Aggressive Email Filtering Blocks Political Debate

Stephen writes "Many of us have spam blockers operating on our mail. But according to this BBC article, when British members of parliament starting having their emails filtered last month, it stopped them talking about genuine political business such as the Sexual Offences Bill, and prevented them receiving some constituents' emails." This problem has bit me on the bum a few times too. About 1 message in every 250 spam is a false hit. Course thats about once a day :(

Maybe good

[jhouserizer]

These types of incidents may be good in the long run - if it makes law makers "wake up" to the problem of spam.

...We can only hope... Perhaps we could even start bombarding law makers with spam ourselves? - that would raise their awareness!

Re:Maybe good

I don't know where everyone gets this 250 spams a day crap. I have had the same email address for years, and only get 2 or 3 spam messages a day. And it isn't even that fancy of an address.

hadenmindy@knology.net

Re:Maybe good

You can already do this... send your spam to uce@ftc.gov

Especially the ones that don't allow opt out. They DO investigate them.... but with over 60,000 spams per day into that address, their staff is able to digest them into a database, making it available to any law enforcement agency, which is categorized by area, then the local law enforcement officials spend time each week going through the worst ones.

In order for them to do their jobs, it's important to include FULL headers and whether or not they honor opt outs. These are the ones they pay attention to.

It's always a good idea to include the result of the opt out effort. IE: Copies of the bounced message, 404 errors, or any other kind of error you get when attempting to opt out. If they have a web site the spam advertizes, including a "Whois" record on the domain owner will push your submission "above the noise" when you send in your spam to the FTC.

Of course, opting out MAY increase your spam, so always use a disposable Email address when submitting to newsgroups. That's why God (Bill Gates?) invented Hotmail.

Apparently the FTC DOES test out the opt out mechanisms, but if you can provide them accurate information, they would choose to handle the ones that involve less work on their part. It's all about "getting above the noise". It WORKS.

I'm dealing with FTC on MANY spam related issues at present, and know what they want, and how they work.

The things they investigate:

a) Whether or not opt out mechanism works
b) Accurate contact information
c) refusal to opt out, or repeat mailings

Often they are easy to track down via "register.com". If they have web sites promoted in the spam, getting at them through their domain name registry is really effective. "samspade.net" also has some really good tools you can use to track them down.

On some ocassions, I find they have inaccurate "whois" information. But I report these to the Registrars. This usually results in their web sites getting shut down, because Registrars take a dim view of inaccurate "whois" information.

Contacting "abuse" at NetworkSolutions can usually get them to investigate. In about 2 weeks, if the domain owners don't respond (probably due to invalid contact info), they pull the domain and shut down the spammers site.

I hope other people in /. land exploit these new spam fightning ideas, and if they notice inaccurate "whois" information, to also point it out to NetworkSolutions.

Re:Maybe good

[jhunsake]

Surely they get an order-of-a-magnitude more spams there a day than 60,000. I know I send 400 a day (automatically), so that only requires 150 people like me.

Re:Maybe good

[tcr]

I don't know where everyone gets this 250 spams a day crap. I have had the same email address for years, and only get 2 or 3 spam messages a day. And it isn't even that fancy of an address.


How many domains do you have?

Dear sales/postmaster/abuse etc..

Re:Maybe good

[Dave2+Wickham]

I used to get ~20/day, mostly because the addy was on a tonne of pages on my site... more than my addy (this was forum@aagames.co.uk )

Glad I don't live there

[Achmed+Swaribabu]

Why should they use an insecure system like e-mail for sending data? I wait for the day when we find out how much data terrorists get on the sly from simple little plain text emails.

Re:Glad I don't live there

You can probably tell us, eh, eh "Achmed" :o)

Re:Glad I don't live there

[mustangdavis]

Why should they use an insecure system like e-mail for sending data?

It isn't so insecure if you use PGP .....

Re:Glad I don't live there

[citog]

Because most of the people they should be talking to , i.e. constituents, also use this insecure system. In reality, most of the politicians I know use email aren't discussing state nuclear secrets or troop movements. If certain politicians are likely to leak sensitive information this way I would be far more concerned about what gets picked up from the far more insecure system - VoA (Voice over Air)

Re:Glad I don't live there

[Achmed+Swaribabu]

If they use PGP then the spam filter wouldn't be catching their emails by filtering on plain text words now would it?

It's obvious that they're NOT using encryption and that is point of my email.

Re:Glad I don't live there

[gborland]

The British political process is supposed to be open to public scrutiny!

Re:Glad I don't live there

[Lawbeefaroni]

And it's obvious that they should use PGP to encrypt emails from huffy constituents or emails that contain draft language of a law that will be public anyway?

Imagine if that email complaining about a 4% increase on beer tax fall into the wrong hands...

I am willing to be that the SAS doesn't send emails to MPs (or anyone for that matter) outlining their next secret operation.

Regulation

[Marco_polo]

I can just imagine the outrage if this happened to the bush administation.

'what do you mean no one got my emails?'

'It seems your.. uh... last name is causing some issues with spam filters sir'

'That's it.. lets bomb the spammers'

Re:Regulation

Sticker i`ve seen around London:

Bush. It's another name for a cunt.

Re:Regulation

Unfortunatly he would be more like to bomb the spam filterers.

Re:Regulation

yeah, right up there alongside:

Q: What are the Prince of Wales' ears good for?
A: Gives the Irish something to hold on to.

Re:Regulation

The problem would be that, like the terrorist organizations, locating all the spammers will turn out to be very difficult, so Bush will say we really need to go to war with Slashdot, as they are likely connected to "hackers".

Re:Regulation

And, coincidentally, he refers to the citizens of the USA as a wig for that very region of the female:

"My fellow Merkins..."

Re:Regulation

[Levine]

That's it.. lets bomb the spammers

No, no, you've got it all wrong. That's it.. let's bomb Iraq.

Re:Regulation

[AndroidCat]

Pfft, locating spammers isn't that hard. Besides, they could just hire shiksaa, the minor goddess of news.admin.net-abuse.email, no worries!

Re:Regulation

[jazman_777]

No, no, you've got it all wrong. That's it.. let's bomb Iraq.

Colin Powell will present incontrovertible evidence Feb 8. linking Hussein with Sanford Wallace.

Re:Regulation

[C0LDFusion]

Bush: We've got the smoking gun. Saddam Hussein has been funding Weapons of Mass Spamming.

Re:Regulation

No, wonder, the lost e-mail contained such words as "Vice" and "Dick" in the same sentence.

Re:Regulation

[demaria]

Now there's a US policy all slashdottters can support!

Re:Regulation

[sakeneko]

I can just imagine the outrage if this happened to the bush administation.

'what do you mean no one got my emails?'

'It seems your.. uh... last name is causing some issues with spam filters sir'

'That's it.. lets bomb the spammers'

A culmination devoutly to be wished, but I suspect the response would more likely be, "Let's bomb the spam filter authors." <wry grin> In the U.S., both the Republican and the Democratic national committees have spammed, and a number of lawmakers, including, recently, Sen. Joseph Lieberman. Most politicians define spam as, "unwanted email sent by somebody else." :/

Spammers have made filtering necessary, of course. Further, to the best of my knowledge (and I do know something about spam filtering ), mail filters always and inevitably result in a non-zero rate of false positives. The rate can be extremely low with good technology, but never zero.

But I doubt very much that most people in Washington, or in London, or in Berlin, or in Beijing, or in Moscow, or... will realize this.

Re:Regulation

it wouldn't be bomb the spammers. by that token, bush would be saying 'lets bomb the united states', IE the ones responsible for arming iraq

Re:Regulation

[glesga_kiss]

last name is causing some issues with spam filters sir

Ditto for the poor unfortunate residents of Scunthorpe, England.

Just as well there isn't a "Clearyourbillsvile" or "Enlargeyourpenis Avenue" anywhere!

Re:Regulation

[gmuslera]

Filtering based in very common words has proved dangerous. Some of the problems of this (for http proxies) has been covered here

Re:Regulation

He can read and write?

Re:Regulation

[AndroidCat]

There is a Climax Michigan. (I wonder what the town limit signs say: "You are now entering Climax" "Climax Pop. 24,000"??)

Re:Regulation

[njchick]

Intercourse, PA is real. There even have a newspaper Intercourse News.

Re:Regulation

IMMEDIATE ATTENTION NEEDED:

HIGHLY CONFIDENTIAL

FROM: GEORGE WALKER BUSH
DEAR SIR / MADAM,

I AM GEORGE WALKER BUSH, SON OF THE FORMER PRESIDENT OF THE UNITED STATES OF AMERICA GEORGE HERBERT WALKER BUSH, AND CURRENTLY SERVING
AS PRESIDENT OF THE UNITED STATES OF AMERICA. THIS LETTER MIGHT SURPRISE YOU BECAUSE WE HAVE NOT MET NEITHER IN PERSON NOR BY CORRESPONDENCE. I CAME TO KNOW OF YOU IN MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON TO HANDLE A VERY CONFIDENTIAL BUSINESS TRANSACTION, WHICH INVOLVES THE TRANSFER OF A HUGE SUM OF MONEY TO AN ACCOUNT REQUIRING MAXIMUM CONFIDENCE.

I AM WRITING YOU IN ABSOLUTE CONFIDENCE PRIMARILY TO SEEK YOUR ASSISTANCE IN ACQUIRING OIL FUNDS THAT ARE PRESENTLY TRAPPED IN THE REPUBLIC OF IRAQ. MY PARTNERS AND I SOLICIT YOUR ASSISTANCE IN COMPLETING A TRANSACTION BEGUN BY MY FATHER, WHO HAS LONG BEEN ACTIVELY ENGAGED IN THE EXTRACTION OF PETROLEUM IN THE UNITED STATES OF AMERICA, AND BRAVELY SERVED HIS COUNTRY AS DIRECTOR OF THE UNITED STATES CENTRAL INTELLIGENCE AGENCY.

IN THE DECADE OF THE NINETEEN-EIGHTIES, MY FATHER, THEN VICE-PRESIDENT OF THE UNITED STATES OF AMERICA, SOUGHT TO WORK WITH THE GOOD OFFICES OF THE PRESIDENT OF THE REPUBLIC OF IRAQ TO REGAIN LOST OIL REVENUE SOURCES IN THE NEIGHBORING ISLAMIC REPUBLIC OF IRAN. THIS UNSUCCESSFUL VENTURE WAS SOON FOLLOWED BY A FALLING OUT WITH HIS IRAQI PARTNER, WHO SOUGHT TO ACQUIRE ADDITIONAL OIL REVENUE SOURCES IN THE NEIGHBORING EMIRATE OF KUWAIT, A WHOLLY-OWNED U.S.-BRITISH SUBSIDIARY.

MY FATHER RE-SECURED THE PETROLEUM ASSETS OF KUWAIT IN 1991 AT A COST OF SIXTY-ONE BILLION U.S. DOLLARS ($61,000,000,000). OUT OF THAT COST.

THIRTY-SIX BILLION DOLLARS ($36,000,000,000) WERE SUPPLIED BY HIS PARTNERS IN THE KINGDOM OF SAUDI ARABIA AND OTHER PERSIAN GULF MONARCHIES, AND SIXTEEN BILLION DOLLARS ($16,000,000,000) BY GERMAN AND JAPANESE PARTNERS.

BUT MY FATHER'S FORMER IRAQI BUSINESS PARTNER REMAINED IN CONTROL OF THE REPUBLIC OF IRAQ AND ITS PETROLEUM RESERVES.

MY FAMILY IS CALLING FOR YOUR URGENT ASSISTANCE IN FUNDING THE REMOVAL OF THE PRESIDENT OF THE REPUBLIC OF IRAQ AND ACQUIRING THE PETROLEUM ASSETS OF HIS COUNTRY, AS COMPENSATION FOR THE COSTS OF REMOVING HIM FROM POWER.

UNFORTUNATELY, OUR PARTNERS FROM 1991 ARE NOT WILLING TO SHOULDER THE BURDEN OF THIS NEW VENTURE, WHICH IN ITS UPCOMING PHASE MAY COST THE SUM OF 100 BILLION TO 200 BILLION DOLLARS ($100,000,000,000 - $200,000,000,000), BOTH IN THE INITIAL ACQUISITION AND IN LONG-TERM MANAGEMENT.

WITHOUT THE FUNDS FROM OUR 1991 PARTNERS, WE WOULD NOT BE ABLE TO ACQUIRE THE OIL REVENUE TRAPPED WITHIN IRAQ. THAT IS WHY MY FAMILY AND OUR COLLEAGUES ARE URGENTLY SEEKING YOUR GRACIOUS ASSISTANCE. OUR DISTINGUISHED COLLEAGUES IN THIS BUSINESS TRANSACTION INCLUDE THE SITTING VICE-PRESIDENT OF THE UNITED STATES OF AMERICA, RICHARD CHENEY, WHO IS AN ORIGINAL PARTNER IN THE IRAQ VENTURE AND FORMER HEAD OF THE ALLIBURTON OIL COMPANY, AND CONDOLEEZA RICE, WHOSE PROFESSIONAL DEDICATION TO THE VENTURE WAS DEMONSTRATED IN THE NAMING OF A CHEVRON OIL TANKER AFTER HER.

I WOULD BESEECH YOU TO TRANSFER A SUM EQUALING TEN TO TWENTY-FIVE PERCENT (10-25 %) OF YOUR YEARLY INCOME TO OUR ACCOUNT TO AID IN THIS IMPORTANT VENTURE. THE INTERNAL REVENUE SERVICE OF THE UNITED STATES OF AMERICA WILL FUNCTION AS OUR TRUSTED INTERMEDIARY. I PROPOSE THAT YOU MAKE THIS TRANSFER BEFORE THE FIFTEENTH (15TH) OF
THE MONTH OF APRIL.

I KNOW THAT A TRANSACTION OF THIS MAGNITUDE WOULD MAKE ANYONE APPREHENSIVE AND WORRIED. BUT I AM ASSURING YOU THAT ALL WILL BE WELL AT THE END OF THE DAY. A BOLD STEP TAKEN SHALL NOT BE REGRETTED, I ASSURE YOU. PLEASE DO BE INFORMED THAT THIS BUSINESS TRANSACTION IS 100% LEGAL. IF YOU DO NOT WISH TO CO-OPERATE IN THIS TRANSACTION, PLEASE CONTACT OUR INTERMEDIARY REPRESENTATIVES TO FURTHER DISCUSS THE MATTER.

I PRAY THAT YOU UNDERSTAND OUR PLIGHT. MY FAMILY AND OUR COLLEAGUES WILL BE FOREVER GRATEFUL. PLEASE REPLY IN STRICT CONFIDENCE TO THE CONTACT NUMBERS BELOW.

SINCERELY WITH WARM REGARDS,

GEORGE WALKER BUSH

Switchboard: 202.456.1414 Comments: 202.456.1111 Fax: 202.456.2461
Email: president@whitehouse.gov --

Re:Regulation

[stompro]

OT, but the gas station in Climax, MN sells t-shirts that say "Climax, more than just a feeling". Climax MN is about 15 miles south of Crookston which is 60 miles north of Fargo/Moorhead.

Sorry, had to share.

Maybe we Slashdot can buy this filter technology..

[gpinzone]

...to eliminate all the dupe stories!

Remove all their filters

[3vi1]

I think polititians shouldn't have any filters on their e-mail.

After about 2 weeks of what the average person goes through, we'd see stronger anti-spam legislation/penalties.

Re:Remove all their filters

Who knows, maybe those politicians will have longer penises.

Re:Remove all their filters

[bigsteve@dstc]

I think polititians shouldn't have any filters on their e-mail.

Politicians don't have enough time to read all email (or letters) from constituents. They have staff whose job it is to do this. These staff act as filters.
Politicians (and their staffers) are also human beings. Why shouldn't they be allowed to defend themselves against spam, viruses, orchestrated email harassment campaigns and mindless foul-mouthed diatribes from random idiots?

We elect politicians to do a job of representing their electors, NOT to be targets for abuse. Let them filter as they choose. If they decide it is ignore particular kinds of communication directed to/at them, we can always vote them out.

After about 2 weeks of what the average person goes through, we'd see stronger anti-spam legislation/penalties.

Nice idea, but it won't work. The politicians would simply stop reading email ... or employ more staff to do the job for them. By the way,
given that the "average person" uses some kind
filtering, why shouldn't the politician do so too?

Re:Remove all their filters

[Mike1024]

Hey,

After about 2 weeks of what the average person goes through, we'd see stronger anti-spam legislation/penalties.

Unfortunately, the UK government's laws wouldn't affect the united states (where most of my spam comes from), or china, or any of the other big spamming countries.

I doubt spammers would be extradited, so apart from stopping them entering the country, there's not much that a law would do.

Michael

Work around

If you know there is filtering in place at someone's place of business, simply create a text file, zip it, and don't put any offensive words in the subject field.

Re:Work around

[Cy+Guy]

create a text file [&] zip it

Unless the recipient is expecting this they should just delete the message. I routinely delete any email that has zipped attachments unless I have previously agreed with the sender to send it that way. (That's assuming the recipients mailserver doesn't routinely strip zip files off as an enterprise virus protection measure in the first place.)

But one way your suggestion could be modified that will work for anyone whose email can view HTML is to print your message to graphic file, convert it to a GIF and embed it into a simple a webpage.

The reader will open the file and see what looks like a text message, but it actually will be the GIF image of your message.

Most filters don't block HTML and GIF files.

Re:Work around

how about attaching .pdf files? do filters scan those?

Re:Work around

[AssFace]

I've been enjoying spamassassin now and then I thought about ways around it, just as a matter of curiosity.

the image approach that you mention there is the first thing that I thought of, and it made me want to work on a way around it.
I know enough about image recognition that I could write a script to use that image as input and scan it and treat it as text - then run it through spamassassin.

it could be an add on to spamassassin...
but at this point, not enough spam is coming in that format to me (meaning "none") for me to worry too much about it.

Re:Work around

[AndroidCat]

Most filters don't block HTML and GIF files.

Oh? Many people set their filters to tag'n'bag (or simply dump) any non plain-ascii email. I treat any email with HTML, base64, or an attachment of any kind as probably spam and potentially dangerous, and inspect it before reading it.

Re:Work around

[Cy+Guy]

at this point, not enough spam is coming in that format to me (meaning "none") for me to worry too much about it.

I'm surprised by you not getting SPAM in that format since I get it all the time, of course there is a good chance that the spammer is including enough text in the message that the ones you are getting are being caught by the filter.

FYI, trying to find an example in my Yahoo based account I use for spam-at-risk correspondence, I see that they have now added an option to not display embedded images in email by default - if you select that option on your email preferences page. After changing to that option, I find that most of the spam in my inbox all looks the same with a big empty space where an image would normally be embeded in an HTML table, followed by some fine print that says "if the image doesn't display on your screen CLICK HERE" and then by "If you would like to unsubscribe from [insert name of spamming service du jour here] then please send an email to this address (or paint a big fat target on your chest and try storming Saddam's Palace - which is the most certain way to avoid future spam).

