Without using filtering software.

1. Change your e-mail address and drop the old one. (This way you are starting off with a clean slate and not on any mailing lists.)

2. Make sure your ISP dosent post or sell your e-mail address.

3. Make your email address simple for people to rember but hard for a computer to crack example m1nam3@isp.com. Use simular methods as you would in making a password. That prevents common name email address.

4. On your webpage make a CGI/PHP/ASP whatever form to send you an e-mail. When you want people to e-mail you give them the link to that page. Make sure that there are no prameters that can make your program e-mail others, and also that your e-mail address is not listed in any of the source that is visable to the web user.

5. Only give your e-mail to people you can relitvly trust. If you cant trust them then give them a link to you weppage.

6. When filling out forms on the network asking for your e-mail ether use an alternate e-mail or read the companies privicy clames and make sure that you do not check or uncheck something stating that they will send you e-mail or adds.

7. Use spamassasan or other email filtering on your system.

8. Forward all spam to ucs@ftc.gov with all the headers.

9. See if your email client has a automatic bounce back. If so bounce the message back to sender.

10. if you want to post your e-mail address then I would make a graphical jpg, png as your e-mail. That way it slows down most computers from reading it.

Re:Fairly Simple Spam Mail reduction tips.

[Vainglorious+Coward]

Without using filtering software.

1. Change your e-mail address and drop the old one.

Off to an ugly start. Joe Average will abort on your list before he's even begun

2. Make sure your ISP dosent post or sell your e-mail address.

I'd love to know how you're going to ensure this

5. Only give your e-mail to people you can relitvly trust. If you cant trust them then give them a link to you weppage.

"No mom, you can't have my email address. You just use it to send me e-greetings and I hate getting those from you..."

6. When filling out forms on the network asking for your e-mail ... read the companies privicy clames and make sure that you do not check or uncheck something stating that they will send you e-mail or adds.

Spammers lie. We wouldn't have all these problems if spammers were truthful

7. Use spamassasan or other email filtering on your system

How do I do that "without using filtering software" ?

8. Forward all spam to ucs@ftc.gov with all the headers.

You mean uce@ftc.gov. Also note that (depending on the email client) just forwarding a message usually destroys the headers of interest.

9. See if your email client has a automatic bounce back. If so bounce the message back to sender.

How exactly does sending a response to an address that either (a) doesn't exist, (b) exists, but is irrelevant (joe-job), or (c) is an address-validation mechanism, help anything?

10. if you want to post your e-mail address then I would make a graphical jpg, png as your e-mail. That way it slows down most computers from reading it

This one I can't find fault with :) (but note there will be some people get confused/annoyed when they can't just click on a mailto: link, I'm just not of them).

Vipul's Razor is the equivalent

[billstewart]

Vipul's Razor on Sourceforge is the canonical collaborative spam filter network. These things really do make a dent in spammers constructing not-very-spam-looking messages that sneak through filters, because to get around them, they need to send sufficiently different messages to each target, though the openness of the matching algorithm means they do have the tools to try it.

One of my ISPs's implementation of SpamAssassin seems to be using it as part of their rating heuristic.

Conflicting messages

[Anonym0us+Cow+Herd]

You've gotta see this website. I downloaded Lord of the Rings: The Two Towers and I'm now watching it on my computer. Picture quality is great and it was tottally free. They've got a whole bunch of other games and movies as well. Take a look. Also, please forward this email to anyone you think would be interested.


But on the other hand, we want users to believe messages like this...

I just downloaded this great Free software. It's more stable than Windows. It can never be withdrawn by the vendor. It doesn't lock you into the vendor's upgrade treadmill. etc., etc., etc.....

So how should the stupid users know which messages to believe? Next, we'll hear the end users saying, "If it sounds too good to be true, then use WinXP."

Re:More than 1.1 billion pigs are killed worldwide

[archen]

Trickier than you might think considering slashdot editors spell most words in the english language with 3 or 4 incorrect variations.

engineers get paid more for technical solutions

[Xtifr]

I've reviewed the replies, and I think most of them are crud. I think the real, underlying reason why so many people argue so strongly against legal solutions here and in other technical forums is that technical solutions involve giving money to technical people, while legal solutions don't. There's a lot of people who are making money fighting spam, and if spam problem actually started to abate, then sales of anti-spam software and, more importantly, sales of anti-spam expertise would drop severely.

Re:engineers get paid more for technical solutions

[haystor]

People argue against legal solutions being used against spam because they simply won't work.

Probably half of the spam I receive qualifies as fraud. There are already laws against that, but the spam continues.

What happens when your email server isn't patched quick enough and you end up with a $2mil fine for the spam that is sent through it?

