Slashdot Mirror
NYTimes: Tangled Up in Spam
ezekieldas writes "Congratulations to the SpamAssassin developers and community! There's a mention of SA in the NYTMag as "one of the best tools for network administrators..." in an extensive article entitled
Tangled Up in Spam.
The article is quite substantial and the author, James Gleick, is more technically educated than what we've come to expect from the big press. Central to the story is the complexity in dealing with spam effectively in both technical and legal terms and the confusion it brings upon the neophyte. The conclusion drawn may be oversimplified but nonetheless pragmatic: 1) forged headers should be illegal 2) a specific header entry should identify the email as unsolicited."
now that it has been advertised in NYTmag, more people will become aware that spam is something they can actually stop. Can't wait for the new tricks spammers will use to disable anti-spam programs.
The conclusion drawn may be oversimplified but nonetheless pragmatic: 1) forged headers should be illegal 2) a specific header entry should identify the email as unsolicited
Why does everyone in the USA assume that everyone else in the world will somehow obey US law when it is made "illegal"?
now use SpamAssassin. Basically, a set of new headers is attached to the e-mail of the form X-Spam-foo, and if X-Spam-Score is 7.5 or greater (on a scale of 10 I believe), then X-Spam-Flag is yes. It's really useful for sorting out spam quickly, and I haven't gotten a false positive yet...It doesn't get all of the spam, but it gets the vast majority of it...
I've been using Cloudmark's SpamNet for the past few months and it's been working quite well.
The smart thing that SpamNet does, is that it relies on its users to determine if something is spam or not. If some email lands in your inbox and a few hundred SpamNet members have proclaimed it spam, it most likely is, and it gets immediatly filtered out. This has the net effect of a few user's needing to filter out a few message ocassionally, while the vast majority of messages are filtered out for all users. Although SpamAssassin seems quite good, it's still based upon filtering rules and spammers are constantly tweaking their emails to try to get around them. Since people are still better at determining what's spam and what's not, I find that its accuracy is generally better.
SpamNet isn't perfect though, as far as I know, it only works with Outlook on Windows and doesn't have a Unix, Linux or Mac version. It also sometimes filters out valid bulk mailings, but overall, I would definitely recommend it.
I'd say the best technical solution I've seen to breaking the SPAM system is the use of the internets distributed nature against the spammer.
Consider the following. We all access the internet from a fixed and typicaly small number of physical and virtual locations. Were we to map the internet as a whole, starting from any given location the map would look like an expanding cone.
In short, almost all of the traffic from a given point flows through a very small number of servers and routers at some point close to the source.
Since spam messages are sent by the millions and it is fairly easy to determine what messages are likely to BE spam why not set up a filtering system on the routers that determines the rough content of a message based on both its Spam Precentage and the number of identical messages sent.
I.E. If the router sees 500,000 messages of nearly identical content with a 89% spam rating it blocks all of them. If it sees 44 messages with a 23% spam content it lets them through.
Thoughts anyone? I'm sure this idea has gaping flaws in it... what would have to be chnaged for it to work? What are the critical flaws? Is this a viable model or am I missing something major?
Killfile(TGK)
No trees were killed in the creation of this post. However, many electrons were inconvenienced.
Ive tested something similar to this. Make a hotmail account with jibberish (rand(), 8 char isalnum() strings is what I used) for the name and see how long it takes to get spam. Out of ten tries my average was about 3 days.