Re:Work around

Alright. render your 5k text message into a 980KB jpeg file and send it away.

Re:Work around

Use PowerPoint like the guys in marketing, and you should be able to get it up to a few meg.

Re:Work around

[stephanruby]

"Oh? Many people set their filters to tag'n'bag (or simply dump) any non plain-ascii email."

Many legitimate people unwittingly send html emails. You may not want to receive emails from those kinds of people, but I don't know what the big deal is. Personally, I have KDE mail, I set it not to render html, and whenever I do receive some spam, I filter it by the email which sent it to me. This way, I don't get false positives, I do receive some *new* spam once every month, but I certainly don't receive enough to lose any sleep over it.

Re:Work around

[AndroidCat]

I filter it by the email which sent it to me. This way, I don't get false positives

I'm not sure what you mean by that. You do realize that most spammers forge the From address (and frequently use someone else's actual email address)?

It really depends on volume. If you have the bad luck to get added to a number of "millions" CDs, or if you use it on a web page or Usenet posts, you'll get a LOT of spam. (I use a sacificial hotmail mailbox for that, and forward the occasional non-spam to my real mailbox.)

Re:Work around

[stephanruby]

I'm not sure what you mean by that. You do realize that most spammers forge the From address (and frequently use someone else's actual email address)?

I do realize this and I don't have a problem with blocking a strangers' email address, even if it's a forgery. Right now, I have 30+ specific filters set up, so I know my email is being passed around on the internet, but I guess I really don't have that much spam.

Subject line?

[caluml]

Is it possible to make your SMTP server look for a certain subject line, and if it doesn't see it, bounce the email with a message that basically says:

Please resend this message with yyf6d55s in the subject line.

Change this magic key each week/month, and only the first email from each person that they send each month will need to be resent.

Re:Subject line?

[Mourgos]

That would be very annoying. Unless this process can be automated.

Re:Subject line?

[Carbonite]

Imagine that this system was widely used and every week/month everyone had to figure out which codes they had place in their subject line to communicate with people. Also, how many minutes do you think it would take for the spammers to write a script that scanned the bounced message and append the code to the next round of e-mail?

Re:Subject line?

[SScorpio]

This could actually work... Most spam I get has invalid reply-tos. Making this automatic would at least stop these types of spam and force a real mailbox.

Re:Subject line?

[Gheesh]

I think that by current spam technology, having a reply is proof that the address is active. So, instead of getting less spam, you would be getting *more* (yes, as a user you might never read it but it may collapse the mail server, especially since it will bounce back spam).

Re:Subject line?

[Kphrak]

People have rehashed this idea every time a spam discussion comes up. It will block 99.99% of spam at first, but it's annoying to the sender and a waste of time...and it still doesn't guarantee you get the message when you want it.

Let's say Allen sends a message to Bob. He needs the memo by 5:00 today for the big presentation. Bob was stuck in traffic. He sends it at 3:00 and rushes off to another meeting. Maybe he forgot to use the key; maybe it was changed for this month. In any case, the message gets bounced. In this scenario, email now heavily depends on a manual element, one that is irritating and prone to failure.

Might as well poke a few more holes in this: If this plan gets widespread, spammers can find the magic key in your message simply by searching for something that matches a regular expression (some general form of "Please resend this message with yyf6d55s in the subject line.") and looking for nondictionary words. It's as easy to spot a rejection message in this form as it is to spot spam by looking for an opt-out line.

Re:Subject line?

Sure, but wouldn't it be a whole lot easier to just use TMDA?

Re:Subject line?

[AndroidCat]

Yeeess... You'd want to check the RFCs carefully to get it right. (Most email bouncing happens at the HELO stage.) You would have to receive the entire email before bouncing it.

Suggestion: A white-list of people who never have to use a key. (Mailing-lists, if nothing else.)

Expect a certain amount of people to just go away rather than jump through hoops. (And if one was a job offer... D'OH!)

Re:Subject line?

what about automated things that you DO in fact want to recieve? say i order something online and they send a receipt? (then again, amazon.com sends you a receipt, but promptly spams you after that.)

i still believe...

[Mourgos]

that the best anti spam method is to block certain IPs. No filtering based on content.
Sometimes filtering CC entries works pretty good.

Re:i still believe...

Great. All we need to do now is to force every email-related program to add the originating IP address to each email.

Re:i still believe...

[sqlrob]

It's something called a mail server. Maybe you've heard of it?

It already happens.

thats an easy one

[xao+gypsie]

it stopped them talking about genuine political business
thats because they no longer knew how to enlarge their penises and missed being notified that some russian woman wanted them so badly that it hurt.
that would certainly stop our gov't, at least..

xao

Do any work?

[josh+crawley]

Do any spam filters work (as in NOT throwing out legit mails) other than ourselves?

Re:Do any work?

[pla]

Sure. I use a reasonable set of rules (by "reasonable", I mean that I don't blindly look for all possible words having to do with commerce or pornography) to ID a message as spam, then a whitelist to make sure no messages from anyone I know has accidentally gone into the trash bin.

I still get perhaps a half dozen spam messages per day to manually delete, but out of over 100, and AFAIK I have no false positives.

Re:Do any work?

popfile (popfile.sourceforge.net) works well for me. I had a relativily large selection to train it with, and a false positive once every week or so, and it's usually a joke or something from co-workers. And scanning the spam folder only takes about 10-15 seconds to check subject headers (anywhere from 40-100 spam per day), so it definitly saves time

Re:Do any work?

[Anonymous+Cow+herd]

Do any spam filters work (as in NOT throwing out legit mails) other than ourselves?

I use spambouncer, which, over the months I've used it, has blocked about 7k spam messages. It has a fairly complex filter, and good whitelisting capabilities, so I get the mail I want. I've had a few spams make it through, but it's fairly simple to add the domains to the list. It takes a while to configure the whitelists to get them working well, but since then, I've had a grand total of about two or three false positives (out of 12k e-mail messages total). I keep half an eye on it during the workday, and totally keeps my personal email clean of garbage.

Re:Do any work?

I do email filtering enterprise-wide with "Mailwasher". It allows you to blacklist and whitelist by address, and interfaces to popular SPAM DNS services like SPAMCOP.

mailwasher.com or something is it's addy, I think...

Re:Do any work?

My favorite is OS X's Mail.app...I get zero spam in my inbox. It all gets filtered to a junk mail folder, which then gets emptied every three days..right now its at 1003 unread emails. I check the junk mail from time to time, and I haven't seen any emails I want in there so its very very good at what it does :)

Re:Do any work?

[nanojath]

Some of the stuff that's been reported on Slashdot on Bayesian filtering seems capable of eliminating false spam identification at a minimal cost of false legit identifications. The benefit is that you could establish a borderline (Bayesian filtering, and I'm just going off my limited knowledge from reading a few articles so the wiser may please expand and correct) assigns a value on a spam or not scale based on a statistically generated profile from real world examples of what makes spam "spammy." This eliminates the black and white tendencies of automatic filters (I say, delete everything that says "bigger penis," then miss the email where a friend complains that his girlfriend left him for someone because he...). You could also assign a borderline range so that you could review the few emails that may or may not be spam. If the service were well set up, you could even have a reply function to let whoever was running the filter know, yes, the questionable message was spam or no, it was legit, which would continue to make the filters more robust.

The problem is, it would have to be adjusted continually to adapt to the evolution of spam, so this would ultimately need to be a paid service. Personally I would gladly cough up 5 bucks a month to eliminate spam.

Re:Do any work?

I also filter out emails with HTML tags in them..thats always spam :) i also turn it off so i only see text..i donno why i would want to d/l pictures in my email. its lame

Re:Do any work?

[AnotherBlackHat]

Do any spam filters work (as in NOT throwing out legit mails) other than ourselves?

All filters have a false positive rate, even us.

There are a number of approaches that have proven extremely reliable - i.e. 0 detectable false positives.
Human secretaries for example.
Another low false positive approach is DCC with a trusted network. The idea here is that only email which exactly matches email sent to a known spamtrap is marked as spam.

Spam assassin can be tuned to require a higher "spammyness" count. This means you can trade higher number of false negatives for a lower number of false positives.

Whitelisting and challenging rather than discarding also reduce false positives.

-- this is not a .sig

Re:Maybe we Slashdot can buy this filter technolog

...to eliminate all the dupe stories!

False Positive

[propheci]

the problem is that just by knowing there could be a false positive, you have to examine all your filtered spam, which makes the spam filter useless in the first place.

Re:False Positive

[troc]

Kind of - I also find I end up reading, or at least checking, all teh stuff my mail app sends to the spam folder - and I guess I get one false positivie every 200 or so spams. However I find it much quicker browsing the spam in the spam folder, knowing it's probably spam than trying to weed out the spam in my inbox.

So, the filtering perfomed by my mail app does save me some time but not as much as it could if the filtering were perfect.

Troc

Re:False Positive

[antis0c]

Not entirely. I have all my potential spam filtered into a SPAM folder. That's only potential spam, things like vbs worms are deleted by the mail server with procmail.

I then just take a quick glance at my SPAM folder and all the subjects, I get around 400 spams a day, so it takes maybe a minute to scroll through real quick, anything that's potentially not spam, maybe 10 mail messages, I actually look at the body. If not, I just delete the entire contents of the folder immediately.

It's not fool proof, but I have caught a number of emails that were from family that happened to have various spam-like features in the body, but the subject and from were obviously from my family. Doesn't seem so useles to me.

Re:False Positive

[lessthan0]

A better solution (the one I use) includes a summary report of spam filtered each day. The report lists the number of spams from each sender and I can usually spot valid mail in the list of "From"s without having to look at a single message.

If I spot a false positive, then I dig into my spam archive for that day and check it out.

I use the spastic filter:
http://spastic.sourceforge.net

Re:False Positive

You can offload the burden of handling false positives by handing messages determined to be spam off to TMDA. Then the sender gets to tell you that it's not spam.

Re:False Positive

[marcopo]

Not completely. Going over a hundred messages once a week, and quickly scanning them before erasing them all is much less annoying then having that spread out over the whole day.

Re:False Positive

[miratim]

Am I the only person who gets maybe 2 spams a week? I never give out my "real" email address to companies or online services. I have a free webmail account for that. I only give my actual email address out to friends/family. Granted, the webmail account gets several spams a day, but the only time I check it is when I know I'm going to get an order confirmation from a company or something.

Re:False Positive

[Darren+Winsper]

Well, it's not quite as easy as you think. For example, I have an e-mail address I never gave out except to a few people. At the beginning of this year, I started recieving about 3 spams a day to it, all from the same people (Advertising different things and having different addresses, but the spam has the same layout design). Now, I'm not sure how they got hold of it, but they did, and I have to deal with it.

Thank God for Mozilla's spam filters.

Re:False Positive

[mosschops]

Now, I'm not sure how they got hold of it, but they did, and I have to deal with it.

That's made easier to deal with if you have mail services that provide unlimited mailboxes (or if you have your own domain). It means you can set up a separate mailbox/alias for each service you use (slashdot@mydomain.com, ebay@mydomain.com, etc.).

If you start getting spam to any of them you immediately know the source of the leak, and can block further access to that alias. If you still want the service you were using, simply sign it up for another mailbox.

You can do all of the above yourself quite easily with a Linux box, or could pay for the service through somewhere like port995.com (UK-based, like me).

Re:False Positive

[zenyu]

Am I the only person who gets maybe 2 spams a week?

You're not the only one. I have some addresses that get virtually no spam. The problem is with my work e-mail. I've had the same one for about 8 years so it's by now it has long ago escaped into the wild. I never give out my real e-mail unless I'm personally handing someone a business card yet I get shitloads of spam. Thankfully with the help of my SysAdmins non-blocking spam filter I've set up a procmail script that sends those and any other suspicious e-mails to my spam folder. Not more than 3-5 get through a week now. And, I like the non-blocking aspect of it since it means I can check for real e-mails every few weeks. The SysAdmin also only allows fully patched SSL capable mailservers to connect which probably cuts down on SPAM too, though that has sent some e-mails into the ether.

Re:False Positive

[ajs]

Not at all, and you're thinking about far too simple a model.

With SpamAssassin, I deal with spam in 3 ways:

1. Mail that gets a score of 20 or more is sent to /dev/null. Mail would have to be carefully crafted to achieve a 20 unless it truly is spam. Such effort is not to be rewarded :-) Keep in mind that mail about laws on sexuality or other simple examples cited in this article would never get NEAR a 20.

2. Mail that triggers both the Bayesian and Razor2 tests is sent to /dev/null. This is a very nice way to identify that a) there's a consensus that this very message is spam and b) my local mail patterns indicate that this is spam.

3. Anything else with a score of 4 or more is marked in the subject line and I have a virtual mailbox in my mail client that I use to glance at the from addresses. If something looks plausible, I check it out.

As of the development version of SpamAssassin that I'm using (about a week old out of CVS), I get a false positive rate of about 1:100-200 messages and during testing over the last couple of months, I copied the messages that would have gone to /dev/null to a mailbox that I scanned carefully. None of the messages that I would have thrown out were non-spam.

I get a LOT of mail form lists, spammers, friends, random people on the net, machines spewing status, etc. I feel that I'm a reasonably good QAer for this sort of thing, and the new SpamAssassin will rock your world (and the spammers')!

Re:False Positive

[tacocat]

I've outlined a solution at my website which has proven to be very accurate in removing the problem of False Positive.

I'm in the process of rewriting the code because what I have out there right now is not very robust at all. But the concept is robust!

I spent this last weekend rewriting the code base and have managed to run thousands of spam-only emails a day. Far more than my bandwidth can possible handle! And the best part of the entire project is that normal users, sending normal email, have no idea that this exists. It only triggers when you send me spam.

This allows normal email to run business as usual while the spammers suffer all the results.

Re:False Positive

[mph]

which makes the spam filter useless in the first place.

Well, not really, depending on your habits. Like a lot of people, some of the emails I get are about urgent work-related stuff. So if I'm working, and xbiff goes "beep!" I briefly stop what I'm doing to look at the email, and then go back to work.

Spam filters stop literally dozens of such interruptions every day, and I can review the list of blocked spam in less than a minute, once a day.

I also send copies of my email to my cell phone, so the spam filter means that I get fewer distractions while I'm away from work, and spend less time deleting mail from the phone (which is more cumbersome than on the computer).

Re:False Positive

[AnotherBlackHat]

Basically the same approach is used by spamwolf

Challenging suspected spam is a lot better than just deleting it, but it's still not perfect.
You can run afowl of important mass mailings.
For example, when Network Solutions sends out domain name renewal notices,
they frequently include enough crap that it looks like spam, and they don't have a valid return address.
Most people want to see the message anyway.

On the other hand, your spam filter doesn't need to be perfect, it just needs to be better than you.

-- this is not a .sig

Re:False Positive

[tacocat]

Is spamwolf yours?

Re:False Positive

[AnotherBlackHat]

Yes, spamwolf is mine, that's why I'm so familar with it.
There are probably many others like it.

-- this is not a .sig

The type of spam filtering?

[mrs+clear+plastic]

I can easily see why this may be happening. The types of filters that use keywords can easily fall into this.

I understand that keywords and phrases such as
'free money' 'zero percent financing' 'win
million dollars' 'sex xxxxx pictures!' and so
on can trigger many filters.

I would like to think that the better designed
filters would use a combination of key words as
well as suspicious domain names and/or IP
address blocks to do filtering.

The spam filter that is used on my email account does not filter out, but it does add the word
'SPAM?' into the subject line of the email message. I can then see right away if it is
really spam or is something mistaken by the filter for spam. The message is not blocked, though.

Mark

Re:The type of spam filtering?

wow, what a genius you are

you still have to see the spam, so your filter
does 0 good

but i bet you're very proud

i bet you're one of the countless 'ID3 Tag Editor'
authors over on freshmeat

Re:The type of spam filtering?

[worst_name_ever]

I understand that keywords and phrases such as 'free money' 'zero percent financing' 'win million dollars' 'sex xxxxx pictures!' and so on can trigger many filters.

Sorry, I'd like to reply to your post but my web filtering software is blocking it! ;)

Re:The type of spam filtering?

[Unordained]

keyword filters are, indeed, a problem -- my girlfriend constantly informs me of what filters she has in place, just so i'll know which body parts of mine -not- to talk about in my (rare) emails to her. i also can't suggest too many interesting romps ... those would get filtered. it even seems like a bad idea to suggest she go look at a certain product, quoting a price ... all gets filtered.

whitelist? nah. it's not her style. anyone may at some time or other deserve to be severely ignored. no whitelist.

Re:The type of spam filtering?

[mrjive]

This is exactly how Spam Assassin works. If they are concerned about this, they should be using a spam filter that only tags incoming messages (that individuals can sort out in their repsective inboxes), rather than fully blocking them.

No spam filter is 100% accurate, so completely blocking any incoming messages seems like a rather foolish thing to do in the first place.

Re:The type of spam filtering?

please put your mouth around my hot dog! (oh wait, i mean penis. oh wait, that just made it filtered out. DOPE.)

Filtering just doesn't work

[OpenSourced]

The only longterm solution to spam (that I can think of, of course ;) is to create a "new" e-mail community, where servers would only accept e-mail from a list of "trusted" servers. Any server discovered spamming would be kicked off the list in no time. We would end up with a smaller, nicer, cozier e-mail system.

Re:Filtering just doesn't work

[NivenHuH]

The only problem with this is... the servers who maintain the lists of trusted servers could start charging for a "email registration" type service. (Kinda like TLD's and the name registrar's out there)... Then eventually you'd start loosing the trust and we'd be back into the same steamy pile of pooh we're in now..

Re:Filtering just doesn't work

[hrieke]

Correct, which is why the MIT spam conference was so disappointing to me.
The filter that works for me will not work for you, the porn star, the priest, or the city counsel member.
A system of trusted email servers is the only workable solution, either that, or the whole email system colpases under the weight of spam.

Re:Filtering just doesn't work

[Grax]

Use DNS to indicate who is trusted to send mail from any particular domain. Let the admins of each domain decide who is trusted to send mail using their return address (see this)

First you prevent them from forging their e-mail headers with the DNS lookup method described above and then you block their domain(s) if you are not interested in receiving their messages.

Re:Filtering just doesn't work

[OpenSourced]

Well, The best laid plans of mice and men often go awry, but I think that, once the services is stablished, nobody would be as stupid as start doing what you suggest. And in any case would be kicked out (granted, the procces of kicking someone out has to be defined). The possibility of offering "safe, spam-free" e-mail should be enough to charge more for the service to the customers.