I also take issue with your claim that the technical solution is only being offered by those with a monetary incentive. So far I've used nothing but free solutions to save myself from spam and its over 98% effective (no false positives).

Do you propose hiring a lawyer and drafting a civil suit against an unknown group in Nigeria *after* I've already been spammed will be both more effective and cost less?

Re:engineers get paid more for technical solutions

[Xtifr]

People argue against legal solutions being used against spam because they simply won't work. Probably half of the spam I receive qualifies as fraud. There are already laws against that, but the spam continues.

And you think a 50% reduction in spam would be a bad thing?

What happens when your email server isn't patched quick enough and you end up with a $2mil fine for the spam that is sent through it?

Why would you get sued? Did you send the spam? No. The person who sent the spam is the one who should be liable. Yes, I agree, it would be stupid to advocate making people liable for running insecure servers, even though it aids the spammers. That's not what I'm advocating. I'm advocating making spamming illegal.

I also take issue with your claim that the technical solution is only being offered by those with a monetary incentive.

Not only those with a monetary incentive. There are also the insane and the clueless. :)

So far I've used nothing but free solutions to save myself from spam and its over 98% effective (no false positives).

First of all, unless you're an ISP, you're not saving yourself from squat, except a tiny amount of inconvenience. The cost of spam goes to the ISPs who have to have bigger servers with more bandwidth and bigger disks to store all the terabytes of spam that comes in daily. And, of course, that cost is passed along to you, the customer.

And as for "free solutions", as the old saying goes, it's only free if you don't value your time. Most ISPs have full-time staff members devoted to fighting spam. Those people earn salaries. Which again, like the cost of bandwidth and storage, gets passed on to you.

We've been trying technical solutions for nearly two decades, and the seas of spam show no sign of abating. No, I don't expect anti-spam regulation will magically make all spam disappear, but I do think it might be the first thing ever to make a noticable dent. Of course, the kooks who think we ought to abolish all government, and magically live together in peace and harmony with flowers and butterflies will still oppose the idea, but don't think life is that simple.

Collaborative Filter Nets really trash these

[billstewart]

Vipul's Razor, Cloudmark, etc. are collaborative filters that let humans mark messages as spam and share the spam ratings, so even Spam-Of-The-Future messages that evade filterbots are likely to get caught by humans. That means that if a roughly-identical message gets sent to N people, and sneaks by their spam filtersbots, the first few humans to read it send in ratings that let everybody else's filterbot kill it for them. They do some kind of hashing function to catch similar-but-not-identical messages, which is necessary because message headers will obviously be different for every recipient, but have useful information, and message bodies for different recipients may be identical, but often have some recipient-customization, like "Dear Bob" and "remove-2184242314231-Bob@spammer.com".

Re:Collaborative Filter Nets really trash these

[Hentai]

So what keeps the spammers from subscribing to these services under fictitious names, and poisoning them so that noone trusts them enough to use them?

It seems like if a service were ruining my business model, and I was capable of screwing with it, and I was already unscrupulous enough to be sending people things they didn't want and didn't ask for - while pretending that they did - I wouldn't think twice about destroying any hope they might have of getting rid of me.

Re:Collaborative Filter Nets really trash these

[billstewart]

Razor2, and probably some of the other relatives of this, has a threshold voting system (so it takes more work to poison non-spam mailing list mail) and has a karma-like trust rating system to weed out poisoners. It turns out to be inherently hard to poison good email, except for mailing list mail, because normally it's only received by one or two people, so the spammer doesn't have access to checksums for good email messages, and the voting system makes it hard to whitelist messages that are really spam (though it'll certainly be tried :-)

The other aspect for poisoning is poisoning messages on legitimate mailing lists - other than individual kooks trying to harass lists or people they're obsessed about, which the karma system helps with, the obvious target will probably be anti-spam lists, e.g. the spammer will sign a lot of clones up for Spam-Killer-Tools@Example.net, and use random collections of them to cause random chaos or kill off discussions that are particularly productive. But even that is somewhat self-limiting, because it's the kind of creative and coordinated effort that requires a professional spammer, as opposed to the millions of wanabee spammers who bought the latest spamware kit thinking they'll get rich.

Re:More than 1.1 billion pigs are killed worldwide

Simmilarly, hunting "culls the herd" a bit, controlling a population that would otherwise likely starve to death.

Are you trying to suggest that without hunting, wild populations would die out?
Errrrrr, no.
What do you think these ill-fated populations did before we were around to so skillfully mangae their populations for them?

False positives

[stemcell]

Has anyone found a Bayesian filter that not only redirects spam into a spam folder but also sorts it's history of redirected mail into a probability list, so that it's easy to check the mails that were close to being accepted.