As I see it, the problem with that idea is really getting the critical mass to be practical. You don't want to start with only 10% of global e-mail users, for example. But after all, as everybody and his mother has a Hotmail account, that could be a good point to start :) Seriously, I think that a consortium of big companies could kick-start it as some only-bussiness deal, and get extended little by little.

Re:Filtering just doesn't work

[jazman_777]

The only longterm solution to spam (that I can think of, of course ;) is to create a "new" e-mail community, where servers would only accept e-mail from a list of "trusted" servers. Any server discovered spamming would be kicked off the list in no time. We would end up with a smaller, nicer, cozier e-mail system.

There is no solution in an open society. Look at all of our communications channels: all the open ones have lots of noise. Mail, phone, your front door, even speech. Mail, radio, TV, and press, where you have to pay to play, has lots of noise. So if you can solve email noise, you should be able to solve it all.

Re:Filtering just doesn't work

That;s great. Who do I email, to get the ability to email you? Kind of myopic aren't you?

That's a real problem with a democracy

[Hairy_Potter]

how to balance open access to constituents without being overwhelmed.

Perhaps Parliament could consider some of the steps that the American Congress has taken. The American Congress has a de facto filter built in to prevent Joe Random crazy from flooding their representatives with spurious requests. Most Congressional requests, letters, phone calls, faxes and emails are tossed out unless they come from certain designated people known as lobbyists. These lobbyists have worked hard to cultivate contacts in the Congress, and can get better results from one office visit than 1,000 letters from voters. In a way, they're professional access voters.

So, maybe the UK could restrict access to just professional lobbyists, it works very well in the US.

Re:That's a real problem with a democracy

[NerdSlayer]

You people are so dumb you think this is a real post? Sorry, if this story was remotly related to microsoft and you people had your thinking caps on you'd be fooled by this troll and scream "But the average Linux-Loving dirty GNU Hippie such as myself doesn't have lobbiest! My bullshit about how we should repeal copyright acts should be heard! Test nuclear devices in Redmond!".

Re:That's a real problem with a democracy

[Draoi]

So, maybe the UK could restrict access to just professional lobbyists, it works very well in the US.

No, it doesn't. It only works well for those who can afford to pay for professional lobbyists & for those who pay to set up 'special interest groups' claiming to represent the vast public when they don't.

When I lived in the US, I can remember the 'Prop. nnn' ads on TV, paid for by 'Concerned Citizens Against Blah' written in small print at the bottom. It always turned out that 'citizens' were actually some big business (often the tobacco industry).

Re:That's a real problem with a democracy

[slummerx86]

I beg to differ. That the system you describe exists means that the US has become (in case anyone needed it spelled out) a plutocracy (gov't of the wealthy).

Re:That's a real problem with a democracy

The parent was using sarcasm, duh.

Re:That's a real problem with a democracy

[Zebidiah]

Is it just me, I thought the parent was supposed to be funny (even if it is true). Why has been moderated informative? Why is everyone taking it seriously

Re:That's a real problem with a democracy

[cdrudge]

Plutocracy

Itsn't plutocracy government of the dogs? Actually, since Pluto is a Disney character, it would still be government of the wealthy corporations.

Re:That's a real problem with a democracy

[CmdrGravy]

Absoloutley, this is definatly the only sensible course of action for any true democracy. A big problem with any government is that the become easily side tracked by minor issues when they should be concentrating fully on the 'real' or important ones. A true democracy should listen most to those who invest most in the state, usually large corporations or wealthy individuals. Large companies can perform invaluable services to a democracy by acting as a proxy between the voters and the government, after all if a company is doing well and making lots of profit this is surely because the voting public endorse this companies products and ethics and are, in a way, voting with their wallets. This policy would ensure that some of the frivilous and airy fairy notions expressed by some of the voting public ( but not to a degree where they are willing to put their money where there mouth is ) do not interfere with those policies targetted at improving a countries bottom line. Some people may quibble that companies are somehow divorced from the general public and should be banned from public life but these allegations are obviously nonsense when you consider that any company worth it's salt is guided by a large body of people called shareholders. These selfless individuals will invest their money and signal a clear commitment to the values and beliefs of their chosen company in way which cannot be matched by ordinary voters simply posting ballot papers. It is easy to put a cross on a piece of paper if you don't have to invest any time and effort in it you will probably not give the action as much thought as you would when choosing which shares to buy.

Re:That's a real problem with a democracy

[LogicAli]

Currently the way it stands in the UK the British electorate has a legal right to contact their local MPs, there would be uproar if Tony Blair even suggested that this could be done. Which is a good thing, people don't trust politians as it is, without making them even more accountable. As for how well it works in the US, I would disagree it just means that bodies with the most money have a disproportional say in how the country works. In any case some of the problems with the filtering seems to have been with internal emails as well as external ones.

Re:That's a real problem with a democracy

Sarcasm is lost on many people

Re:That's a real problem with a democracy

A lot of people think it's true. Not that the UK should follow, but that the US congres never listens. It's not true and I've had enough of "Harry Potter"'s flamebait comments.

Too bad my zoo is full, but I just dumped the person who made me a friend of a friend of Harry and added Harry to my foes. Good enough for me.

Re:That's a real problem with a democracy

[ndogg]

Yes, and the parliamentarians should pay particular attention to the lobbyists with lots of pounds on their person.

Re:That's a real problem with a democracy

[Kallahar]

Or, they could take the next logical step and just have the representatives be officially sponsored by the corporations that bought them, rather than hiding and pretending they're not like they do in the US.

Travis

Re:That's a real problem with a democracy

Smile! You've been trolled!

Re:That's a real problem with a democracy

[Jonner]

Most people seem to ignore the fact that the USA was never intended to be a Democracy, but a Republic. A Democracy is a government of all the citizens, while a Republic is government by representatives of the citizens. By the way, the Republican and Democratic parties have little, if anything, to do with the definitions of Democracy and Republic.

I hope the poster's comment about all communications going through lobbyists was intended as a troll, but unfortunately, that may be the way it actually works. If so, the system is somewhere between a Republic and a Plutocracy, as someone has already mentioned.

Webmail and "spamlets"

[germinatoras]

A similar problem happens with free Webmail or adversiting-supported e-mail accounts. The small advertisements attached to the bottom (I call them "spamlets") will sometimes trigger mail filters.

Watch out for this if you're sending a message from e.g. Yahoo! to Hotmail, who both attach spamlets and both filter incomming mail. They also will not send rejection notices to the sender, so you may never know if you message got through.

Re:Webmail and "spamlets"

[NerdSlayer]

Then honestly those are shitty mail filters. Hotmail and Yahoo are like the #2 and #4 email providers. If your mail filter is blocking hotmail and yahoo and their attached adds (which are usually for themselves from what I've seen), then you need to find a new filter.

Re:Webmail and "spamlets"

[ajs]

As I've pointed out elsewhere, that only happens if you're using astoundingly bad filtering software.

SpamAssassin's scores for each of its many dozens of tests are assigned by a genetic algorithm that uses a database of many thousands of examples of spam and good mail to tune the scoring. Such features of commercial mail accounts are one of the very large set of features that are automatically accounted for without anyone having to lift a finger.

Members not setting up own Filters

This is just another example of poor technical administration. As indicated by the article, the mail administrators are implementing a new filtering process. In any new system, there are bound to be failures. Hell, the British members of parliament probably would not be aware of the issue had someone not poited this out to them!

RWS: AC Due to Censorship!

Pgp...

[NivenHuH]

Perhaps they should start using pgp encrypted/signed stuff and filter out all non-encrypted/signed emails?

*shrug* That's what I do.. I hate getting email from somebody I don't know...

Re:Pgp...

[katre]

That's what I do.. I hate getting email from somebody I don't know...

Hi, just wanted to send you an email to say how much I agree. Whoops, you didn't get it, cause you don't know me!

Re:Pgp...

[NivenHuH]

Heh.. I see your point.. but.. I feel that people who are sending out legitimate mail should have some kind of pgp signature / public key out there.. I don't have to have your key to accept it through my filters, I just have to see that you have a key, and a place to receive your key (usually an x-pgp type mail header)...

Re:Pgp...

What a terrible loss.

Re:Pgp...

You must have one smart family (or no family!) cause I know my inlaws who like to email me could not use pgp!

Re:Spam filter = Censorship

[Kombat]

You're confusing the right to free speech with the privilege of being heard.

predictable as a broken record

and just as not-funny.

yap yap yap. you remind me of one of those little chihuahua dogs.

Public email?

[briancnorton]

It's truly amazing that anybody could make an attempt to use their public email for official business. In general, three accounts is all that you need to never have to read spam again.

Specifically for the parliment, I dont see why they dont just whitelist all other parliment members.

Re:Public email?

[axxackall]

In general, three accounts is all that you need to never have to read spam again.

One account and whitelist-based filter is enough. Even MS Outlook can handle that.

Specifically for the parliment, I dont see why they dont just whitelist all other parliment members.

It must be mandatory for candidate to pass some "IT certified user" exam with tests on how to use email (whitelist filter tuning, never don't open any executable/sriptable email attachment) in addition to other IT (and IQ?) tests. That should help to have less (by both amount and level) idiots representing the country internationally and publicly.

Re:Public email?

[Bastian]

Because regardless of race, nation, or creed, legislation and intelligence are mutually exclusive.

Re:Public email?

[briancnorton]

It must be mandatory for candidate to pass some "IT certified user" exam with tests on how to use email (whitelist filter tuning, never don't open any executable/sriptable email attachment) in addition to other IT (and IQ?) tests. That should help to have less (by both amount and level) idiots representing the country internationally and publicly.

I think this is a question, and my answer is no, the candidates shouldnt have to know squat about computers, that's what their staff is for.

filtering is good....

[morgajel]

...but not perfect.
Ok, here's the situation as I see it.
We have a problem: Spam

We need a solution.
So far filtering has been working good and is slowly getting better, but there's always gonna be the chance for false positives.
so how do we stop this?
I have no clue.
We should probably start cracking down on open relays, even use governmental pressure if needed (on spammers in our countries and on the governments of other countries). They serve no real purpose other than facilitaing spam.
What else can we do? Go after spammers legally. We need to make them pay. I bet if 1000 people sued ralsky for $500 a piece he'd start to take notice, but he still wouldn't learn. Some states, like washington, are doing that, and it seems to be working, or at least getting the spam recievers a little extra cash. If I lived there, I know I'd try it at least once. Hell, I might even pay for my braodband connection with the money I got from spammers:)

I've heard people recommend opt-out lists like they use for telemarketers- that's not gonna work because spammers are much more slimy- they'll use the opt-out list as a verified list.

We're not left with many choices, besides educating people to simply delete spam and DON'T buy from it. make it cost spammers money. if they sell even one thing, they they're winning.

I took a slightly fun approach. I'm building a list of 'legit' companies that sell your email address to spammers. What I did was bought a domain, and whenever I signed up for something, I used the companies name@ the domain, and had it all forward to one account. so when I get spam to musiccity@mydomain.com, I know that musiccity sold my email address (which they did).

Does anyone else have any Ideas how to stop spam? if so, save the redundant mods and reply.

Re:filtering is good....

[nutbuckle]

I've heard people recommend opt-out lists like they use for telemarketers- that's not gonna work because spammers are much more slimy- they'll use the opt-out list as a verified list.

For the most part spammers don't want to send to someone who doesn't want it and who doesn't click or buy. For example: If I can get a list of known people who don't want stuff, why would I waste my time and bandwidth sending to them? I mean come on guys... Think about it. I've worked for a few opt-in mailers so I know the game. Trust me when I say that we don't want to send to you if you don't want it. But granted there are people who _do_ want it. They DO optin. I mean most people on slashdot havn't and you have had your addresses trolled from some url or mailing list. but all in all we don't want to spam you if you don't want it.

Re:filtering is good....

Enroll all the spammers in the 'Be OJ Simpson's roommate for a month' contest.

Unless they choose to comply with what we want.

OJ's broke. Who want's to pitch in to start the fund?

Re:filtering is good....

[micromoog]

I've worked for a few opt-in mailers so I know the game. Trust me when I say that we don't want to send to you if you don't want it.

This doesn't apply to spammers. It costs essentially nothing to send another 10,000 messages . . . why not send them to known verified addresses, just in case the people change their mind about wanting it.

Spam is different from other "direct marketing". It's not a "legitimate business" in any sense of the words. With almost zero costs, even a 0.01% response rate is pure profit. I have no doubt that an opt-out (or opt-in) system wouldn't do shit.

Re:filtering is good....

[psych031337]

Most of these spammers want to drag you into some sleazy website.

If anyone started making a hobby out of the following procedure (could even be automated) one could push spammers to the brink of profitability and insanity:

1) You receive spam
2) you cut'n'paste the URL to their site into list file
3) you start wegt'ing their websites recursively and repeatedly (say, 50megs on each occasion)
4) you rejoice at the spammer getting a gigantic volume cost

If only 1000 people did this a few times on each spam-advertised website (and on their unmetered flatrate accounts) things would weed out pretty quickly, I guess.

Re:filtering is good....

[Darren+Winsper]

That's wrong. While there are legitimate "spammers", I'd hesitate to even call them a spammer. If I opt-into something, then surely it's not spam because I asked for it.

The problem is the people who send me spam and then, if I attempt to opt-out, seem to think "hmm...maybe he means 'send me 6,000,000 more spams'".

Re:filtering is good....

[nycsubway]

My girlfriend showed me how she was getting off the spammers lists by clicking the "remove" links in each email. Against my better judgement, I tried it too. It worked! Those spammers stopped sending me junkmail! But... it simply confirmed that my address was valid and they sold it to other spammers. So I ended up getting more spam than before.

On a seperate note, the best method to getting rid of spam is to get a new email address.

Re:filtering is good....

I tried the same, but my domain provider allows email forwarding for up to 20 addresses.
That way, if I get a persistant spammer, I just use the "spammer's name @ domain" and forward it back to themselves.
If they sell the address on, they get ALL the spam emails they would have forced onto me.
If anyone knows a common address format to sent them to, please advise. I'm using "Administrator @ Spam domain".

Re:filtering is good....

[Dr.+Evil]

I have two pet ideas...

1. Filter based on a central sig DB with dictionary words, whitelists and obfuscation methods
2. Use some kind of tree-of-trust

The dictionary word filter would run the spam through a filter which would first throw out all graphics-only email, and all but the most simple HTML email.

It would then apply a very simple spell-checker algorithm, finding the most common dictionary words for your language (including many creative mis-spellings)

It would then run these these dictionary words and a soundex algorithm (to catch creative homonyms and common misspelling) through a very simple grammar checker, discarding all randomly-generated sentences or padding.

Finally, a signature would be taken of the result and compared to that of a central DB. If the central DB has the email, it is tagged as spam and discarded.... a system similar to Vipul's razor with signatures based on only the human readable content.

Unfortunately... really small messages would have to be ignored since it would be impossible to filter messages like:

Hey, how's it going?

But what it does do is block stuff like: Hello ssfvvz668!,

Do we have an opportunity for you 235534!

padding padding pdding paaing pdding padding random stuff...

we<!--nothing-->'re inter<!--nothing-->ested in you!

On the other hand, if you can use GPG to do a tree-like structure of trust, where you can have three levels of trust: Trusted, Unknown and Untrusted, then you could indicate that you trust your personal friends. And your personal friends trust their personal friends, somebody trusts the corporation they work for, and that corporation probably trusts lots of people, etc.

The important part would be that if you get some SPAM, you would need to see who the weak link is in your trust system and cut them off as untrusted.

Any system where it is on everyone's honour not to screw it up is doomed to fail.

Re:filtering is good....

[AndroidCat]

People like Al Ralsky are spammers for hire. They charge by the number of emails that they send out, they don't care how many RC cars their dumb-ass client actually sells in the end. If he can show that for every n emails he sent, it hit m actual mailboxes, all the better.

Re:filtering is good....

[bovilexics]

• one could push spammers to the brink of profitability

I guess it's my turn now to cash in on the 1, 2, 3 profit making list. According to this post you have inadvertently filled in the elusive step 2.

1. Send spam.
2. ???
3. Profit!

I am sure you meant to say "unprofitability" which is much more desirable and I think is what you were after.

If not then may God help us all, there is someone pushing for profitability of spammers on slashdot - Noooooo!

Re:filtering is good....

[entrigant]

Remember back in the day when smurf.c and fraggle.c were very rare and highly sought after files? Every packet kidddie tried to build himself the biggest and best "bcast list." Well... someone had a great idea. Lets build a public bcast list... the best one.. so they did. They listed the top rated (worst offenders) networks that responded to broadcast ping requests. Suddenly every packet kiddie that knew where to look had the best bcast list he could get a hold of, and guess what happened to those miserably configured networks at the top of the list? >:)

Anyways... I'm wondering is something similar could be done with open smtp relays. Rate them based on available bandwidth a spammer can abuse.

Just a thought..

Re:filtering is good....

[bryanthompson]

in the future you might want to rephrase to 'my girlfriend showed me how she was getting removed from the spammers....'
Usually i only read the first parts of a post to see if its going to be interesting... and, yeah. got my attention. :P

Re:filtering is good....

[HermanZA]

Nope, spammers do *not* sell stuff to Joe Public. Joe Public does *not* buy stuff from spammers. Spammers defraud Joe Businessowner making him pay for useless advertisements. Joe Businessowner is the sucker. He is the idiot who is paying the spammer. The spammer can't care less where he sends the advertisements to, whether they are wanted or not, or sent straight to /dev/null. Educating Joe Public won't help. You have to educate Joe Businessowner who is so busy running his business, that he has no idea how idiotic spam is and who doesn't realize he being ripped off.

Re:filtering is good....

[zcat_NZ]

Most of those sites are loaded with adverts; they'd be overjoyed if you loaded the page a couple of hundred times. It sure looks good on the hit stats when they're tryin to sign up new advertisers..

What�s wrong with spam?

[dark-br]

Without spam, how else would I be able to sit home every day and make $1,000 a week watching TV while playing with my 12 inch penis?

Re:What�s wrong with spam?

[Kibo]

You wouldn't happen to be watching hot anime porn or tight young teen action on that TV would you?

If so, I think I may be getting your email, it certainly doesn't belong to me.

Pity the MP

[caek]

from Scunthorpe.

Re:Pity the MP

[ideonode]

Or Penistone

Big Bro controlling one more thing...

not that I exactly agree with this idea, but...
wouldn't it be nice to have a universal "trusted" email scheme were you have a Firstname.Middlename.Lastname@.....com or whatever. Basicly a new trusted system where you can be tracked down and it's a closed system so unregistered (untrusted) people can't spam. ofcourse this brings up issues of big bro, anti-free market. but it would be nice

False positives are a fact of life

[sludg-o]

We offer SpamAssassin at the college where I work. I always tell new users that any spam blocking system, no matter how good, will eventually block something that was legitimate. That's why I don't write procmail recipies that redirect mail flagged as spam to /dev/null. You gotta put it in a seperate folder and you are asking to get burned if you don't skim the subjects and senders every couple days. Also, they should be whitelisting messages from addresses in their domain.

I don't see how this is news. It's just an example of bad system administration.

Re:False positives are a fact of life

[Daniel_Staal]

Agreed, though SpamAssassin has one feature that is real usefull for this: the score is embedded in the email header in a row of '*'. This can be used to reduce the amount of skimming you have to do: I find I never get a false positive that rates above 13, so I /dev/null (or uce@ftc.gov) everything above that, and skim the rest. This gets rid of the worst spam without my intervention, and reduces the amount I need to skim to 10-20 messages a day.

Re:False positives are a fact of life

[AssFace]

the worst nonspam I've ever seen (personally) was a 3.9, so I set mine to filter out everything 4.0 and up into a "caughtspam" mailbox.

I didn't use the *'s in the subject (which was standard in older versions, but I'm running the devel 2.50 that has that off by default) because I find them annoying and since the bulk of my mail is spam anyway, scanning through them doesn't work well with my attention span.

so in the end, I write scripts to scan it all for me.

fortunately, the bulk of my mail I can either focus on the people on the whitelist, or it is a certain address that I have to read all the mail that goes to it for business purposes (and if that starts to get bad, I will start putting spamassassin on that as well).

Re:False positives are a fact of life

[Daniel_Staal]

I've had the unfortunate experiance of having people forward spam to me so that I can tell them if it is possible or not. Managed an 11, after the auto-whitelist reduced it. Family, so I couldn't just ignore the idiot.

At least it was easy to debunk.

Re:False positives are a fact of life

[Spoke]

SpamAssassin 2.50 (due "Real Soon Now") will also offer Bayes filtering so that it will add learning capabilities and individualization to the filtering rules it already has.

I haven't tried it out myself yet, but it promises to greatly reduce the number of false positives and negatives. Initial reports from people running CVS code concur.

The biggest problem with it is that integrating server-side filtering with the client is somewhat difficult. For example at my company, our mail server runs Linux, while most people use Outlook/pop3 as their client. Figuring out a method to categorize emails so that the server can learn from them is not easy. The best method I've thought of so far for these users to have them log into a webmail interface which uses IMAP and move spams which were not caught into a SPAM folder. A bit of extra work for the end user, but it should pay off as SpamAssassin learns and catches higher percentages of SPAM with fewer false positives in the end leading to less work for the end user.

don't rely on email

email is buggy, inconsistent and really not ready to be used in mission-critical departments. best to use the ol' "Fed Ex letter" in these situations. Email is for sending jokes to your brother in law and seeing what the latest deals on RAM are anyway.

Many Issues

[CleverNickedName]

I'm sure the filters caused many problems with the "Hot, horny housewife" bill and the new "Extra six inches" tax debate.

Hit-and-miss filters

[Xesdeeni]

By definition filters are hit-and-miss and non-deterministic. I get almost exclusively SPAM with spoofed return addresses. How about this solution:

1. Sending mail server generates a tx content key based on the contents of an e-mail being sent.
2. Sending mail server uses the tx content key with a private key to create a confirmation key.
3. Sending mail server sends the e-mail, along with the confirmation key to the receiving server.
4. Receiving mail server generates a rx content key from the e-mail contents.
5. Receiving mail server sends the rx content key and the confirmation key back to the sending mail server.
6. Sending mail server uses its private key plus the rx content key to re-generate the confirmation key.
7. Sending mail server compares the confirmation keys.
8. If the keys match, the receiving mail server allows the mail to enter the recipient's mailbox.
9. If the keys don't match, the mail is bounced.

The keys are in place to keep the SPAMmer from tagging along on a valid return address with mail that address didn't send. This technique also keeps the second transaction to a minimum exchange of keys. The keys add traffic, but the eliminated SPAM traffic more than makes up for the penalty. As more and more mail servers are updated with this feature, spoofing is all but eliminated. The remaining "spoofable" domains can be explicitly severed from the net or blocked.

Xesdeeni

Re:Hit-and-miss filters

[Grax]

What about this? Query the DNS server of the sending domain to determine if the connection comes from an IP address that the admin of the sending domain has approved.

-- Connect from 10.1.2.3
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:
-- HINFO "OUTGOING MAIL" DNS query to 3.2.1.10.example.org
-- (the IP in reverse format)
-- Response "OK"
Receiver: 250
sender is valid
complete the mail transaction

-- Connect from 10.1.2.3
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:
-- HINFO "OUTGOING MAIL" DNS query to 3.2.1.10.example.org
-- (the IP in reverse format)
-- Response Timed Out or No Such DNS Entry
Receiver: 250
DNS unavailable or administrator of this domain has not yet configured this feature
complete the mail transaction

-- Connect from 10.5.4.2
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:
-- HINFO "OUTGOING MAIL" DNS query to 2.4.5.10.example.org
-- (the IP in reverse format)
-- Response "Denied"
Receiver: 50x (some 500 error code)
end the mail transaction

See this also.

Re:Hit-and-miss filters

[Grax]

(forgot to escape some characters)

What about this? Query the DNS server of the sending domain to determine if the connection comes from an IP address that the admin of the sending domain has approved.

-- Connect from 10.1.2.3
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:<someone@example.org>
-- HINFO "OUTGOING MAIL" DNS query to 3.2.1.10.example.org
-- (the IP in reverse format)
-- Response "OK"
Receiver: 250
sender is valid
complete the mail transaction

-- Connect from 10.1.2.3
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:<someone@example.org>
-- HINFO "OUTGOING MAIL" DNS query to 3.2.1.10.example.org
-- (the IP in reverse format)
-- Response Timed Out or No Such DNS Entry
Receiver: 250
DNS unavailable or administrator of this domain has not yet configured this feature
complete the mail transaction

-- Connect from 10.5.4.2
Sender: HELO valid.mailserver.example.com
Receiver: 250
Sender: MAIL FROM:<someone@example.org>
-- HINFO "OUTGOING MAIL" DNS query to 2.4.5.10.example.org
-- (the IP in reverse format)
-- Response "Denied"
Receiver: 50x (some 500 error code)
end the mail transaction

See this also.

Re:Hit-and-miss filters

[schon]

I get almost exclusively SPAM with spoofed return addresses. How about this solution:

OK, I read your solution a couple of times. I'm still a bit puzzled about how it's supposed to solve your problem.

You're basically having an SMTP server sign the email... how (exactly) will that prevent someone from spoofing their return address? From your description, all you're doing is using cryptography to ensure that the mail server that's sending the mail is in fact the mail server that's sending the mail... but this is pretty much guaranteed by the TCP protocol, and doesn't address the spoofability of an email address at all.

How does using crypto between servers ensure that an email address isn't spoofed?

If your goal is to make sure that a mail server is an authoritative mail server for a domain (which your approach doesn't do - at least not the way you described it), why not simply do a MX lookup? It's faster, easier, and doesn't involve changing the protocol.

The keys are in place to keep the SPAMmer from tagging along on a valid return address with mail that address didn't send

How, exactly does the server know whether the "email address" sent email or not? Are you suggesting that the mail servers keep a list of keys around indefinitely? What happens if you use a different server? (Perhaps clustering, or from a 'road warrior', who's sending email from a hotel on the other side of the country?)

I'm not trying to flame you, I just fail to see how you can authenticate a peice of information (an email) when you're only working with two intermediaries (the mail servers), and not at all with what's generating the information in the first place.

Re:Hit-and-miss filters

[Xesdeeni]

First, I'm no expert on this, so go easy on me. I've been trying to drum up a dialog on this approach for a very long time, so thanks for helping!

You're basically having an SMTP server sign the email... how (exactly) will that prevent someone from spoofing their return address? From your description, all you're doing is using cryptography to ensure that the mail server that's sending the mail is in fact the mail server that's sending the mail... but this is pretty much guaranteed by the TCP protocol, and doesn't address the spoofability of an email address at all.

I suspect my ignorance will show here, but if that were the case, wouldn't e-mails from non-existent domains or domains not associated with the server indicated by the TCP info be the easiest to block?

How does using crypto between servers ensure that an email address isn't spoofed?

How does an e-mail address get resolved? Again, I'm not very well versed in this, but I assume the domain is the starting point.

1. If the sending server doesn't serve the domain, then it's a bogus return address.
2. If the server does handle the domain, but the e-mail address itself isn't recognized, it's a bogus return address.
3. If the address is handled by the server, but the key doesn't match, then it's a bogus e-mail.

So the process should be about the same as resolving the return e-mail address. The trick is that the resolution is used to validate its authenticity.

If your goal is to make sure that a mail server is an authoritative mail server for a domain (which your approach doesn't do - at least not the way you described it)...

I think it does that and more.

Are you suggesting that the mail servers keep a list of keys around indefinitely?

That's the whole point of the process. The sending server does not have to keep keys around. It uses a standard process to create a content key from the contents of the e-mail before it is sent. It uses a private key plus this e-mail key to create the validation key that is sent with the e-mail. The receiving server reconstructs the content key that is sent back to the originating server, along with the embedded validation key. Then the originating server simply uses the content key and its private key to reconstruct the validation key and if they match, the e-mail is valid!

I'm not trying to flame you...

No flame taken. As I mentioned, I am ignorant about most of how this works, but I really think this is the best type of approach, rather than hit-or-miss filters.

Xesdeeni

Re:Hit-and-miss filters

[Xesdeeni]

You look like someone who may understand the details. I don't understand everything you did above, but I think that was the first pass on this idea.

But the problem is that an e-mail can just spoof a real return address. Then the validation will say "yup, that's one of my e-mail addresses," and the SPAM will go right through. That's why I came up with the key process. This way, the validation can say "yup, that's one of my e-mail addresses, and yup, that's an e-mail that came from me."

Xesdeeni

Re:Hit-and-miss filters

[Grax]

You are correct. But the real return address should be exposed somewhere in the message and in many cases it is exposed now.

The mail server (MTA) should be setting a header "Sender" to the smtp from address (I'm not sure how many mail servers do this properly.)
and the mail reader (MUA) should expose this header in an understandable way. Outlook uses the phrase "sent by xx on behalf of yy"

So getting a message from "bob@myspam.com on behalf of free_sex@yahoo.com" could be a valid message but it exposes that the message is actually from bob@myspam.com and bounce messages will go back to there. If myspam.com is being abusive you can block their domain altogether also.

I think you could accomplish your signed message goals with pgp or gpg. Unless your key is stolen (or someone figures out how to break pgp/gpg) you can be sure that the message came from the sender that signed it.

If you can convince all those sending you mail to use a pgp/gpg signature then you can reject all non-signed messages and accomplish what you are looking for.

Re:Hit-and-miss filters

[grolim13]

If the sending server doesn't serve the domain, then it's a bogus return address.

Not necessarily. As an example, I have several email addresses at different domains. I send mail through my own mail server, which is not the primary MX (i.e., the server responsible for handling incoming mail for that domain) for any of them.

Many ISPs, too, have separate incoming mail servers and outgoing mail servers. In general, there is no way to tell whether the return address is correct purely by what mail server is sending it.

Re:Hit-and-miss filters

[Xesdeeni]

As with any "new" idea, it's just bits and pieces of others :-)

But I don't want a one-off solution, just for me, especially if it requires anyone who wants to send me e-mail to comply. This should work for everyone, and should be completely invisible to all. Then at least you'll KNOW who sent you the SPAM and you can act accordingly.

Xesdeeni

Re:Hit-and-miss filters

[Xesdeeni]

So where does bounced mail go? That's the route this verification process should probably follow.

Xesdeeni

Re:Hit-and-miss filters

[schon]

wouldn't e-mails from non-existent domains or domains not associated with the server indicated by the TCP info be the easiest to block?

Yes, however there is no guarantee that the sending mail server is authoritative for the domain - in the case of SMTP smart-hosts, or forwarders, for example.. you'd be blocking lots of legitimate mail...

Blocking mail based on a non-existant domain is against the applicable RFCs - what happens if a domain's DNS servers are unreachable?

How does an e-mail address get resolved?

An email address gets resolved as follows:

The mail server looks at the domain. It then does a DNS lookup on the domain, checking for the 'best' MX (mail exchanger) record.

MX records each have a priority.. the mail server starts with the lowest number (highest priority) server.

If a mail server is unreachable, or gives a temporary error message, the mail server continues with the next-best mail exchanger for the domain - if all mail servers are unreachable, or give temporary errors, then the server queues the mail, to attempt delivery at a later date. (Most mail servers try every 15 minutes for a few days, then bounce the email.)

Once a mail server for the domain is reachable, the sending mail server simply gives it the email, telling who it's from, and who it's for..

It's important to note that the mail server that the sending server delivers the mail to may not know if the email address is valid (in the case of a backup mail server, or mail hub, for example.)

Now, with all of this in mind, this still has no bearing on whether you use crypto or not... the reason I asked that question was because I fail to see how a server can guarantee something that it doesn't know, simply by using crypto.

1. If the sending server doesn't serve the domain, then it's a bogus return address.

Incorrect assumption. If the sending server doesn't serve the domain (I assume you mean the sender's domain) this is no guarantee of the return address being bogus or not.

2. If the server does handle the domain, but the e-mail address itself isn't recognized, it's a bogus return address.

A better assumption, but still wrong, as it ignores mail hubs or backup mail servers that operate as smarthosts. (A smarthost is a mail server that's operated by a provider, that their clients can use to send mail through.)

I operate an ISP. We have clients that can only get dialup connectivity (north of the arctic circle), and they run their own mail server (for speed.) Our mail server is their primary (and only) MX. A few times a day, their mail server will dial the internet, and collect the email destined for their domain, and deliver it locally. Then it delivers any outbound email, only to avoid queuing the mail unneccessarily, it sends all of it's outbound mail to our mail server, to forward to the appropriate server.

Your assumption would break this arrangement, because our mail server is a MX for the domain, but doesn't have any knowledge of which email addresses are valid or not.

The sending server does not have to keep keys around. It uses a standard process to create a content key from the contents of the e-mail before it is sent. It uses a private key plus this e-mail key to create the validation key that is sent with the e-mail. The receiving server reconstructs the content key that is sent back to the originating server, along with the embedded validation key. Then the originating server simply uses the content key and its private key to reconstruct the validation key and if they match, the e-mail is valid!

No - again, there's no reason to bother with keys at all.

Assuming that all three of your assumptions above are correct (which they aren't.) There's still no reason to use crypto, unless you kept all the keys around. Otherwise to verify that an email actually came from a server, you'd have to transmit both the mail's key, and the mail itself (so that the server can check it.)

If a mail server makes a key for an email, then sends it to another server, the only thing the key can possibly be used for is to check that the mail hasn't been corrupted in transit - which the TCP protocol already does.

I think you have a fundamental misunderstanding of both SMTP and cryptography.

For your solution to work, the mail would have to be signed by the sender's mail client, not the sending server.

No flame taken.

OK, I was afraid I was being a little harsh..

Re:Hit-and-miss filters

[schon]

That's the route this verification process should probably follow.

Bounced mail goes to whoever's email address is on the envelope. (The envelope isn't part of the email, it's created from the SMTP commands sent to the mail server.)

If you want your mail server to block bogus envelope-from addresses, simply configure it to do a VRFY on envelope-FROM.

This is already do-able without relying on encryption; however, many existing mail servers disable VRFY, as it can be used by spammers to get lists of valid addresses (although if spam were eliminated, this wouldn't be a problem) - note that it also breaks some setups (see my earlier email with the example of our customer in the Arctic.) Another drawback is that it can't stop people from using forged email addresses.

I've given some thought to your original proposal, and I think I understand what you're trying to do, and you've overengineered it.. here's how it should be done:

All email clients (not servers, as in your post) must include PGP (or something similar), and all email must be signed. It's useless to try to do this between servers, as the servers can't verify if someone sent an email or not.

All email servers must include PGP functionality - they must be able to check that the signature for an address is valid. Note that this isn't a trivial step.

Basically, whenever an email comes into a mail server, it must check that the PGP signature is valid - this will solve your problem of forged email addresses.

This is pretty simple in theory, but (as the saying goes) the difference between theory and reality is that in theory, there is no difference between theory and reality :o)

You need a reliable PKI
You need to get all mail clients to use the PKI
You need to get all servers to use the PKI

Note that it (probably) won't do a damn thing to stop spam, as spam is a social problem, not a technological one. All you'll do is force the spammers to use PGP and throwaway email addresses.

Re:Hit-and-miss filters

[Xesdeeni]

I don't see why the e-mail clients need to do the work. Without a server, there is no connection to the network, so they are the conduit. Validation can and should be done there, so that the modifications only need to be done to this more limited set of devices.

It's useless to try to do this between servers, as the servers can't verify if someone sent an email or not.

Why do you say this? The servers must know if an e-mail address or a bounce address exists in order to deliver the e-mail to the recipient. So a request of the server responsible for receiving e-mail to a given address can provide the verification that is was indeed sent. A forged e-mail address will not be recognized by any server, so it will flag an e-mail as SPAM.

Xesdeeni

Re:Hit-and-miss filters

[Xesdeeni]

schon

Since this has already scrolled off the first, page, I don't know if you will still see this response. Your e-mail isn't listed but if you do see this and would be willing to continue this dialog, please e-mail me directly at "Xesdeeni2001 over at yahoo dot com." I don't quite understand all of what you say above, so I have many questions. You seem to know plenty about the details of e-mail, and if you would be so kind as to help educate me on how it actually works, maybe I can also understand why you have your doubts.

Xesdeeni

Re:Hit-and-miss filters

[schon]

I don't see why the e-mail clients need to do the work.

An email client needs to do the work, because it's the only thing that can verify that the person doing the sending is actually the person doing the sending.

Imagine this scenario:

Someone (mail client) gives you (mail server) a letter that claims to be from me. How do you verify that it actually came from me? You look for my signature. If I haven't signed it, there is nothing you can do to verify that I am in fact the originator of that letter.

Using electronic signatures to verify a sender can only work if the sender is the one to do the signing.

Without a server, there is no connection to the network, so they are the conduit.

But a server CANNOT verify identity, because the server didn't originate the email.

Validation can and should be done there

No, if you think that validation can be done there, then you simply don't understand crypto.

How can anything verify a fact that it doesn't know is true?

Why do you say this?

BECAUSE IT'S TRUE

The servers must know if an e-mail address or a bounce address exists in order to deliver the e-mail to the recipient.