Of the 4 programs I just looked at, none mentioned this feature but pretty much everyone complains about periodically having to scan their 'spam' folder for false +ves, and a history sorted into probability would make that easier.

Stemmo

Re:False positives

[biljir]

I run POPFile (and am extremely happy with it by the way). In my experience, this feature would be completely useless with POPFile, because when it misclassifies an email, there's no correlation with its probability estimate. When it mistakenly says a spam is not spam (or vice versa), it's just as likely to have come up with a spam probability of 1E-100 as .01 or .2. And an item with a .4 spam probability is at best only marginally more likely to be an actual spam than one with an infinitesimal spam probability estimate.

Perhaps some of the other filters behave differently.

POP/IMAP Proxies Help This A Lot

[billstewart]

Dear Bob, I am sending you this message in order to have your advice...

If you're using Outlook Express instead of Full-Scale More Expensive Outlook, you're probably fetching the mail using POP3 or IMAP instead of the MS Exchange proprietary protocols. If so, there are filter programs that you can run on your own PC that proxy POP3 from a server, so you can tell your Outlook Express that your email server is 127.0.0.1:pop3, and the proxy fetches it from mail.example.com for you, which gives it a hook to hang filtering tools on. There are probably similar filters for IMAP by now.

Spammer catching filter

[richardww]

If we can write software that automatically filters spam, can we write some that can give us the names and addresses of those sending it, so that they can be punished under the law?

Re:More than 1.1 billion pigs are killed worldwide

[teqron]

Before we were around to manage the population they had all of the land to roam free. Now we are taking up all of there habitat and yes if we dont keep the herd in control with hunting they will overpopulate and starve to death. I mean look at africa, everything is either city, private land or national park and they have to cull the herds of elephants to keep the population from desimating the entire landscape..

I'm not so sure...

[Eric+Damron]

I understand what you are saying about the constitutionality of outlawing SPAM but I'm not sure that I buy into that argument. For sure it would be argued at the Supreme Court level.

The reason I say that I don't buy into it is that there are examples where government can limit our rights. We have the right to bear arms but if I walk down the street with a bazooka I could be arrested. We have the right to travel and move about but I still need to have a driver's license to drive a car and I can forget about driving a tank down main street.

So, although spammers have the right to free speech, outlawing SPAM probably does not violate that right. We have the right to free speech but we are not allowed to yell "FIRE!" in a movie theatre.

My State has anti-spamming laws but they focus on deception and fraud. The Spammer must not fake his return address and the subject line must not be deceptive. Things like that. This law has already been challenged up to the State Supreme Court and has been held as constitutional.

DSL/Cable for Honeypots

[billstewart]

If there are a small number of honeypots, yes, it's easy to stop them. But what if everybody had one, or at least everybody who didn't need a real smtp server? All those cable modems out there, which aren't allowed to run servers because of blazingly clueless policies by cable companies, could be running honeypots, especially teergruben,
which run valid SMTP vvvv...eeee..rrr..yyyy...sssss...loooowwwww....lyy yyy
and can keep spammers tied up for long times. They don't usually look like open relays; they usually look like end users. Cable modem companies could be heros by having people running the things. (And if spammers respond to this by not sending email to domains hosted on cable modems, that's a big win too....)

Re:More than 1.1 billion pigs are killed worldwide

[teqron]

I would be more than happy to hog tie one of the spammers to try it. I even have the potatoe gun we can use....:p

Re:Spam only cost-ineffective with ISP-level filte

[verloren]

I think I'm relatively Net-savvy, but I don't have the facilities to run my own filters as I use a commercial webmail service. Remember that Net-Savvy isn't the same as sysadmin.

Cheers, Paul

I had the same plan, but I followed through. :-)

[NFW]

If you're the sort of masochist who enjoys playing with procmail (whee!), check out my lightweight whitelist procmail project at SourceForge.

If you're not interested in procmail, check out TMDA or ASK (active spam killer), both of which are also at sourceforge.

Whitelists work really well. The Nigerian bank scammers are the only ones who actually read their return mail, so I see one of those every now and then, but that's it.

Re:DSL/Cable for Honeypots (Jackpot can do it)

[minas-beede]

"All those cable modems out there, which aren't allowed to run servers because of blazingly clueless policies by cable companies, could be running honeypots, especially teergruben [tuxedo.org], which run valid SMTP vvvv...eeee..rrr..yyyy...sssss...loooowwwww....lyy yyy"

Jackpot has a tarpit value, or tarpitting can be disabled. Jackpot will run on windows systems if a JVM is installed. Those wanting to do this to screw spammers hitting their cable/DSL connecitons should be quite pleased at the results.

http://jackpot.uk.net/

Incidentally, I push Jackpot but it is another person's project - Jack Cleaver. It's a very fine piece of software.

solution to spam...

Get a spam detection system working that specifically at the sendmail level sees that a bul emailing is happening and make the sender think it is accepting them and silently throw all them away.. Legitimate 1-5 emails from legitimate users go on fine but make sendmail by default look like an open relay and act like it is sending everything the spammer is flinging at it.. but never actually do... this way it makes it impossible for the spammer to figure out what is a real server , what is a honeypot, etc.. and they will simply quit.

If everything looks like a real deal, it makes it darn hard to see what is real and what is fake.

there are NO legitimate uses for a mass emailing through an open relay...

I got a spam e-mail last week...

It was from Microsoft. It said "Fight spam with MSN 8!"

Re:I'd like to experiment with my own anti-spam wa

[orthogonal]

Maybe someone can explain why an on-topic question gets a -1 Overrated?

SPAM luncheon meat contains pork

SPAM® luncheon meat ingredients: Chopped pork shoulder meat with ham meat added, salt, water, sugar, sodium nitrite.

Combine Bayesian with open relay filtering

[cardshark2001]

Why not look up the IPs in the email in any of the several open relay databases and use the results as virtual words?

I have a program that filters solely based on the IPs in the headers, and it catches most of my spam with very few false positives. That's without even doing any content based filtering.

Mozilla develops support for it

[Balazs]

Check out the newest Mozilla alpha release. The e-mail client has a generic filtering plugin API, with currently one plugin developed: a Bayesian filter.
So the next Mozilla version will have it.

Re:Mozilla develops support for it

[WatertonMan]

Unfortunately I find the OSX version of Mozilla to be damn ugly. I'm definitely not a Mozilla fan, although I do like Chimera. I'm hoping Apple improves Mail in the next version. Realistically if they gave a real folder pane instead of the drawer and dealt with blockquote tags in their HTML I'd be able to live with the rest. Now that they've added Applescript support for rules (i.e. trigger a script) I'm pretty happy.

One thing I would like and which I don't believe most SPAM filters do is allow multiple sets of tags. (i.e. general categorization rather than just SPAM categorization) While some of the "hacks" you use for SPAM are different from general text categorization, the same approach can be used. It would be useful, especially if you could use the information for further actions.

I just got the new MSDN disks so I'll see if they have any betas on Office. Hopefully they will have that in the next version of Outlook. (Which, in spite of the legion of security problems is a damn fine email program - naysayers be damned)

MSN Article

[meltoast]

http://msn.com.com/2100-1106-981177.html Apparently there is an upcoming conference at...MIT? Unfortunately there is not too much info in this article.

The cost of filtering spam

[Skapare]

The cost of sending email is generally substantially less than the cost of receiving email. And this is one of the reasons the spam problem is so pervasive; it's so cheap to spam, and costs the victims so much. The cost of spam is the cost of receiving email, plus the cost of having to deal with junk you don't want. What filtering does is reduce or eliminate the personal cost of dealing with junk in your mailbox. But that still means your mail servers are dealing with more than twice the number of network connections, and twice the number of SMTPD processes, plus the added cost of applying the Bayesian filtering (which can't be less than the cost of receiving and queueing mail because it has to open it up to apply the test).

Sure, I'd would rather not have to wear out my 'd' key, and filtering can save it. But the real costs of spam are at the servers having to deal with all those spam connections that continue to happen despite the fact that spam isn't being accepted. I currently refuse spam using SPEWS and several other DNSBLs, and this means the spammer gets a 5XX refusal code, so they know it doesn't work here. Yet they don't clean their lists (there are over 200 email addresses here being spammed regularly that have never even existed). They keep on spamming. They keep on using my bandwidth. They keep on using CPU cycles, virtual RAM, and swap space. They keep on costing me money because I have to add more mail server capacity sooner than I should have to.

At least by refusing the mail to begin with my costs are lower. I'm looking to some solutions where I can have huge lists of IP addresses I refuse IP layer traffic from, next, to further reduce the costs.

And efforts by certain anti-spam groups, which get labeled as "collateral damage" are in fact working at some ISPs to get spammers shut down and kicked out. If these methods would be used by everyone, then every ISP would be forced to eject spammers, and then we'd finally see the spam levels going down. And as the ISPs clean up, their address space drops from being listed, and the "collateral damage" (we (TINW) call it "peer pressure") itself will be reduced, too.

Bayesian filtering sounds like a nice idea. It's just not trying to solve the right problem, which is the total cost of spam.

That's fine if you only deal with personal email

No. My problem's with the senders, not the messages. What Hotmail should do is send back an email saying "Your message has been rejected because you have not been authorized by this user. If you'd like to request authorization, click here and follow the instructions."