No, they don't. A mail server doesn't know if an address is valid until it attempts to send mail to it

So a request of the server responsible for receiving e-mail to a given address can provide the verification that is was indeed sent

Read my other posts. The mail server responsible for receiving email to a given address cannot be guaranteed to know if any particular address is valid or not.

Here's a tip:

Go buy the Oreilly Sendmail book. Read it cover to cover, and understand how a mail server actually works.

Then come and argue your points.

true story

[circletimessquare]

i got in a fight with an ex-girlfriend and we ceased speaking for awhile

i became further incensed because she never contacted me after the fight

we didn't talk for 2 months

finally, i contacted her and said "why didn't you get back to me??!!"

she said, "you didn't get my email?"

i looked, and there it was, 2 months back, in my spam folder (yes, i keep all of my spam, the folder is gigantic)

although you could make a joke about emails from girlfriends being called spam, in this particular case, considering the chance at reconciliation that was lost and the feelings involved, it was definitely not funny at all ;-(

so i can say, with certainty, that my personal life has been greatly and adversely affected by spam.

you can hate spam for all sorts of reasons, but for me, it's personal.

Re:true story

[NerdSlayer]

so i can say, with certainty, that my personal life has been greatly and adversely affected by spam.

What are you, a 3rd grader passing notes? Use the damn phone already. Or maybe she lives in "Cananda".

Re:true story

[circletimessquare]

fuck you troll.

i didn't reveal this story to be criticized personally, but to illustrate the problem with filtering and false positives.

if you can say you have never made a mistake in your personal life, then fine, but judging by the discretion you have just demonstrated, you either have already, or will soon, fuck up your personal life with your hugely bloated ego.

let he who has never sinned cast the first stone.

Re:true story

[DAldredge]

But you didn't answer his question? Why didn't you just call each other?

Re:true story

[circletimessquare]

you are one evil troll.

i reveal personal issues to advance the debate on false positives and all you can do is criticize me personally.

i fear for anyone close to you.

judging by the negativity i have gotten from you without even knowing you, i can say for certainty that anyone who gets close to you is in for a lot of grief.

Re:true story

[circletimessquare]

it's easy to criticize in retrospect at a distance, isn't it?

if you have never goofed up in your personal life, you may criticize me, but if you have goofed up, show some compassion and stop second-guessing me

Re:true story

you can hate spam for all sorts of reasons, but for me, it's personal.

You need a theme song. Something like Eye Of The Tiger.

Alone is his room, circletimessquare has been waiting for his ex-girlfriend e-mail for two months. When suddenly, he finds it hidden at his spam folder.

He rises his hand, (theme song start) closed fist, and a voice can be heard all over the internet wires: It is personal SPAMMER. I AM GONNA GET YOU!!!

Re:true story

don't take it personally, dude. That troll just wants a rise out of you.

I enjoyed your story, and definitely agree with the point . . . one false positive is worse than a billion false negatives.

Re:true story

[anonymous+loser]

so i can say, with certainty, that my personal life has been greatly and adversely affected by spam

Wouldn't it be more accurate to say that your life has been adversely affected by spam filtering? I mean, if you didn't have the filter on, you would have received her email (along with hundreds of crappy emails), right?

Re:true story

[DAldredge]

I did not criticize you. I simply asked why you did n't take the 30 seconds required to find a phone and dial her number. The relationship could not have been that important if you could not spare 30 seconds to call her.

Re:true story

[Justus]

In a relationship, at least in my experience, someone needs to make an attempt at reconciliation after a fight occurs.

In this case, it's likely that the original poster was upset, angry, and not thinking clearly, probably something along the lines of "I'm not apologizing, she can apologize to me," whereas his girlfriend attempted to reconcile--or at least start on that path--but didn't want to take it any further than email. After all, once the email is sent (and it's a valid form of communication; perhaps she didn't feel like talking to him in realtime because she was angry), her thought is that she made the attempt and if he didn't respond, well, he's not interested.

Both decisions were made out of anger and without clear thought, but it's by no means a 'weird, anti-social, email-only relationship' in my eyes.

Re:true story

[RobotRunAmok]

Dude... seriously here for a minute...

He's not a troll, he's on the mark. Someone who has a rift with a girlfriend who tries to reconcile THROUGH E-MAIL OF ALL THINGS, and the guy doesn't get in on the reconciliation because there's a coding error in the whitelisting of his spam filter, and the guy THEN GOES ON SLASHDOT to tell everyone... man, that's like something you would read in The Onion. Wow.

I mean, yeah, everyone shoots themselves in the foot at one time or another. The trick is to live your life without a lot of Trident missiles handy...

Re:true story

[stratjakt]

>> if you have never goofed up in your personal life, you may criticize me

So you realize that it was you who goofed up, it must just be easier to blame your anti-spam filter?

Lay blame where it's due. Dont make excuses, admit when you're wrong.

People lose e-mails, voicemails and snailmails all the time, you dont need spam-filters to do so. If a relationship cant survive a lost e-mail, it probably isnt worth having in the first place.

Re:true story

[DAldredge]

With the way you blame others for you failing it should suprise no one that you have trouble keeping a relationship going.

Re:true story

[AssFace]

I can just imagine what she was saying:
Hot stuff, do you want to keep an erection all night long without drugs?!
I will give you HOT WET SEX all night long for FREE!!!!!
ACT NOW or I might give up my SWEET TEEN ASS to someone else.

that wasn't how I pictured the letter - I was just writing that to you because you sound hot.

Re:true story

[circletimessquare]

thank you

Re:true story

[Dr+Caleb]

He's not a troll,

He's not? If anyone called me a jerk for making a mistake in a personal relationship (not involving them personally) , then blaming Canadians, is a troll in my eyes.

THROUGH E-MAIL OF ALL THINGS

I have had long distance relationships through email. It's cheaper than long distance, and easier to get a point across. It may be unhealthy to discuss things of a personal nature via email, but it may be more comfortable to do so. I still find it more naughty to send an SMS to my girl to get her all hot and bothered, or get a little cheeky over ICQ - as that's the way our relationship started. I was a 5 hour drive away then, now I'm only a half hour from her, and I still use those means, as sort of a little reminder. A way to refreshen the relationship.

THEN GOES ON SLASHDOT to tell everyone

His preference. I thought it a good example of how spam affected his life. The fact that it was personal makes it no less significant than if it were a multi gazillion dollar business deal. His milage may vary is the difference.

Re:true story

[circletimessquare]

heehee ;-P funny stuff ;-)

Re:true story

[circletimessquare]

real insight

Re:true story

[circletimessquare]

real insight

Re:true story

[circletimessquare]

truedat

you are correct

Re:true story

[circletimessquare]

real insight

Re:true story

My god, can you stop dodging the question? I'm sure many of us have goofed up in our personal lives including myself; if you can't do anything but cry about some criticism rather than answer a simple fucking question, maybe you shouldn't be on forums as controversial and biased as Slashdot story comments. Why did you not call? Couldn't it have saved you a world of trouble?

Re:true story

During my divorce, reams of porn spam were presented as evidence of my unfaithfulness. The dumb b**ch and her lawyer thought they were actually email to me from real people I was having affairs with. If only!

It's funny now.

Re:true story

[slutdot]

"...then blaming Canadians, is a troll in my eyes."

I don't believe he/she/it was implicating Canadians in a negative light here. I'm pretty certain the Canada reference comes from the movie The Breakfast Club where the nerd, played by Anthony Michael Hall, tells of this girl that he "laid". When he's called out by Judd Nelson to name one person that nerd-boy has laid, Brian (I believe is his name) says that no one would know her because she lives in Canada, the Niagra Falls region to be exact.

Then again, I could be wrong.

Re:true story

[Kadagan+AU]

and we could go out and play with new Mini R/C Cars!!

Re:true story

[circletimessquare]

thank you ;-)

Re:true story

[NerdSlayer]

He's not? If anyone called me a jerk for making a mistake in a personal relationship (not involving them personally) , then blaming Canadians, is a troll in my eyes.

The problem is that he's blaming this on spam, or more specifically, spam filters, and it supposed to be some fucking sob story. Right. The Canadian thing is a joke... you know, you'd say my girlfriend is Canadian, that's why you've never met her.

. I still find it more naughty to send an SMS to my girl to get her all hot and bothered, or get a little cheeky over ICQ - as that's the way our relationship started.

You know what, meeting bitches over the internet is still loserville, population you. So is "getting cheeky". Even more prepostorous is you posting about it on slashdot. This is an open troll invitation.

Anyways, it WAS a troll, and it worked. I've burned enough karma for one day, though. While he cleans up by posting links to the one person who sympathized with him after every post that busted his balls, I'll save my stregth for another day. He's added me as a foe, and I him as a friend. The two "great minds" shall meet again, I'm sure, where I will be quick to point out how much he got his ass kicked in gym class.

You see, I don't make the social rules, I point out how you terrible people break them.

Re:true story

[jskarzin]

I definitely agree with this NerdSlayer fellow, and I could care less if I lose karma for it just because moderators might cry at the possibility of supposed "e-mail relationships" being complete bullshit and totally meaningless. Of all topics addressed here, it's most unfortunate not that circle had lost his "girlfriend" (and I use the term lightly) for months due to spam, but moreover that with today's technology, people are allowed to escape reality and attempt to make and break emotional bonds so easily and with such little real meaning, rather than actually complying with "social norms".

Karma deathwise, or expression of extreme beliefs? An interesting test of Slashdot free speech. I'm honestly curious as to how they judge a most-likely totally alien view.

Re:true story

[circletimessquare]

real insight

Re:true story

[RobotRunAmok]

To my mind it's as if SlashDot ran a story on, say, the viscosity of motor oil, and somebody replies, "Hey, funny thing about that viscosity, my engine fell out of my car once and I found out the hard way I should have changed the oil periodically." I believe most people, if pressed, would find it very difficult to respond to that with a mere "How interesting! Thanks for the tip!"

I still find it more naughty to send an SMS to my girl to get her all hot and bothered

Careful cowboy, there's such a thing here as too much information...

Re:true story

[circletimessquare]

that was a long and loopy take on a much more obvious reading of the situation: real insight

Re:true story

alright, now you're just being a tool.

you don't talk to your girlfriend, and you let other people speak for you in arguments.

pathetic.

Re:true story

[AndroidCat]

Bummer, what was it about her messages that your filter was tagging as spam?

Re:true story

[Captain+Large+Face]

But then again, if he didn't receive all that spam in the first place, there would be no need to filter the messages, and every e-mail he received would be worthy of reading.

Re:true story

[anthony_dipierro]

so i can say, with certainty, that my personal life has been greatly and adversely affected by spam.

How do you know the effect was adverse?

Re:true story

[anthony_dipierro]

And if there was no such thing as the internet, then there would be no spam, so there would be no spam filters, so this wouldn't have happened. Ban the internet! Only then can people have girlfriends!

Re:true story

[circletimessquare]

being called a tool by an anonymous coward, ha!

justus understood why i didn't talk, why can't you? read his/ her post again. see where his/ her logic fails.

justus speaks for me? or is it that he/ she understands and you don't understand?

pathetic indeed...

Re:true story

[anthony_dipierro]

The criticism is not because you goofed up. The criticism is because you try to blame your goof-up on spam.

Re:true story

[circletimessquare]

good question

i use spam assassin

my thinking (total guess) is that it had something to do with her email address. hers was a yahoo address. maybe it resembled other yahoo addresses that were used to spam from. again, a total guess as i am no expert on how spam assassin works and if such yardsticks are even applied to email addresses. maybe she spammed for fun and profit on her off hours. ;-P or her account was hijacked?

Re:true story

[circletimessquare]

it's all relative, lol ;-P

Re:true story

[AndroidCat]

Perhaps the wording was too close to all those spams go something like "Hi this is Veronica, I was thinking about you and really want to see you! www.teenbabes4u.com"? *sigh*

Re:true story

[circletimessquare]

being called a tool by an anonymous coward, ha!

justus understood why i didn't talk, why can't you? read his/ her post again. see where his/ her logic fails.

justus speaks for me? or is it that he/ she understands and you don't understand?

pathetic indeed...

Re:true story

[RatFink100]

i looked, and there it was, 2 months back, in my spam folder (yes, i keep all of my spam, the folder is gigantic)

If you're only going to look at it every 2 months you may as well not have a spam folder and just delete it all. But I guess you've learnt that the hard way.

Re:true story

[entrigant]

Sooo let me get this straight.. you and your gf got into a fight. You decided to act like a woman and give the silent treatement. She took the high ground and actually tried to contact you. Then you "decide" to "finally" contact her (gee how big of you), and it's the spams fault? Perhaps you should reevaluate the "it's not my fault" position you have currently. Seems to me it wasn't her job to get in contact with out in any way neccessary while you just waited.

You give the lot of us a bad name :(

Re:true story

Well the circletimessquare is too lazy to use capitol letters, I doubt he thought it was worth the effort of dialing a phone.

Re:true story

[stinky+wizzleteats]

C:\>tracert life.liberty.pursuit-of-happiness

Host not found.

Re:true story

[circletimessquare]

you lack understanding and insight

real insight

Re:true story

[maraist]

The problem with filtering is that most people have "good mail" go into their inbox and spam mail go into a spam folder.. This is ludicrous for several reasons.. What if you're on a mailing list that sends dozens of emails a day (perl-6, for example). What if you miss who the sender is and you make assumptions based on the subject line or header, only to draw incorrect conclusions.

The answers my friends are to folderize your emails. As best as possible EACH sender should have their own inbox. This removes the subtle issue of temporary mistaken identity (since you have to physically navigate to their folder). More-over, for spam addresses, they can easily be flagged as spam and go into a sub-category that easily gets closed off.

One issue, however is the priority of filters (ordering for evolution/kmail/etc). If you use 3'rd party spam filters, make sure that the very first action is to weed in recognized addresses. This avoids your particular problem. The only caveat is that some viruses are sent from trusted senders. Thus any virus checking (which here is only currently relavent to windows [l]users) should go to a sender.virus folder, or rename the subject line to VIRUS: $orig_subject.

Unfortunately company-wide virus checkers are difficult to reconfigure in this manner. At our site, we do the subject-rename and let the email pass through. Thus our workstations can easily handle such rules however we choose.

Re:true story

[Eros]

No, he is right.

Re:true story

[circletimessquare]

real insight

Re:true story

[circletimessquare]

no, he is not right. i think i would know better than you.

Re:true story

Damn you! I wanted to post a message just like that.

Re:true story

[entrigant]

How dare you to presume to know better than either of us that you would know better? Do you think you are the only person here who has been in a serious relationship and had a fight during the relationship? Only a few amount of socially inept people enjoy getting into fights with people they love, and those of us who don't handle it in a variety of ways. Sometimes we don't handle it well at all, and this guy didn't. The problem is he can't even recognize it in hindsight.

The best resolution to a fight imho is when you call the girl, and you hear dialing on the line only to realize she picked up the phone a split second before it ringed to call YOU. Then you both admit to being short sided and stupid and make up. Too bad it doesn't always work that way.

Oh and btw, I'm really offended by your arrogance... just so you know.

Re:true story

[fluxrad]

C:\>tracert life.liberty.pursuit-of-happiness

fluxrad@chef:~$ traceroute life.liberty.pursuit-of-happiness
traceroute: unknown host life.liberty.pursuit-of-happiness

Re:true story

[circletimessquare]

good lord... where do these trolls come from

fyi troll: any post you make that is essentially negative and overtly emotional is called "trolling." next time, go ahead and criticize... BUT try to be more positive in your criticism, and less overtly kneejerk in your reactions. otherwise, watch the flamefest alight.

i most certainly can judge the situation better than you as I WAS ACTUALLY IN IT. you are the one criticizing me, when you don't even know me. other posters try to empathize first, then criticize constructively. you didn't try to understand at all, you just flew off with your negative criticisms. ergo, you are a troll.

Re:true story

[Eros]

Being that you are emotionally involved, no you wouldn't know better. He is still right. ;P

Re:true story

Any decent spam filter knows which email addresses belong to your friends. Unless she just happened to switch addresses for that particular email, it's not the spam filter that's to blame.

Besides which, when my important emails go unanswered, I resend, and follow up with phonecalls. Sounds like she didn't try that hard to get in touch.

Re:true story

[circletimessquare]

lol

you would have a point if i were all emotional, and he was all detached...

but read his posts again.

does he sound like an emotionally detached person?

lol ;-P

Re:true story

[elemental23]

I think you're right, The Breakfast Club is the earliest mention of the Canadian Girlfriend that I know of.

The Onion has written a story about it as well.

Re:true story

[jhunsake]

As I proceed through this thread, I'm beginning to believe that your "girlfriend" was in fact a boy. What kind of loser gets emotional over some posts on Slashdot? It's a freaking website for Christ's sake. Go do something real and forget about it, you whiney baby.

Re:true story

Why don't you fucking reply, you goddamn broken record? Let me guess, you were too much of a MAN to take the time to call her! Instead, you hide behind e-mail like a sniveling coward.

"Real" insight. Loser.

Re:true story

Someone forgot their gay ass link! Ha. Man, what are you, some whipped cocksucker? Shut up and call her on the phone you pussy, unless of course you got no balls.

Real insight my ass.

Re:true story

[euphgeek]

I thought the "blaming Canadians" remark was in reference to the South Park movie.

Re:true story

[slutdot]

Yeah but the original poster said something like "maybe she lives in Canada".

Re:true story

[anthony_dipierro]

Now that was a real insight.

Re:true story

[entrigant]

Perhaps you should focus less on your negative feelings about me (no doubt brought on by me pointing out faults you don't like to accept). There are some out there who think a 3rd party without any sort of emotional involvement will have a clearer picture and be more qualified to make judgements. You can call me a troll all day if you'd like.. won't change anything.

As far as your idea of constructive criticism goes, I believe that's your job. You can take my criticism and try to understand it and learn from it, or you can just get upset and accuse people of being trolls... either way I have the seemingly unique gift of not giving a shit.

Hope this helps you discover the source of that nerve I hit and to deal with it.

Re:true story

[euphgeek]

You're right, of course. I was thinking of the "original" original poster (circletimessquare, not NerdSlayer who replied with the "girlfriend in Canada" remark). You know...he doesn't hear from his g/f because of some spam filtering software he installed, so he looks for someone else to pin the blame on, i.e., "blames Canada". Or did I reach too far for that one?

Re:true story

Actually, it wasn't filtering on email addresses. It was filtering on keywords. And when the word viagra came up in my message to him, it was off to the trash folder with that one I guess. I was only making a suggestion on how we could improve our relationship.

Can't happen in the US, or no anti-spam laws

[digitalgimpus]

If this were to hapen in the US, they would say "spam isn't really an issue these days" and no spam laws...

Boy would that be bad. Slow progress, is better than "no problem at all".

Lets push for a "no spam filter for Congress until Congress passes a no-spam law"

Then again, wouldn't be needed if enforced.

They didn't even warn the MPs?

[sebi]

According to the article the system was implemented without prior warning. What they should do is educated the users on how to implement spam filtering on their machines and not stop messages from going through at all.

In my e-mail client spam is marked in a different color, and by now the success rate seems pretty good, but I still don't trust it enough to auto-delete them. Spam sucks, but false positives not getting through might be worse than boobie mail getting blocked. In this case members of a governing body are affected. They should be working on legislation against spam, instead of having their hands held by the IT department.

Re:They didn't even warn the MPs?

[psych031337]

According to the article the system was implemented without prior warning.

Maybe the announcement was filtered as well...

Re:They didn't even warn the MPs?

[WinterSolstice]

Sounds like the Mail app in OS X. I find that it works really well, myself. I actually have set up a rule to take the following: everything that is spam, everything from people who aren't in my address book, and everything that contains the words "viagra", "sex", "free", etc. and puts it into a folder called Junk. It does not delete it for 30 days.

Then, about once a week, I zip through it all.

Better yet, I created my favorite rules, which auto-color and auto-file the email from family, friends, and mailing lists so that what is left in my inbox is just the stuff the mail app doesn't know how to handle.

I'd say it rocks. I spend an hour a day cleaning the spam out of my work system, and about 3 minutes from my home system, despite getting way more spam at home.

-WS

Bit him on the bum

What, CmdrTaco is British now?

popfile

[Seahawk]

I just recently started to use popfile, but so far it looks good!

Re:popfile

[Seahawk]

popfile

Silly tired me! :)

Bite the bullet

[Mattygfunk1]

This problem has bit me on the bum a few times too. About 1 message in every 250 spam is a false hit. Course thats about once a day :(

I know it's a pain but sometimes you have to bite the bullet and get another email address. You would soon gain the time spent migrating back through having less time spent sifting through SPAM.

Anyone getting the idea that I'm sick of seeing the complaints too?

--------
interested in wallpapers, coverings, interior decorating in Australia?

Yahoo thinks political messages are spam

[robert0122]

Perhaps it's coincidental, but the Yahoo spam filter consistently marks conservative political email I receive as spam (GOA, Texas GOP, Federalist, stuff like that).

Re:Yahoo thinks political messages are spam

[user+no.+590291]

As opposed to the liberal political email you receive? I doubt that even the most jaded conspiracy nut would believe that Yahoo has a "conservative filter" applied to incoming email.

Re:Yahoo thinks political messages are spam

[robert0122]

I didn't mean to imply that, but I see how it might have sounded that way. I don't get any solicited liberal political email, so I don't know how Yahoo treats it. I suppose it would be easy to test. If it turns out that the most jaded conspiracy nuts are right, I'll let you know.

I just thought it was interesting that the original story described a problem with a porn filter blocking legitimate political messages, but Yahoo's filter seems to explicitly filter at least some strictly political messages.

Re:Yahoo thinks political messages are spam

[AndroidCat]

Did you request any of that email? If not, then it is spam. Possibly Yahoo is detecting the fact that thousands of their mailboxes are getting the same message?

Re:Yahoo thinks political messages are spam

[robert0122]

Did you request any of that email?

Every bit of it.

Well.. DUH..

Filters suck.. always have always will..

Instead of actually dealing with the REAL problem they decided.. lets filter it..

Kinda like a college kid that can't do breast cancer research at the skool library because they've got a net-nanny enabled that says the word breast is bad.. same thing goes with grandma at hte library looking up a recipe for fried chicken breasts..

They should go after the spammers and not filter stuff.. isolating yourself from the problem isn't the same as actually fixing the problem.. hopefully they'll wake up and notice this..

probably not though..

That explains it...

[spinlocked]

...I thought the Right Honourable member for Scunthorpe was just being rude.

Seriously though, I used:

FaxYourMP.com

when I wanted to complain about the entitlement/ID cards scheme. I got a reply from my MP (a copy of a letter sent to our Incompetent Home Secretary), on House of Commons headed notepaper in the post 3 days later. For once I feel slightly included in the political process...

Bit you in the "bum"?

What's with using British lexicon? Since it's a British story (or a story that relates to a British situation), CmdrTaco now feels he can use British slang as if he were a Brit himself? I hate when people do that. Just because somebody's watched one too many re-runs of Flying Circus, they suddenly become an expert on British slang and try to pepper their every utterance with whatever localism they can in order to seem more worldly.

Give it a rest and just say "ass". Nobody thinks you're any smarter or any more intellectual for using "bum".

Spam filter filter-er

[TigerTime]

There really needs to be a better way of blocking email besides by subject line or sender, but that's really the only way unless something is done on the server side. But the filters could be much better than what is available today. Here's what I propose. The blocker would have a list of valid senders. When you get mail, the blocker would check the list. if it's there, fine the mail passes, otherwise an email is sent back to the sender with a verification code. The sender would then have to reply back with the code and then the original message would go through. That would eliminate the ficticious email addresses that many bots use. And if it was a valid email the bot would have to be much more intuitive. Of course you could always add your own senders and preapprove certain email addresses that are created by good bots (an amazon.com tracking number email)

Symbian Evolotion and Spam (and British Relations)

[RobotRunAmok]

bit me on the bum

Taco, ol' Sod, I see you're hard at work addressing those complaints from our brothers overseas about the persistent American slant of SlashDot.

Good On Ya, Mate!

That said, and out of fear of being mod'd OT, let me add that I have had success training Evolution's filter system to recognize spam not based on the subject but on the domain name. Without ever bothering with public blacklists, I've just patiently built out my own Enemies List over the years. The "keywords," if you will, in so many of the spammers' domains are remarkably similar -- "email" "deals" "free" etc. Combine that with whitelisting based upon my address list, and I think I've had maybe 2 false plucks for as long as I can remember (receiving on the order of 150 spams daily)

How do you know if you've been blocked?

[davetrainer]

From the article:

Many constituents who have had perfectly reasonable emails blocked may not pursue the issue further.

No shit.

Does anyone here who blocks spam actually indicate to the spammer that they've been blocked? That would be counterintuitive to say the least. Seems to me the constituents have no way of knowing if their message was denied as a false positive.

Re:How do you know if you've been blocked?

Since I first started filtering spam (several years ago), I have attempted to send mail (when it looked reasonable) back to the sender. Later I added a URL for the sender to use to send a plain message. More recently I just switched to TMDA. It's a much cleaner solution.

Re:Maybe we Slashdot can buy this filter technolog

[davetrainer]

from the been-there-done-that dept.

At least they're being honest.

similar has happened in US

[jdunlevy]

When the FTC decided to try filtering

No, That's a real problem with a democracy

[intermodal]

So, maybe the UK could restrict access to just professional lobbyists, it works very well in the US.

Works well for who? I don't see how it helps the average joe citizen who wants to get his point across unless he donates money somewhere. Corporations have tons of cash to throw at it. So if Jimmy Lobbyist has more access than Joe Sixpack, thats a problem. repetition and filtering be damned. It is the duty of a representative democracy to represent those they are representative of, and if they aren't willing to take into account every email and letter and fax and phone call they get in their decisions, then it's a stone's throw away from not having elections at all, especially when you consider that when voting the only two candidates who generally have a chance is a lesser of two evils situation.

Re:No, That's a real problem with a democracy

[entrigant]

I'm doing a study to try and determine why some people appear to be born without a sense of humor. Care to participate? You seem like a perfect candidate.

Re:No, That's a real problem with a democracy

[intermodal]

that's funny...i thought you were doing a study on the methodology of trolls and flamebait, though i suppose you have your studies covered on that without any volunteers at all!

cheers, mate

Re:No, That's a real problem with a democracy

[entrigant]

Ya especially the bait part, I mean yo... erm... nm ;)

* WARNING : this is a joke : WARNING *

Re:Glad I... MOD PARENT UP

Why aren't the British citzens asking these tough questions?

Where are my mod points when I need them?

Makes me think...

[cliffiecee]

Hey, that's an interesting idea. wouldn't a filter be perfect for recognizing a duplicate story? First, run a program that builds a 'word map' for a particular article (using keywords, for instance), then compare that map to an article you wish to submit.

The problem is when there are multiple "unique" stories about the RIAA or Microsoft. Even if the word maps are different the story is the same...

Re:Makes me think...

[Dr+Caleb]

Even if the word maps are different the story is the same...

...but the links to stories would still be the same. That seems to be the trend, the articles are different in some fasion, but they usually point to the same NYT, BBC or Register articles.

Re:Makes me think...

Better yet, it's time to get some young, strapping, San Franscisco residents to draw CmdrTaco an 'ass map', so he'll know when he's got his head up it.

Re:pgp

[Bastian]

no, really. If people want to send you e-mail, make them send it pgp. If a message is sent non-pgp, have them re-send it pgp.

That, or have your mailserver put e-mail from unrecognized e-mail addresses into a waiting pool and have it bounce an e-mail back to the sending address as confirmation that there is a live human being at the other end of the address. If you're expecting e-mails from addresses with machines on the other end, look in the spam cesspool for them or add the originating e-mail address to your mailserver's "ok" list.

Re:Maybe we Slashdot can buy this filter technolog

[sporty]

...to eliminate all the dupe stories

YOU DUMB BASTARDS THIS IS SARCASM

tee da ro tiddle de dum de dum de dum de dum de dooo da

You're mean

[nuggz]

How dare you harrass the slashdot crowd with sarcasm.

Judging by the replys so far, most didn't.

The problem isn't the lobbyists, it is that Joe Sixpack doesn't vote, and doesn't vote on issues or performance.
Campaigns win on flash, and advertising, people who give money, also hire lobbyists. To win an election you have to please them. More money = win the campaign.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Nooo ? Really !

How can you tell if something is sarcastic or not ? I'm always getting into trouble for that.

What is this story doing here?

According to the Slashdot front page, this story should have been about OSS finding it's way onto Microsoft's radar...

At least, that's the story that followed the "Linux on iPod" story the first time...

Come on Editors, get with the program!

"spoofing" concern.

[Erris]

Would you block my email? I run exim and use it instead of my ISP's SMTP because the SMTP server is slow and unreliable. Exim gets the job done but my return to address does not match my sending address. I'd love to run my own mail server, but the cable company blocks inbound mail requests. Would your filter label my mail as spam?

Re:"spoofing" concern.

[Xesdeeni]

First, for complete backwards compatibility, if there is no key included in the e-mail, no filtering is done at all, so your e-mail would get through as it does today. Initially this also means no effect on SPAM. But this is a long-term solution, and would take a year or so (with complete cooperation) to roll out. It will take some time for all the servers to be updated with this capability. But eventually the only servers left sending e-mail without this key (and accompanying verification ability) will be able to be spoofed. And at that point, simple bounces can be generated for e-mail without a key to convince the few holdouts to update their servers.

As I understand it, the "From" field and "Reply-to" fields don't have to be the same. So as long as your server honors validation requests from a certain e-mail address, it still can refuse incoming mail.

Xesdeeni

Re:"spoofing" concern.

[Erris]

cool.

Re:"spoofing" concern.

[schon]

As I understand it, the "From" field and "Reply-to" fields don't have to be the same.

It's not that they don't have to be the same, it's that they don't have to contain valid (or any) information - or even exist (an email without a "From:" and/or "Reply-To:" is perfectly legal.)

Mail servers don't use any fields in the email header to route mail - they use the email envelope to do that.

Hello, I am George W Bush, you tried to kill my pa

You know, Castro pretty thouroughly emberassed Bush senior by thwarting his Bay of Pigs invasion.

Are we going to try again after we deal with Iraq?

to take this joke too far

[xintegerx]

....to eliminate all the dupe stories

Re:to take this joke too far

[jjsoh]

Oh boy...

Anti-SPAM SPAM

[infiniti99]

Anti-SPAM SPAM

filtering vs ranking

[bitspotter]

I wonder how effective it would be to implement spam filters that rank messages instead of filtering them?

Generally, I'd be satisfied with having the most important emails simply appear before the spam, rather than have the filters delete it entirely, risking some false positives.

Usually, mail is sorted in order of arrival (at least in my box). Perhaps it's getting to the point where the content is more important than the timing?

apt-get install bogofilter

bayesian filtering works. i've gone 3 months (after about a month of training) with 0 false positives at about 120 spams per day. i'm down to about 1 false negative per month as well. training is conveniently done by adding keybindings to mutt. when i get a false negative in my inbox, i hit a key and bogofilter learns that it's spam. another key corrects false positives. training is fun, too. i couldn't be happier with this setup.

Re:Maybe Wake Up Call for "Filters"

[JeffL]

As stated lower in this thread, if you have to manually check your spam folder for "false positives", the filter is utterly useless since you are still checking for spam.

I know what you're getting at with that sentiment, but I have to disagree. I would rather have a few false positives, than to be frequently interrupted with false negatives. The difference, upon arrival "real" e-mail causes biff to get excited and sends a text message to my phone, all of which lead me to take a break from whatever I am doing to check my e-mail.

A spam, or a false positive, goes into my spam folder. A few times a day, or whenever, I check my spam folder, sending the true spam off to spamcop, and refiling the false positives. False positives are rare, and in my case they have almost always been non-critical things, such as shipping confirmations, and notices my frequent flier statement is ready.

So utterly useless, no. You are falling into the common trap of thinking that because something isn't perfect, it is useless. Certainly my method can be a bit annoying, but so far is better than the alternatives, which are either letting myself be interrupted by every spam (12 so far today, and its not even 11am), or not noticing important e-mails until long after they arrive.

An idea

[arestivo]

Why not have the anti-spam filter reply to the message sender with a message explainig that his message has been filtered and requesting that he resends the message to a specific, one time only, e-mail address? Spammers would get all their e-mail back and someone trying to contact you would have a way of sending you an e-mail even if he gets filtered.

An example:
- jonh_doe@example.com sends an e-mail to joane.doe@example.com
- For some reason Joane's e-mail reader rejects the e-mail as spam and sends a reply to John telling him to resend the message to joanne.doe-617131243@example.com
- John does has told and the message his delivered
- The generated e-mail address is deleted

This solution combines the best of spam filters and systems requiring the user to prove he is human (like Spam Arrest). Could this work?

Re:An idea

[PigleT]

"Why not have the anti-spam filter reply to the message sender with a message .... Could this work?"

No, for obvious reasons. I'm not interesting in getting backscatter from broken "anti"-spam systems.

Not to mention, the redistribution of workload (innocents do all the work, the spammers merely absorb another bounce) is indefensible, IMNSHO.

Re:An idea

[arestivo]

I still think it's better than just having a bayesian spam identifying engine that could easily have a false positive.

The difference is that when such a false positive occurs the sender still has the chance to send the e-mail.

Woot!

Shame n them getting SPAM. Woot dot com. will they NEVER learn? shitheads!

Re:Maybe Wake Up Call for "Filters"

[Zeinfeld]

As stated lower in this thread, if you have to manually check your spam folder for "false positives", the filter is utterly useless since you are still checking for spam

I attended the conference on spam at MIT. The conference would have been more accurately labelled a 'solving spam with the hammer we know about' conference since no other solutions were accepted - although several people besides myself submitted authentication based papers.

The big problem with the Bayes approach is false positives. Lots of great statistics were quoted but the claims were simply not credible. I don't believe that Spam is such a simple problem that the performance of naive Bayesian techniques is several orders of magnitude better on that problem than any other.

So really the trick is to swing the problem arround. START from the problem of making sure that anyone with a legitimate reason to contact me can do so without interference from statistical filtering techniques. The proper place to apply those is on the mail I cannot authenticate in that way.

I dislike the bounce-back loop as a filter for personal correspondence. I think it is great for the purpose of a lightweight authentication mechanism for mailing list subscriptions. I get very irritated when people use it to filter email, particularly since all my email is signed. People should not substitute their ad hoc authentication mechanisms without first supporting deployed standards.

The other problem with call back loops is that if they are used widely they will become a bigger problem than the spam, this is why I have been urging Microsoft et. al. NOT to support them. The trick that the spammers have developed to get round the callback loop is to steal addresses off mailing list archives and send forged messages to the other members of the list. So work out the effect that deployment of the naive bounceback hack would have.

So...

[Peterus7]

Bush could potentially fit spammers into the terrorist category, so his war on terrorism could extend to them.

Hey, this article proves they are ultimately detrimental to society and politics, and therefore should be prosecuted.

Prior art

[isomeme]

SatireWire headline from last year: "House sends spam bill to Senate; Senate spam filter deletes it".

what the world has come to!

[linuxlover]

a ./ reader with a girlfriend! /end joke/ :-)

Personal Censorship?

[billwie]

Here's a thought for the future. What if the number of spammers (thorough email, push advertising, etc) trying to spam you gets so high that the only way to wade through it is to use filtering. Combine this with "intelligent agents" (sarcasm) sifting the data that's comming to your door, and you might never see a single deep discussion or controverial thought again.

Will spammers, not the government, cause us to censor our own experience of the interent (and all other news sources)?

genuine political business?

[sean@thingsihate.org]

haha, so the politicians relied on their email to remind them of the "genuine political business" they should be discussing?

so without their email, they were all sitting around saying to each other "we need to realign our political strategy to centralize what is decentralized into a whole new paradigm"

Re:Spam filter = Censorship

[meringuoid]

You're confusing the right to free speech with the privilege of being heard.

And both of them with the great honour of actually being _listened_ to.

rating insted of filtering

[dont_stand_so_close_]

You matter how good your filter is, it seemes as if it always makes some mistakes.

It might be a better idea to rate spam by what the odds are that it is spam. Then you rate all you email but how sure you are that it is spam. Start reading your mail till you get to the spam, after that you can be pretty sure everything that comes after it is also spam. You get to define the final boundry, the ratings just help you find it.

Spam Seive, and other filters come close but still still try eliminate any grey area so you will always have false positives, and spam that gets through.

Pete Townsend

[sdmartin101]

So, *that* is why Pete Townshend never heard back from his MP!

What a Sick Sales Plug!!!

[tacocat]

I hate to do this because it's only partially complete. But I have a concept worked out on how to handle spam that works extremely well and removes the chance of false positives, especially from Real People.

It's not a money-making scheme, but it is prior-art <grin>.

The idea is a hybridization of SpamAssassin and tmda (tagged message delivery agent) wherein you accept all email into your inbox and the spam goes into a spam mailbox. Nothing New...

The cool part comes in when you start automating the spam_mail similar, at least conceptually, to what I have on my website. Shameless plug here

The idea is that you send out an email confirmation, similar to tmda, for only that email which is considered spam (by SpamAssassin). This means that most of your regular communications would go unhindered. But it would also make casual contact via email the easy and simple function that it is supposed to be.

These notions of having an email list of only your known contacts is a pain in the arse and most times met with extreme hostility. This is especially true if you are attempting to contact someone privately from an email list, or from a solitication from their website.