This works great unless you, like most people, register for service at some website that needs to send you email (a confirmation, a receipt, a password, whatever). Most of these emails are automated, and your "you are not authorized" email is going to hit a blackhole in most cases.

combinations...

To achieve this we need a project that has a defined module interface. The base of the plugin wouldn't do anything other then provide module integration and possibly user interface. Each module would be made by people or groups as needed and would be completley integratable into the pre-existing framewrok. There would be modules for black lists, modules for white lists, modules for bayesian filtering, modules for rules based filtering, modules for filtering encrypted messages or checking signed ones. You name it, and if it doesn't exist you can just write it yourself, or contract out for it because there is a list of standards that will alow it to interact nicely. Corporations should like the idea too, it gives them a nice free tool that they can modify as needed. Perhaps some might even aid in its development.

Just my rant. Oh and if someone(s) make this a reality, remember you where inspired by Anonymous Coward!

Define "false positive"

[Skapare]

We need to define "false positive". Differences between different tests might hinge on what the definition of a "false positive" is. And further, where and how filtering should, or should not, be deployed can also depend on what is a "false positive" for the recipients where it could be deployed.

Given that spammers totally disregard failed delivery, even if they get an SMTP response code indicating this when they do direct delivery, and do not clean up their lists, one effect is that even where the spam is refused or filtered into a junk box, the spam keeps coming. And the rate of growth is still substantial as more and more people attempt to get their cut of the pie that is there for spammers as a result of this theft or delivery resources they do to keep their own costs down (i.e. spamming with an unmaintained list of a million is cheaper than working to clean it down to just those who actually want it).

ISPs that host spammers who steal delivery resources from recipients (and their ISPs) are just as guilty of theft as the spammers themselves, as far as I'm concerned, because they could put a stop to it, but don't because it means more revenue for themselves (and increases the level of theft the rest of us incur). So to me, my anger is not only aimed at the spammers, but also to those who support the spammers, and even to those who support those who support spammers (e.g. the other customers of the ISPs harboring spammers). So I don't want any of their mail. I don't want their servers to contact my servers at all. I don't want my servers to have to spend any time queueing and classifing their mail. And I certainly don't want it in my mailbox.

So basically, the mail from all the other customers of a bad ISP (because they harbor spammers) is also unwanted mail. If it gets rejected by whatever tool I use to block spam, then it is not a false positive at all.

IP address based tools like DNS based blacklists often provide exactly what I need. Since all the mail from places where spam comes from is what I want to refuse, by blocking the whole mail server, the effect is an excellent match. And the SPEWS DNSBL even lets me block the rest of the ISP so I can "send the message" back to their other (so called "legitimate") customers that I don't care for them to be supporting an ISP that supports spammers.

So basically, what I have now seems to do the job very well. That's because of what I happen to define as the mail I don't want to get. Others who define the mail they don't want to get differently might need to use a different approach, and maybe Bayesian filtering is right for them. It isn't right for me because it isn't really addressing the problems I have, which is that my mail servers are still being bombarded by spammers attempting to send spam. As it is now, I reject all this junk mail during the SMTP session with no reception of the message content, no queueing, and no text processing. All a Bayesian filter would do for me is increase my costs because then I'd have to receive content I already know I don't want, and process that content to make a decision I already have made. So there's nothing in it for me.

Re:More than 1.1 billion pigs are killed worldwide

[Patrick13]

Sorry this is OT, but....

Are you trying to suggest that without hunting, wild populations would die out?

As a matter of fact, as you can see in this article from the NYT, it is extremely important to manage the deer population, or else you end up with a bunch of starving deer.

My grandfather was a licensed hunter in Germany (one of the very few exceptions to their strict firearm laws), and they used very scientific methods to determine how many deer could be sustained per hectare of forest and what not, and had to cull the herd when the population increased to certain levels, and ceased hunting altogether when changes (a disease, or whatever) made the population too low.

Yes, it is a natural cycle that has been repeating for hundreds of thousands of years, but no one wants a starved deer staggering through their neighborhood trying to forage on your front lawn because there isn't enough food to go around in the region's wooded areas.

Spammunition for Outlook

[BlackjackGuy]

I noticed that there are a lack of MS Outlook-specific bayesian filtering programs out there. I've been using a Bayesian filter called Spammunition with great results. It integrates into Outlook, and it's free. Still a beta product though, so it's a little buggy. But the bayesian approach definitely works. I don't have to deal with spam any more!

what could be unconstitutional, as well in the US

[Jadrano]

Even something as seemingly trivial as requiring spam to be uniformly labeled as such is probably impermissible, precisely because automated filters would use the effect of this legislation to stop all spam, which would be denying spammers the right to send people advertisements, i.e. banning their speech due to the commercial content thereof.

Well, I've heard a lot of things about the legal system in the US ;-), but I don't believe it's actually that weird that freedom of speech, which is, indeed, very important has been perverted to a prohibition of people deciding themselves which messages they want to receive and whether they want to spend a lot of time looking for e-mail messages in heaps of spam every day.
I wonder what might be unconstitutional, as well, in the United States if mandatory labels people can use for filtering were. Examples might be

• having "secret" e-mail addresses that aren't published in any place spambots can reach - by withholding that address from spambots you deny spammers their constitutional right to send you anything they want to your address!
• doorlocks - doorlocks can be used for the unconstitutional purpose of denying somebody who wants to talk to you their right to do so, they make it easy to violate the constitution by keeping the door shut when someone wants to speak
• caller identification (telephones) - something that can be used for violating the constitution by not ansering calls from certain people
• ear-grafts - terrible tools that seduce you to act unconstitutionally! Don't think you can keep the window open in summer and put something in your ears to be able to sleep despite of loud people on the street, oh no, maybe these people want to yell something at you, and you're depriving them of their rights!

In my view, it's absurd to establish any connection between ant-spam laws (and even more so if it's just about labels) and the right of free speech because the right of free speech does not and has never meant that everyone must sacrifice their time for listening to / receiving any kind of speech. No anti-spam law prevents people from signing up to mailing lists about low mortgages, teen porn and printer cartidges, setting up opt-in mailing lists about these topics, searching such material on the Internet etc., so it really takes a lot of imagination to see a connection between anti-spam laws and the right of free speech.
Recently, I've seen a report about people in the US being interrogated by the FBI after criticizing Bush's war politics. Maybe these were just untypical cases, but I think if you're worried about the right of free speech in the United States, at all, this would be the kind of issues you'd have to look at and certainly not one of many possible channels of advertizing (one that costs people particularly much time whether they want or not) being restricted.

Re:Spam needs a global solution (Global Solution)

The Jackpot honeypot will optionally deliver relay test messages.

Spammy thinks that he has found a real live open relay because it delivers his test messages.

You can set the minimum time between test messages and the max recipients.

Re:Spam needs a global solution (Global Solution)

Easy solution, deliver test messages.
The JackPot Honeypot does exactly that.
see www.jackpot.uk.net

Even when relaying is turned completely off, however, many spammers keep hitting my JackPots.

My jackpot farm of 13 IP addresses on 4 machines has eaten over 2 million spam in the last 50 days.

Total spams logged: 9754 Total spam recipients 26392 in the last 24 hours.

bz

my way works...and pisses of spammers

[doobie]

I pull all the servers from the emails, and email about 30 people at each basically saying f&3k you leave me alone....It's been optimized over time and works for the most part....when a spammer gets my email addr ..its normally not for more than 3 days... before they stop....I've had quite a few spammers saying that they aren't spamming me, but that I signed up....they just get the 30 messages again....some of them even keep sending me messages saying I've been removed...and they get 30 more.....of course I have a very limited number of people I give my email address to so I only have to filter their email address, and they know not to email me if they use a different email addr. I get about 3 spams a day now....versus 70-80 before and it's only been 3 months....and of course most of the spam I get is from people who have bought my email addr from some list...but hopefully in time it'll be off the lists...

Re:my way works...and pisses of spammers

[acceleriter]

Heh. Looks like you've reinvented the bitch list. Give 'em hell!

Re:my way works...and pisses of spammers

[doobie]

but my list would be MUCH longer...and I've acctually even had a few people respond with nice replys thanking me for pointing out their open relay....hah

Client vs. Server

It is not necessary that spam filtering be done at the client. There is no reason that Logic could not be used on the server as well.

Consider the Following:

MailServer has a "Spam-User@yoursmallco.com" and a "nonSpam-user@yoursmallco.com".

Heuristic Spam filter scans inboxes for spam and pre-fixes "SPAM" to the beginning of suspected spam.

Client filters for "Spam" .....

oh-nevermind.

I see no reason to give any credence to Graham

[aminorex]

This isn't science, that much is certain.
An irreproducible result is noise. Not
only is Graham not releasing his code or
data set, he's not providing enough information
to reproduce the algorithms precisely enough
to evaluate their performance on independently
gathered data.

In short, this is marketing, not research.

CRM 114 Discriminator?

[Tracy+Reed]

One of the references is:

Bill Yerazunis. ``Sparse Binary Polynomial Hash Message Filtering and The CRM114 Discriminator.''

Anyone else recognize the reference to Dr Strangelove? I love that movie!

Interesting acne analogy

[hacksoncode]

The article says: "For most users, missing legitimate email is an order of magnitude worse than receiving spam, so a filter that yields false positives is like an acne cure that carries a risk of death to the patient."