I have to warn you that if you use the code as described on my website you will probably break your server in the first day. I've rewritten it to scale much better (1,000 spams every 10 minutes). But I haven't had the chance to post the new code. But conceptually it rocks!

I've processed something like 20,000 emails without taking a single false positive, unless the original sender vegged... but then he didn't really want to talk to me anyways now did he?

The point is, it places the responsibility of delivering spammy mail to the sender. I do not have to receive it. However it allows the non-spammer to go about the internet unhindered.

Re:What a Sick Sales Plug!!!

[zcat_NZ]

Brilliant idea, I'll probably add something to procmail myself later today.

I thought of a few minor changes though. Don't bother with the whole storage/verification crap, if it was important they can resend it. And don't send back the message; that's likely to just trip spam filters at their end, or be abused by spammers to reach 'secondary targets' (how you mentioned above). Just send back a standard boilerplate message something like this;

--
Your recent email to me re: $subject was identified as spam and has been deleted unread. If this message was important please make it less spam-like and then resend it.

Things you might need to change;
Avoid html-formatted messages
Avoid strings of dollar signs or exclamation marks
Don't use capital letters excessively, or put spaces/dots/dashes between each letter in words.
Avoid common spam phrases.
--

Re:What a Sick Sales Plug!!!

[roybadami]

The idea is a hybridization of SpamAssassin [spamassassin.org] and tmda (tagged message delivery agent) [tmda.org]

Great minds think alike. Though I think my approach is simpler (having only skimmed your page, so apologies if I've misunderstood).

My procmailrc simply passes all mail through SpamAssassin and then TMDA.

My TMDA rules say to accept anything that has the header 'X-Spam-Status: No'; anything that SpamAssassin thinks is spam automatically goes through TMDA's normal confirmation process.

There's slightly more to it than that, but not much. No new code is involved, just suitable configuration of SpamAssassin, TMDA and procmail.

It doesn't yet do everything that your solution does (in particularly the verifying the sender). I still need to think more about whether this is correct according to the RFCs, but thanks for the idea of doing it in a script, rather than waiting for my MTA to support it. (Incidentally, I believe that the latest postfix can do this itself, or am I getting confused with some other MTA?)

I keep meaning to put up a web page describing my approach in more detail. If you're interested, send mail to roy@gnomon.org.uk and it might encourage me to get round to documenting it sooner rather than later :)

Re:What a Sick Sales Plug!!!

[tacocat]

Good points!

But I think I have addressed them in a code rewrite that I am putting out this week.

I'm trying to make it as easy/simple for people to use, on both ends. That is why I try to save the emails.
But the replies are being sent from a silent-partner address which has no person associated with it. All email received there, that isn't related to a Confirmation is considered spam. This makes for a HoneyPot.

You would be surprised how many people out there don't understand the concept of just hitting "Reply" to a message. Some call, some forward, some write a dissertation.. It's kind of funny.

Re:What a Sick Sales Plug!!!

[zcat_NZ]

You would be surprised how many people out there don't understand the concept of just hitting "Reply" to a message. Some call, some forward, some write a dissertation.. It's kind of funny.

I'm not really surprised. These are the same people who write excessively spam-like messages in the first place. Teaching them to write better (less spam-like) emails, and ignoring them until they can follow simple instructions and use email properly would seem to be the ideal solution to me. :)

Re:What a Sick Sales Plug!!!

[Zeinfeld]

The idea is that you send out an email confirmation, similar to tmda, for only that email which is considered spam (by SpamAssassin). This means that most of your regular communications would go unhindered.

I was actually just proposing the exact same idea, but in combination with authentication.

I think that the idea of indescriminate callback loop requests is pretty rude and insulting. It is basically saying that you are too important to bother to read just any mail sent to. Folk who do this on a repeat offender basis are just psychopaths.

However I like it as an alternative to just putting the email into the bit bucket unread. Essentially what you are doing is adding a last ditch attempt to salvage the email.

I would however suggest some slight tweakage. First I would suggest that you support sender authentication mechanisms as a whitelist mechanism in addition to filtering. The problem with filtering is that lots of useful content like newsletters also gets filtered even if specifically requested by the user.

Second I think there is a need to make sure that there is a mechanism that allows someone who did not send the original message to automatically identify your challenge message as such and deep six it without having to view it. There are techniques that could be used in the construction of the password that would facilitate this.

Clearly these types of measures require modification to some of the Internet infrastructure, but getting that to happen is my job.

Re:What a Sick Sales Plug!!!

[Zeinfeld]

Your recent email to me re: $subject was identified as spam and has been deleted unread. If this message was important please make it less spam-like and then resend it.

That is not an appropriate response. You are effectively telling the sender to censor what they write because you have a stupid filter.

It is pretty easy to set up a system that allows you to attach a password to the post so that they can resend it with the password and get through.

For example to take the simplest approach take a secret password "flobalobadob", take the sha1 hash of the password and store it as the key K.

When a suspicious message arrives from alice@bongo.org use a standard crypto library to calculate HMAC-SHA1 of ("alice@bongo.org", K). Encode the result as Base32 or hexadecimal, truncate to a manageable length if you wish, that is the password for that user.

The user can simply resend the message with the passphrase and your filter can check the passphrase by recalculating it against the sender address.

Telling people to avoid HTML because you have a broken scheme is bush league. We should not allow these spam sending bastards to reduce the quality of our environment. That is giving in to them.

Re:What a Sick Sales Plug!!!

[zcat_NZ]

Bollox. spamassassin doesn't filter for keywords, it looks for common spammy phrases, so if that triggered it they're probably trying to sell me something anyhow (herbal viagra, click here, do it now, limited time offer!) and I'm not interested.

The rest of what it picks up is things like ALL CAPS, g.a.p.p.y t.e.x.t and !!!!$$$!!!!, and I'm perfectly happy to tell them to fuck off for that.

Same for html. If you send good clean html spamassassin will let it past. pine won't render it anyhow but at least I can read the text version. If you send me some bollox MSHTML or a .doc attachment, you're just asking for a lecture in open standards anyhow..

Re:What a Sick Sales Plug!!!

[Eccles]

It's not a money-making scheme, but it is prior-art.

Yeah, but we've seen how much the Patent Office cares. I hate to even say this "out loud", but can you imagine if a spammer patented various spam filters and threatened to sue anyone who implemented such a filter?

Re:Maybe Wake Up Call for "Filters"

making sure that anyone with a legitimate reason to contact me can do so without interference from statistical filtering techniques.

It seems that Spam Interceptor has a solution for this stated here where you replace a mailto link with a link to the authorization.

I'm not sure if that's what you were talking about however.

I don't understand where you get all those *shrug*

I don't run any filters and my ISP's filter has
never been turned on for my accounts.
I don't get ANY spam at all.

Same e-mail addy for 3 years and I average
6 e-mails a week on it.
My addy for lists runs hundreds a week but
no spam.

Where do you jokers get all this spam from?

Re:Maybe Wake Up Call for "Filters"

[gmuslera]

An automated methodolAn automated methodology of ensuring trusted corespondents [si20.com], as seen in the solution hyperlinked (maybe someone knows of another?),

TMDA

Easy solution that I use

[ahbritto]

I have two spam folders: Spam High and Spam Low.

Regular mail is anything SpamAssassin rates less than 5, I get a few false negatives- no real biggy.

Spam Low is anything SpamAssassin rates less than 8.

Spam High is anything SpamAssassin rates 8 or more.

My ratio of Spam High to Spam Low is 30:1. I easily scan my Spam Low in seconds. I glance at my Spam High only for entertainment before trashing it.

The false positives that end up in Spam Low are usally mailing lists that I have not white listed. When I spot one, I adjust my white list.

I am eagerly awaiting SpamAssassin 2.5 which has Bayes filtering to eliminate the very few false positives I get. As I understand it, this filtering in combination with SpamAssassin means I need to provide no feedback to the filter. Yet, spammers will have a different Bayes filter, therefore they will be unable to adapt their spam to go through my filter.

Net result: SpamAssassin Rocks!

E-mail from "the public" is hard to filter

[Control-Z]

If you get a lot of e-mail from the same (good or bad) sources filtering works well. But it seems if your account gets a lot of e-mail from a lot of previously unknown senders each of those people has a different writing style and uses different words (except AOL users haha), and filters (especially bayseian) have a harder time distinguishing good from bad.

Politicians or anybody receiving "unsolicited" but legit e-mail from the public should definitely question whether filtering is a good idea, assuming they want to read every valid e-mail.

Re:Maybe we Slashdot can buy this filter technolog

[Tingler]

Then they can write some bots that generate random inane chatter in their posts.

Oh....

....never mind.

Running MacOSX, aren't you?

[iamacat]

Since your e-mail client marks spam in different color. Mine does too, and flags all the corporate broadcasts as spam. And I actually agree most of the time.

Anyway, if you filter spam by hand you get false positives as well. Spent any time clicking delete checkboxes in yahoo mail. How difficult is it to click one extra title as mistake? Once your filter has a better rate than you, you are better off letting it do the job even if it deletes some of your normal e-mail.

Same as Web site blocking

[TarPitt]

This issue also exists with common Web site blocking strategies. Attempting to block Web sites (actually entire IP addresses) inevitably restricts some sites that are innocuous or even useful. The difference is that the blocked site can't complain about it - the sender of email that is mistakenly blocked can.

As various forms of "content filtering" become widespread, expect more of this in the future.

Voting is the least important part of Democracy

[NaugaHunter]

No, the problem isn't voting. The problem is believing voting is the only say you have in government. Anyone can and should fax/write their representatives about issues they care about. If they think a lot of people would agree with them, they should put the word out for those people to do the same*. The Congressional Vacuum works both ways - if the only people talking to them are lobbyist, those are the only 'facts' they can base decisions on.

Of course, the level of success this has will very from representative to representative, and how close the issue is to what they ran on and their parties are taking stands on. For example, it would take a lot more voter pressure to get a candidate to flip on taxation, which they generally are well defined towards, as opposed to the DMCRA vs. the DMCA, of which they've only heard about from Big Businesses.

* Cheap example plug

One way that I've found the fight spam...

[BinaryBuddha]

Don't every give out your primary email, unless trusted friend. For all others make a catch all account on your domain, and give the email organization name_SPAM@domain.com Then you can track where the spam is coming from and who they sold it to etc...

Re:Maybe Wake Up Call for "Filters"

[Zeinfeld]

It seems that Spam Interceptor [si20.com] has a solution for this stated here [si20.com] where you replace a mailto link with a link to the authorization

Hardly, had you read my post rather than being a rather obvious shill for the product you mention you would have seen that I don't think that bombarding everyone with callback messages is an acceptable solution. There are better forms of authentication available than email callback loops that do not require end user intervention.

If everyone used this method the spam senders would simply extend a technique they are already using, taking email archives from the internet and forging messages purporting to come from one of the people on the list to the other list members. The person whose address was stolen would then get a massive attack of loopback messages.

If you want to authenticate senders the solution is S/MIME, an IETF specification that is designed to do email authentication without user intervention.

Maybe Wake Up Call for "Slashdot"

[t0ny]

If only I could filter out all the anti-Microsoft FUD this place spews forth

Bad System Administration

[spookyfluke]

You shouldn't be rejecting spam! You should redirect it to some folder/mail store and get your end-users to check it every once in a while. Simple.

quality over quantity

what makes you a tool is that you keep responding with the exact same crap, like a frickin broken record. just shut the hell up already, you made your point, such as it is... no one's gonna come around here and mod up all your posts so why bother?

you're even double-posting now. shut yer hole, stupetool.

like I said, you are pathetic. the abject grasping for recognition, on Slashdot of all places, proves it. the fact that you can't refrain from responding, with the exact same content, to every single freaking post, underlines it.

no wonder she's an ex-girlfriend. you're a freak.

Re:quality over quantity

[circletimessquare]

lol

after awhile, the trolls get kind of funny, as they are so predictable.

troll: say nice things, because if you say negative things, do not be surprised if someone disagrees with you, especially the original poster on an emotionally sensitive subject.

more empathy, less negativity.

you will find your web posting experience to be more enjoyable.

Only 6,000,000?

[WIAKywbfatw]

Only 6,000,000? Surely your mail server can handle more than that?

Looks like you've got some spare bandwith there buddy. Can I possibly interest you in a new diploma, penis enlargement, nude pictures of various Hollywood babes, a new credit card, a low, low, rate mortgage and a my exclusive guide in how to make a million on the stock market?

mailbox of GW Bush

[giel]

George's INBOX (250k)

Yes, the guy really needs a better spam filter.

ESP and the help desk

A House of Commons official said: "Any e-mails blocked by the filter can be released instantly with one phone call to our help desk.

"The helpdesk has only received a handful of unblocking requests

What I want to know is how the MP is supposed to know it's time to call the help desk. A Hogwart's graduate, perhaps?

Good. Politicians should not use spam filters.

Politicians should not use ANY kind of email filters, period.

Politicians tend to be disconnected from real life experience. In the U.S. this leads to a lobbyist-centric view of what's important, what needs attention, and what needs to be changed. I suspect that a similar condition exists in a number of other countries. Politicians should be exposed to the same spam that the majority of all the "little people" on the net suffer through.

Re:Maybe Wake Up Call for "Filters"

Funny I've been screaming this exact same message to everyone I know. I tried explaining this in an email to Network Computing it mag, but I don't think anyone listened to me, and I'm not sure I put it as clearly as stated above. Spam filters are censorship, and we simply cannot build our internet future using censorship. Even now I have a hard time sending email to my wife at home because my mail gets put in her "bulk"(spam) folder on yahoo.
We have to look at trusted networks in the long run.
Since writing that email, I went to work building a simple email system that only allows authorized email to pass thru. That means that if your not on my invitation list, you have to ask for an invitation to write me, or your message gets bounced. Theres a lot of automation that goes into making that work for the average user, but it does a better job of preventing spam from reaching people while allowing the real mail from clients and vendors to passthru without using spamspoofingpseudolanguages.

Can hurt relationships too

[scobb99]

I deeply sympathize with ISPs who are battling spam, and with the blocking lists advocates, but collateral damage from blocking can get personal.
Lately I can't send email to my wife!

About 5 days ago, her ISP blocked all email from bellsouth.net, which is my ISP. Of course, they didn't tell her that, or me. Just out of the blue anyone who sent messages to any account at her ISP, via bellsouth.net, was told "Access Denied."

A lot of the reports of collateral damage in the anti-spam war focus on legitimate mailing lists, newsletters and the like. But it is also individuals who are finding their established means of communication cut off, and very abruptly so. Imagine a journalist who wants to interview my wife (she is the author of Network Security for Dummies). He sends her a message via an account at bellsouth.net, which is a large ISP (and not what the average person thinks of as "flaky"). The response "Access Denied" suggests the account is closed or unpaid for. Connection and opprotunity are lost.

Do I think we need to abandon blocklists? No, but we need whitelists as well, that allow mail through from verified and approved sources that are held to a high standard and thus given privileges (instantly revocable if need be for violations). This is technically possible. And it can be achieved. Think about the blocklist infrastructure--who would have predicted how quickly it could arise and refine itself to current levels. What we need now are more pieces of the puzzle to be put in place.

Stephen

Another true story right out of the UK

[Isofarro]

A few weeks ago the Scunthorpe town council decided to implement a nasty words filter on all email received, just to reduce the volume of abusive email they were receiving.

The email filter worked out very well indeed - well, too well. Absolutely no mail was delivered. It took a while for them to realise that their own town name contained one particular rude word, and considering that their town name was part of their email address, all email had to have a certain word in it.

Joke?

[GQuon]

That has to be a joke. There's not really any spam in there! Or he must have started deleting them. I hacked into W's hotmail yesterday, and there were a few emails missing, like these:

• 
  
• Soft pretzels. 20% discount. Hurry. 648215
• Of course size matters. Add inches to your nuclear missiles. 51954
• URGENT BUSINESS ASSISTANCE
• Lonely and bored interns! Live cameras! 21625
• Get rich working from home. 18242
• Stop the war! Hell, no we won't go
• Thanks for signing the card
• TALIBAN SINGLES
• [Slashdot] Moderation results

My Spam Haiku

[lildogie]

Your message was here?
Perhaps, with a flood of spam,
I deleted it.

Spammunition

[BlackjackGuy]

I started using a filter called Spammunition a while ago. It's a free Bayesian filter for MS Outlook. (Not my ideal mail client but it's what we use at work). It's great. No false positives, and catches all my spam.

Re:Maybe Wake Up Call for "Filters"

[paskie]

I believe that this practice is not that good --- especially when the mail was NOT sent by a real human, but ie. mailing list subscription robot, some account creation verification mechanism sending you password by mail etc. Also you may easily annoy those who write you a mail by bothering them with this automation, it can be easily considered as impolite. And the real fun starts when two people with this filtering try to get in touch; you protect yourself from mails not generated by a real human, but at the same time you produce such mails yourself.

I think the middle path is the best one: automatically add the spam negatives to the approved sender db and send the verifications only to senders of mails identified as spams. You will get no false positives, in 99% of cases you will be able to even subscribe to a mailing list easily, and you won't bother the other people that much (and if you will specifically mention in the verifications that they are sent because the mail looked as spam, I think they will be much less angry at you).

Re:Maybe Wake Up Call for "Filters"

[kaoshin]

I dislike the bounce-back loop as a filter for personal correspondence. I think it is great for the purpose of a lightweight authentication mechanism for mailing list subscriptions. I get very irritated when people use it to filter email, particularly since all my email is signed. People should not substitute their ad hoc authentication mechanisms without first supporting deployed standards.

I use a similar this method as a filter, and could care less wether or not an email is signed or not. If you are not in my contact list or if I have not flagged you to send me mail, it will require you to include a daily random password on the subject line. I have had lots of people use this over the last couple of years. I have only recieved positive feedback about it, and just as importantly I have recieved virtually no spam for a very long time. The only disadvantages I found were:

A) Mailer daemons use nonstandard replies, and do not include message identifiers. My autoreply is frequently sent to bad addresses and triggers mail daemon responses. This means that the only way to determine if mail I send was undeliverable is to comb through a long list of messy mailer daemon replies. This is a small price to pay for the advantage of recieving zero spam, and not having to worry about false positives. Especially considering that it isn't often that I have to even check to see if someone recieved my mail because most people send me replies when I mail them.

B) It was vulnerable to being used to mailbomb. I fixed this by adding a flood protection to limit the number of autoreplies it can send to one address each day.

Regarding the mailing list archives.. I have been a member of mailing lists for years and never recieved spam masquerading as one. That is not to say that it can't or won't happen though. That seems like it would be a problem with mailing lists disclosing the member addresses though doesn't it?

Apple 'Mail'

[theCat]

I don't know how Apple does it, but the Mail client that came with OS X has some amazing anti-spam widget running. With essentially no training it misidentifies maybe 1 spam in a hundred, or two hundred (I get about 50 spam a day). I keep looking for good email in the spamcan and almost never see anything there except announcements from companies I've done business with in the past (pseudospam). I haven't had to deal with any really nasty spam in my inbox for months, no joke.

Does anyone know how Apple has pulled this one off?

1 in 180?

[HermanZA]

I can't believe that they get so little spam. Only about 5% of my e-mail is legit. Therefore, I need a very good spam filter system and uses a combination of procmail pattern matching, scoring and Bayesian statistics.

One solution...

[Natalie's+Hot+Grits]

and one that is in use today, is to not accept any public email at all.

The US Senate and House of Representatives have their member's websites with a contact page utilizing a web form to submit letters. Since this email address is hidden by the web server, the only spam that could possibly get to senators is someone specifically writing a program to submit information for that specific web form.

Since no spammer would need to spam senators (unless someone tries to mail bomb them, but that is an other issue all together), nobody would spam them.

This also solves the problem with the post office mail and anthrax problems that happened just after 9/11. The quickest way to contact your senator is by fax, but even this web form is higher priority than snail mail.

A good thing!

[CaptainPhong]

If governments find spam unacceptable, and resort to spam filtering, and then find that unacceptable because of false positives, the next recourse is spam legislation. Therefore, false positives are good.

Eggshells

Years ago I was talking with a friend about filtering software (in this context we were talking about adult content filtering individual pictures on a web page via a Bayseian network) and the phrase, "You can't make an omelette without breaking some eggs" came up as an analogy to blocked pictures that shouldn't be blocked because they are what appears to be borderline cases to the AI, but obviously not to humans (an example would be blocking famous artworks of nude women when trying to filter out porn).

Thus the term eggshell came to be kicked around in parlance as a term for a good item that was filtered into the trash.

So please, if you like the term eggshell, propagate it by using it in this context and assuming that people know what you are talking about.

-Doooook

1% Spam? Amazing...

How do they keep it so low... and that was without filtering? they should be so luckey...

I'm getting a whoppin 80% spam... but that's OK, I want it, so I can fight spammers with it.

Looks like the HOC can use some serious spam management tools.

I support the efforts of the "spamBayes" group. They are doing great things, and have a really good filtering technology that appears to work if one spends 2 - 3 weeks training it.

Re:Maybe Wake Up Call for "Filters"

[roybadami]

I believe that this practice is not that good --- especially when the mail was NOT sent by a real human, but ie. mailing list subscription robot, some account creation verification mechanism sending you password by mail etc. Also you may easily annoy those who write you a mail by bothering them with this automation, it can be easily considered as impolite. And the real fun starts when two people with this filtering try to get in touch; you protect yourself from mails not generated by a real human, but at the same time you produce such mails yourself.

TMDA has thought about all of these issues, and has solutions to many of them. That's as good a reason as any for using TMDA as the confirmation manager rather than reinventing the wheel.

reject versus reply

[feenberg]

It is important to distinguish between rejecting a message (in which case the sender gets a "550 spam" indication) and discarding a message (in which case neither the sender nor the receipient is notified). Only the SMTP server can reject a message, it is too late by the time it has gotten to the message user agent (client).

If the anti-spam software rejects a message it is usually trivial for the sender to modify the message or find another delivery method and little is lost. If a message is discarded, the damage might be much greater.

Bayesian spam filters usually run on the client, and have to discard messages but there is no particular reason they couldn't run on the server.

The client can't reasonably return a "DSN" via email since the envelope from (even if known to the client) is probably a forgery, so responding would just be creating more spam. The SMTP server
can reject the message before it is accepted with an error code, it doesn't have to send an email with the error message.

Re:reject versus reply

[PhantomSr]

Just wondering about that rejected message you mentioned. Is not 550 the "no relay" message and not a spam message? This message is only sent to the sender when they are trying to send e-mail through an smtp server other than the one for their smtp

Filtering out the "will of the people"?

"If MPs are so protected by the nanny state that they lose touch with the people, how can we possibly encourage more participation in politics?"

Sounds like Great Britian is suffering from the same thing as the United STates, ie.. Politicians are being shielded from knowing what "the people" really want. God Forbid if the politicans cowards to the "will of the people", instead of cowering to a handful of money grubbers.

Filter has blocked less than 1%

[D.+Book]

From the article:

We receive over half a million incoming e-mails a month - so far the filter has blocked about 900 a week, which is about 1 in 180, much less than 1%

If only 1 in 180 messages are classed as spam, why are they using the filter in the first place? If the average amount of spam received across the board is less than 1%, then those MPs who complained of being inundated with spam must be few in number.

Why should the whole system suffer because of those MPs? They should implement their own filters if they have a problem.

The helpdesk has only received a handful of unblocking requests.

Not surprising. How are people supposed to know they're missing out on important e-mail messages if they never receive them because of the filter?

Incidentally, my ISP uses a spam filter which is completely transparent to the user. Any messages that get filtered, legitimate or otherwise, I never even know about. Most users don't even know the filter is in place. I'll be leaving them when my contract is up, being sure to first check up on the practices of any new ISP I choose.

Re:Maybe Wake Up Call for "Filters"

[Zeinfeld]

I use a similar this method as a filter, and could care less wether or not an email is signed or not

Read, could care less how much aggravation you cause others.

If the message is signed then you know that it came from that individual. You should not require further authentication, you might however decide to use authorization.

I have had lots of people use this over the last couple of years. I have only recieved positive feedback about it,

Duuhhh, hardly suprising since you filter out any negative responses.

The point is that this type of scheme is only going to be socially acceptable if few people use them. As soon as lots of people do so they will rapidly become an annoyance. In effect you are reducing your spam by .

It looks like you are also one of the major assholes who sends a callback message every time they get a message from someone you consider insufficiently important. Most people would think that responding to one callback should be enough to be whitelisted by default.

Regarding the mailing list archives.. I have been a member of mailing lists for years and never recieved spam masquerading as one. That is not to say that it can't or won't happen though.

It probably just means that you have been lucky. This behavior has been happening for quite some time. Of course, since you claim to have an email hack to stop spam the problem would be hitting everyone else.

Re:Maybe Wake Up Call for "Filters"

[kaoshin]

If the message is signed then you know that it came from that individual. You should not require further authentication, you might however decide to use authorization.

So by that logic, if a spammer sends me mail that is signed, I am obliged to accept it. I don't think so.

Duuhhh, hardly suprising since you filter out any negative responses.

You obviously don't understand what I was explaining. My autoreply contains a password that you include in the mail. This only requires user intervention which prevents the vast majority of spam. If you wanted to send me a complaint about it, you simply include that in the tagline. duhhhh.

It makes you look like an asshole to make assumptions about people. Despite your rude presentation, you did make a point. That is that this is only acceptable because it is not in use on a large scale. For that I don't have an answer. You sound like you do though.

Comment removed

[account_deleted]

Comment removed based on user account deletion

SMTP

[Superfarstucker]

SMTP is junk, no question about it.. there is almsot no way to effectively eliminate 100% of all spam without impeding others efforts to contact you, so i suggest that a new protocol be drafted up.. a common suggestion, all it would require is TRUE authentication of where the mail came from. Of course SMTP wouldnt go away, the 2 networks could operate simultaneously... i have a feeling SMTP would die out rather quickly though and become something nobody ever uses

So close!

[moncyb]

You almost had it, but not quite.

Here in the US, they toss out all letters, faxes, emails and ignore phone calls. Congress has a very simple way to get their requests from lobbyists. Each "representative" hosts a "fund raiser" where the lobbyists have to pay thousands of dollars to get in. Each lobbyist gets a turn sitting next to the "representative" so he or she may discuss political issues "critical to the general public." No need to mess around with sorting through countless junk! ;-)

Please tell me more

[GQuon]

Hello, and thank you for your generous offer!
I am a very interested in participating in this venture. I have recently made a lot of money from a very good harvest of dental floss, and have been looking for a way to invest my money.
Please hurry to contact me with more information.

SPAM costs us all you FREAKS

The point of all this is not how this retard fucked up his personal life. It is about how filtering spam (because we have to these days) is destroying the usefulness of email. I am sure every single last one of you motherfuckers making fun of this guy has lost business and money in the form of legitimate email getting filtered either along the way by RBL or in the user's ISP or personal spamfilter. Even the holier that thou ones who have "three email addresses" and are easier to call anyway than determine the email address lose business to spam filtering because everyone else has to.

LOSER

Here's some real insight, just because some jerk-off makes a comment to support your position, doesn't make you right.

Re:Maybe we Slashdot can buy this filter technolog

Slashdot is just using the commonly known DRY principle: Do Repeat Yourself

Do repeat yourself.

Re:Maybe Wake Up Call for "Filters"

[Zeinfeld]

If the message is signed then you know that it came from that individual. You should not require further authentication, you might however decide to use authorization.
So by that logic, if a spammer sends me mail that is signed, I am obliged to accept it. I don't think so.

Seems you don't bother to read what other people write either.

Your callback loop is performing authentication. What you are talking about is authorization.

If spamers start signing their messages an appropriate response would be to have a whitelist of people who you have authorized to send you email. If you have a strong authentication mechanism you can include or exclude people on the basis of their domains, for example allow mail from anyone in mit.edu, exclude anything from goatse.cx etc.

It makes you look like an asshole to make assumptions about people. Despite your rude presentation

I happen to consider your callback hack rude so now you know.

Dick van Dyke

[SpikeSpiff]

Dick van Dyke -- Who could be more harmless, or more likely to be screened?

What's being missed...

[malx]

...is that the MPs aren't filtering their e-mail, it's under the centralised control of Parliament's IT Services Dept.

Consequently, MPs are not receiving mail about e.g. the Sexual Offences Bill silently. They can't periodically check their "junk mail" folder for false positives, they have to know (via out-of-band communication) that they've had a false positive block and then go cap-in-hand to the IT Dept to ask for the mail to be released. Anything that gets caught that they don't know about, well, they won't know about.

This is why all spam filtering should be within the control of the user.

Bob Frankston on Spam Fixation

[keynet]

My personal filters take care of most of it by excpetion, if the filter doesn't direct it by sender or subject line to a live mailbox, it is potentially spam. New senders get added to existing filters. I agree with Frankston, get over it.

The real issue is our inability to manage our availability. As long as we give everyone our "magic" name, they have full access to us. EMail addresses don't represent physical resources. We can manage our names and thus manage others' access to us. Unlike paper mail or the telephone network, email gives us the technology to start to take charge of our availibility. Hunting for spammers might help vent our anger but only exacerbates the problem since the question of what is spam is a function of our relationships and our interests. Any static attempt to classify others as simply good or bad only makes the problem more difficult, especially if we let spam filters make the decisions for us.

The whole story is here

Note to Senders

[crashnbur]

If you really want to send an email to ME that you want me to actually READ, put my address on the TO line. None of that BCC or undisclosed recipients stuff. Those are the most commonly filtered out, I would think. Also, don't mention "mortgage", "casino", or "sluts" in the subject line, because to this day I have received no emails with any of those words in the subject line that wasn't trying to sell me something.

I apologize for people who might actually want to talk to me about mortgages, casinos, or sluts. But I figure it's okay because I'm not interested in those things.

No, that's a problem with OUR democracy.

[crashnbur]

That is to say, it takes the democracy right out of it.

"Democracy" means "government by the people". When the people's voice is simply thrown out because its volume is too much, that is ignoring the will of the people. When focusing instead on those special interests that have worked hard to earn a special status of favor with politicians, that is a form of aristocracy. (Okay, so it isn't necessarily government by the "rich" in terms of money, but those lobbyists are certainly rich in politician-attention-grabbing resources that the average American is forced to live without.)

I would recommend that the UK continue on its current course. A better plan might to be to hire several politically qualified persons to act as email secretaries -- save the controversial, coherent, and funny letters and essentially keep the officials' inboxes down to manageable levels. (I'd imagine that something like this is already in place anyway.)

Take Control of Your Filter

[crashnbur]

That isn't necessarily the case. Set up message rules so the TO line of messages coming to your inbox *must* contain your email address (or one of the email addresses coming to that inbox). Any that don't are considered "junk" and sent to the trash. Check the trash before deleting it permanently, and once in a blue moon some non-SPAM might be found. Add a message rule that specifies that messages from the sender of that message should be kept in the inbox in the future. The occasional lost email is a tolerable price to pay. (Of course, nothing in my trash gets deleted permanently until I do it manually, so I have the option of skimming through it, which I do every few days.)

When other filters fail, set up your own rules to overrule them.

Re:Maybe Wake Up Call for "Filters"

[kaoshin]

I didn't understand the words, sorry. First of all, they already turned down the bill to put unique identifiers in unsolicited email. It of course is the best way to go, but the powers that be will never let that dream happen.

Like I said, I have never recieved any complaints, and if a spammer forges your address and a couple of messages get bounced to you before my flood protection kicks in then I apologize in advance, but the likelyhood in that happening is slim, but I am not the one pretending to be you, and I'm not sending a nasty note or reporting you to your isp or anything. I am simply saying that if it is truly you who attempted to contact me, then please confirm this by performing this operation.

Show the politicians how much of a problem spam is

for every piece of spam you recieve, have an automatically genereated email message sent to your politicians (everyone that you have an email address for) with a short little complaint about the problem you are having with spam. They'll either realize that (A) spam is a problem and start making laws against it, or (B) won't be able to read all the other bitches, moans, groans, and complaints and will continue with business as usual.

Re:Maybe Wake Up Call for "Filters"

[R.Caley]

As stated lower in this thread, if you have to manually check your spam folder for "false positives", the filter is utterly useless since you are still checking for spam.

No, because it prioritises your mail. Mail from certain adresses is always real, mail from certain adresses is always spam. So, I don't check mail which looks like spam as often as I check mail which looks like spam. When I reply to someone who was treated as spammed, I tell them why the reply was delayed which should help the sensible ones avoid other people's fiulters. (don't mail HTML is a good rule for instance).

Automated trusted corespondents ensures that a real human, accountable for his or her actions, sent the email.

This would just make me give up emailing the person. Not useful if I was trying to buy something from them.

Oh, now I get it

[AnalogDiehard]

After years of scratching my head over that Monty Python sketch with the bloody vikings, the joke about spam makes much more sense to me.

RFC 821 and "55x Spam rejected" result codes.

[Nonesuch]

RFC 821 shows in an example "550" may mean "Requested action not taken: mailbox unavailable [E.g., mailbox not found, no access]" and "552" can mean "Requested mail action aborted: exceeded storage allocation".

Examination of RFC821 and RFC2505 shows that any 55x error is (paraphrase) a permanent negative result code indicating that the receiving system cannot accept the message.

The third digit allows for fine gradation of replies, and "552" is a common return code from a spam filter.

This is a design decision -- in many cases, you don't want your anti-spam filter to return a result that could be interpreted to mean:

"What you just sent me triggered a threshold limit, if you take out some exclamation points and only mention viagra once, I might let it through next time"

No False Positives, No False Negatives - So Far.

[thedji]

I use Cloudmark SpamNet, a community-based spam filter. In the 6 or so months I've been using it, I have never had a single false positive or negative (mind you, i'm also careful with my addresses and only receive 2-3 per day (over 3 accounts).

How it works:

When a spam message is submitted to Cloudmark SpamNet, the system generates a secure fingerprint or signature of each message. This unique, but indistinguishable, fingerprint can now be securely shared with all the other SpamNet users to identify the same spam message in their email. This system permits everyone to contribute to the fight against spam and ensures that all email remains private.

To ensure that you never lose email, no messages are ever deleted or blocked. If a message is identified as a known spam message, it is simply tagged as spam and moved to your Spam box. This process allows you to verify that all the messages in the Spam box are really spam.

The SpamNet system has been running smoothly for over a year. During that time, thousands of users have endorsed the system's effectiveness by processing millions of email a day through SpamNet. The proven system will immediately cut your spam dramatically, but you can also choose to turn the spam checking off at anytime. The Cloudmark SpamNet Outlook add-in won't interfere with your email if you choose to discontinue using the service.

So what do you get for your spam contributions to SpamNet? Well, you get free spam filtering. If that sounds good, download the Outlook plugin.

Auto updating filter

One way to make an auto updating filter could be:
Make a spam@mydomain.com adress and sign it up to recieve all the offers and free gifts spam you can track down. Then block all e-mails recieved at this adress. The spammers will not know that this is a blocker adress and will spam it constantly and thus keep the filter updated.

It's nice being finnish

[jyristys]

I currently get one or two spams every day, so I don't bother with filtering. But if I someday deside to do it, it's very easy: I can just set up a really agressive filter and not worry about losing any important mail.

Here's why: An average spam filter won't catch any finnish (or any other non-english language) messages, and there's no such thing as finnish spam, so basically I'm all set. Well, maybe whitelisting @myworkplace.com would be a good idea.. Now, what I'd be really interested in would be a filter to weed out all messages which are boring, irrelevant to me, I've seen already or just plain stupid. I'd pay for that, actually.

Wake Up Call: All of this talk is good, but...

...when did the concept of a free market and capitalism give anyone the right to try and sell me something on any of my private communication channels without my permission in the first place??? This is way beyond filters and spam legislation; the issue is that it's time to re-examine what appropriate media of marketing/advertising are.

This topic gets my blood boiling more than anything else since, everyday when I get home, I trip over the 5 lbs. of junk-snail-mail that I get, and have to literally dig to see if there's anything important in there. In my mind, these sales messages are invading my home. I never explicitly gave ANY of these people permission to inundate me with sales messages every day. Postal mail is a personal communications medium. Junk-snail-mail is so bad we just take it for granted that we'll get 20 pieces of junk mail, three bills and, if we're lucky, a birthday card or two.

Tele-marketing: Good God, do I really need to go into detail. The telephone is a personal communication device. Who do you think you are invading my private time and space to try and sell me something?

Of course, the email problem is much worse. It is cheaper to send spam, easier to conceal the actual source of the message, and easier to clone and sell these marketing lists of illegally obtained pieces of PRIVATE information. And, since it is 'virtual' space we are talking about instead of physical space, it can follow you wherever you go.

Any legislation considered should NOT be spam-specific, but should be all-encompassing. Something defining personal communication devices and methods vs. commercial media. I constantly wonder where I can go for a moment's peace away from these messages ordering me around to buy this and that and consider this or that, polluting the essence of my very existence.

Re:Maybe Wake Up Call for "Filters"

www.bluebottle.com (due to become open-source)

Last Post!

[alpg]

To converse at the distance of the Indes by means of sympathetic contrivances
may be as natural to future times as to us is a literary correspondence.
-- Joseph Glanvill, 1661

- this post brought to you by the Automated Last Post Generator...