The thing I find amusing/interesting/whatever about this is that there is exactly such a drug, and that it is wildly popular.

bayesian filtering works great!

[Tracy+Reed]

I have used lots of spam filters including spam assassin, junkfilter, homegrown scripts, etc. Nothing works nearly as well as the bayesian filtering. I started with bayespam but found ESR's bogofilter better performing (It's in C as opposed to perl so lower startup time) and it fits more easily into my mail architecture. No false positives and many hundreds of spams caught. I have a feeling this is going to be the best spam filtering technology for some time to come. Spammers won't be able to out-evolve it. I also like the fact that I don't have to periodically update rulesets or anything because it is self-maintaining.

If you haven't tried it, check it out! You won't regret it.

Wrong solution

This only hides the spam from the reader - it doesnt eliminate the cost to ISPs and end users to receive, store, and download it. It also doesnt hide the spam from the truly clueless that actually BUY the junk products that spam usually advertises.

The right solution is to force ISP's to shut down spammers COLD when the begin getting complaints - many ISPs *STILL* do not due this, some even accept premium payments from spammers to let them continue using their service (wether it be access to actually send the spam, or to host websites or reply-boxes so they can collect their cash from the suckers)

If anyone *really* wants to be educated on some ways that have been proven to be effective in getting (some) ISP's to clean up their act, here are some URLs

SPEWS - Spam Prevention and Early Warning System
http://www.spews.org/

ROKSO - Who's behind your spam.
http://www.spamhaus.org/rokso/

(Note - I am not affilated with nor do I represent any either of these sites - I just happen to agree with their goals and methods)

Any questions, see news://news.admin.net-abuse.email - lurk for a week first, then post. If you dont have usenet access or a decent newsreader, you can get there thru google groups: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8 &group=news.admin.net-abuse.email

In either case, you might want to read the FAQ first: try

http://www.samspade.org/d/nanaefaq.html
or
htt p://www.spamfaq.net/

Bogofilter HOWTO

[Earlybird]

I have been using Bogofilter since November last year, with just a few spam emails (of the kind Paul Graham describes as "spam of the future" and hard to filter) leaking through, and no false positives.

I've written up a HOWTO on setting Bogofilter to work with Exim and the Cyrus IMAP daemon. Hopefully somebody will find the document useful.

How I would stop SPAM

[leeet]

This is kinda offtopic, but whould it make sense? This would require some sort of a sendmail re-write...
When you send an email, a "signature" (hash/ID/whatever) is stored in a database on that outgoing server. When the receiver's sendmail gets the email, it connects to that server, verifies the signature and if there is a match, the email is forwarded to the user's account.

This would eliminate those emails with fake domains and relaying would be over as your "outgoing" server would have to keep the "signature" database. Of course, there should be an option to relay certain domains (like subdomains).

Once a "legit" spam is detected (sent from a real domain), the user could set the signature as "undesirable" and that information would be shared to real time blocking lists. Also, other sendmails trying to match the signature would fail and the email would be discarted right away. (probably after a certain threshold)

I think that if we adopt that kind of server, eventually all sendmail servers will have that option and most spam will slowly cease to exist as users won't accept emails without a proper "signature".

If Spam == Harassment then

[KalvinB]

Why do we need additional laws? If I could charge a spammer with harassment well then we have all the law we need. Last I checked every state has laws against people who harass other people.

If I tell a spammer to stop and then don't stop I should be able to call 911 on their ass. If they don't give me the ability to say stop (if you gag a rape victim is suddenly not rape because they didn't say "stop?") because they give a false return address shouldn't I beable to press even more serious charges? By that point they're basically stalkers.

I should get one opt out attempt and after that they get hauled off to jail.

Or is your analogy just a vain attempt to gain Karma? Personally I like the idea of charging spammers with harrassement. But how well would it hold up in court?

Maybe we should just stop calling it spam and looking for spam laws and just call it what it is: harassment. We could start taking names and kicking ass immediatly if that were the case.

Ben

Re:If Spam == Harassment then

[Steve+B]

Or is your analogy just a vain attempt to gain Karma?

I didn't make any analogy. I pointed out that the right to talk on the telephone and send e-mail are not absolute by pointing to one obvious exception (harassment), and gave a reason (property rights) why spam constitutes a different exception.

Charging a repeat spammer with harassment -- in addition to theft of services (inherent to all spamming) and cracking (if he gets the spam through by circumventing a filter) -- sounds good to me. However, spamming in and of itself needs to be recognized as theft of services, because a solution that only hits proven repeat offenders who ignore their own opt-outs is insufficient for reasons that have been, frankly, beaten to death on /.

Bah!

[Feztaa]

Making spam illegal isn't going stop spam at all. The only way we'll ever stop spam is with Vigilante Justice.

Blackholing open relays, as well as cracking into spammer's computers and fucking them up something fierce will be the only real way to reduce spam.

Oh yeah, and don't forget the spam filters, SpamAssassin rules! ;)

Re:Spam needs a global solution (Global Solution)

``Yeah, I know, spammers are switching to open proxies. So, write an open proxy honeypot. That, too, will be 100% efficient. In addition you now are giving spammers reason to fear every open relay and every open proxy they detect. FEAR. The SPAMMERS have to scramble. They have to scramble and they have to show everything they do to overcome the technique - there is no stealth way to look for open relays and open proxies.''

Do you think they care? They'll just move thier tasks to net providers that take no interest in security. And if that doesn't work, look for open proxies in third-world countries, etc..

Re:More than 1.1 billion pigs are killed worldwide

Most people who eat pork also have access to other, non-meat foods.

Most people who eat pork have incisors and are omnivorous homo-sapiens.

Why do we kill them by the billions? Just to enjoy the transient pleasure of tasting their flesh?

Yes.

Re:IN SOVIET RUSSIA

Seems you only seem to know this fellow if you have moderator duty.

Another way to combat spam?

[hcdejong]

I've been toying with the idea of forwarding all my Korean and Chinese spam (60% of the spam I receive is in those languages, another 20% is English-langugage but relayed via .kr or .cn servers) to their embassies. Currently, .kr and .cn ISPs are being bribed into giving spammers free reign. The Chinese and Korean governments could put a stop to that (IIRC South Korea does have spamming legislation), they just need to be made aware of the seriousness of the problem.

Sending the government a few spams won't do that, but sending them all the spam anyone receives might.

diminishing returns - MEMEs kill

wile thiz is n interesding aproach, my eggsperienz is that sbammers will kepe comeing up wid wayz to git zee mezzage akross beekuz da gray mattah beetween yor earz is damm gud at getten zee mezzage (eefen if yor philter iznt).

ugly, but if you are hawking miracle drugs or nigerian ministerial assistance pleas dignity is kinda low on the priority list...

Indrema

[Bill+Kendrick]

Yeah, poor old Indrema. I remember when MS announce the XBox not long after the Indrema was announced. Poor John Gildred. :^)

For anyone who cares much about what the Indrema was (going to be), visit my old site: Indrema Informer

-bill!
(on to more important things, like Tux Paint and the Zaurus)

Re:what could be unconstitutional, as well in the

[cpt+kangarooski]

No, no. Private filters are almost certainly fine. I'm saying that the government mandating labels on spam so as to achieve the effect of prohibiting that speech through private means might not be.

If you want to filter spam based upon its content sans mandated labeling, go ahead.

If governmental authority is wholly uninvolved (i.e. not even invoked by private actors), there's no first amendment issue.

Re:what could be unconstitutional, as well in the

[Jadrano]

Still, why should mandated labeling by any problem, at all, in connection with the First Amendment? After all, I thought the First Amendment was about free speech, not about coercion of people to receive messages.
I don't think it's the case, but if the First Amendment had the absurd consequence of restricting people's rights to decide which messages they want to see, I guess the wording of the First Amendment should be changed.

Re:Spam needs a global solution (Global Solution)

[minas-beede]

"Do you think they care? They'll just move thier tasks to net providers that take no interest in security. And if that doesn't work, look for open proxies in third-world countries, etc.."

Let's suppose the spammers, though diligent use of open relay and open proxy honeypots, are down to one last 3rd world country where they can find systems to abuse. Do we (a) cry at our misfortune or (b) try to persuade operators in that one last country to run honeypots?

As it stands they still look for open relays (and I'd guess open proxies) in the good old USA. Why not be an early example for the operators in that last 3rd world country and run a honeypot now, so they can see the advantage?

Thee's been some might fine honeypot success overseas. Moscow isn't 3rd world, of course, but that honeypot was a sensation. I don't even know where (what country) the 235-million-trapping honeypot is located. Some mighty old hardware has been used for honeypots - even stuff the 3rd world might easily have to spare. They can run Jackpot on Windows systems. If they're on the net in suffucient number to matter to the spammers then there's almost certainly sufficient resources that can be used to fight the spammers.

I invite you to try Jackpot. Just load it and start it, trap relay tests only. You may be surprised.

http://jackpot.uk.net/

Last Post!

[alpg]

Science is built up of facts, as a house is with stones. But a collection
of facts is no more a science than a heap of stones is a house.
-- Jules Henri Poincar'e

- this post brought to you by the Automated Last Post Generator...