Slashdot Mirror
MailBlocks sues Earthlink over Anti-Spam Tech
goombah99 writes "Mailblocks is suing Earthlink , claiming patents on Challenge-Response as a means of blocking spam. Slashdot recently discussed Earthlink's plans to implement a challenge-response email system. The next day mailblocks filed suit to defend their turf in the $118 million dollar anti-spam solutions market. MSNBC has a complete discussion."
Don't you just love software patents.
Europeans, contact your MEP now or else we will have this stupidity as well. The vote is next month and it looks most likely to give the go ahead on allowing software patents in Europe.
I have contacted my MEP and am trying to set up a personal meeting with him. Please do the same. There aren't many of us doing this kind of thing.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Besides, TMDA works, while Mailblocks doesn't. I grabbed a Mailblocks account while I could get a good username, and found that Mailblocks doesn't send out the challenge: it just discards my test messages as spam after 14 (?) days.
Comment removed based on user account deletion
Using state-of-the-art technology, an assemblage of talented, passionate and experienced individuals unlike slashdot's crew of moron editors
:)
Am I the only one to notice that...? Somehow I doubt that's in the original. Clever and amusing, however
Place sig here.
Challenge-Response is the fundamental security mechanism for TCP, the reliable communication protocol used for everything from the web to SMTP itself. During the three way handshake between client and server, each sends the other a randomly generated 32 bit number, and each refuses to communicate unless that number is successfully returned intact. If either the client or the server fakes its identity, it will fail to receive the required value -- one of four billion -- and will thus be unable to complete the handshake.
:-)
At least, that's the thinking. Perfect security this ain't, but please -- the spec for TCP came out in 1981. TCP's security technique entirely encapsulates challenge-response systems for SMTP -- the same mitigation of false addresses through an inability to respond, the same caching of credentials once a response is received (you can think of a "trusted address" as a permanently open socket, with all the management headaches that implies!), etc.
In short, this is nothing new. But of course, we already knew that
Yours Truly,
Dan "I Do Way Too Much Stuff With TCP" Kaminsky
DoxPara Research
http://www.doxpara.com
This is a very good point... Now my thinking could be wrong, but when MailBlocks "patented" their idea didn't they have to *prove* they were the first to come up with it/it didn't already exist? Thats how I thought patents worked anyways.
Well, according to MailBlocks: "...founded in July 2002 by Phil Goldman, a former Microsoft vice president and a founder of WebTV. "
And according to ASK (Active Spam Killer): "© 2001-2003 by Marco Paganini"
In other words, Earthlink is not infringing on any "ideas" any more than MailBlocks!!!
The ASK website: http://www.paganini.net/ask/index.html
Brits can find out who your MEP is by entering your postcode here. Set aside any personal feeling you may have on the EU, ranting against it is more like to do harm than good.
Some ideas point to raise.
Point out you are a IT professional and you are writing in that capacity as well as a voter.
US companies have been allowed to accumulate large number of software patents for 30 years by a poorly managed US patent system.
European Companies will be forced to pay royalties to US corporations, even ideas they invented, but patented in the US.
European Companies can be prevented from competing in some areas by patents, either by cost or denial of access to certain technology.
Patents prevents fair competition and promote monopolies.
An expansion of the patents system in the EU to cover computer software is extremely damaging to the European IT sector.
Point out that software is about maths and numbers, if you cannot patent algebra B or numbers so why software.
If possible point out a simple example of a patent in your particular field, even better if you can rightly claim it was invented in Europe but patented in the US.
When you email them you automatically add their address to your whitelist, or, you use a specially coded address as your envelope address. So their response will go directly to your inbox.
Unfortunately, Mailblocks does not cite their patent number and it is not listed under either of the principles' names.
Possible prior art:
Patent Filed December 1998....
US6546416: Method and system for selectively blocking delivery of bulk electronic mail.
Owned by Infoseek.
TMDA on Sourceforge, April 2001
Recent articles haven't mentions Digiportal or Mail Frontier, so it is possible that they have come to an agreement with Mailblocks.
Full article (dated 4/05/03) from the San Jose Mercury News.
The addresses that it talks about are disposable. Mailblocks.com calls them "trackers". For example - my email address at mailblocks.com is draino@mailblocks.com , but I can add and delete as many trackers as I want. For example a tracker would look like - draino+something1234@mailblocks.com . The only problem with this is that some places are unable to validate a "+" as a valid character for an email address. A great example is Ebay.. I have now lost access to my ebay account because it let me change my email address to that, but it won't let me login. It deciphers the "+" as a blank space..
In fact, I posted it to Usenet later in '96. I'm pretty sure that you can find lots of similar prior art in the google usenet archive.
John Mallery at the MIT AI Lab used the mechanism in 1992 for the political participation project.
There are probably even earlier uses. Lots of mailing lists were using the idea simply to validate addresses.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I'm using a challenge/response system from Qurb, Inc. that is smart enough to know that a message is to a mailing list and then it won't send out a challenge to the entire list. It will just sideline the message until you approve it and then it knows that anything to that mailing list is ok.
Yes. Patent's are agnostic about whether they were developed independently or not. The only thing that matters is who filed first.
Yes. That's why prior art can render a patent invalid.
I never finished implementing the system (I wrote my dissertation instead) but still have a midsized collection of emails about it.
Challenge/response has got to be "obvious to one versed in the art" -- I can think of at least three other people at Stanford who had the same idea at about the same time.
The post directly above yours expresses reservation about releasing software (i.e. "innovating") because of intellectual property concerns.
Far from enhancing software development, software patents and other IP tools are the things being utilized to inhibit it. Think about the recent history of IP litigation. Typical cases involve established entities with mature product lines suing upstarts with limited resources and new "innovations." It's a venal process intended to limit competition and there's no macroeconomic morality implicated.
It's fair to say that virtually every factual IP litigation scenario over the past 10 years supports this hypothesis.
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PT O2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r =4&f=G&l=50&co1=AND&d=ptxt&s1=5443036&OS=5443036&R S=5443036
T O2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r =1&f=G&l=50&co1=AND&d=ptxt&s1=5443036&OS=5443036&R S=5443036
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
The CR patent reminded me of silly patents like this.
Enjoy
SPAM solution made easy: 1 spammer, 5 cords of rope, 5 hourses, and fireworks. Be creative.
I suggest searching for "spam" on the USPTO site under current patents. It is depressing. Every conceivable 10 line Perl or awk hack that people have been using for filtering spam has more or less recently been patented.
For example, patent no 6,167,435, applied for in 1998, patents E-mail verification for mailing list subscriptions. I couldn't find the Mailblocks, which would at least have to reference 6,167,435 as prior art, which leads me to believe that it hasn't been published yet. Patent attorneys may be stupid or brazen enough to ignore decades of actual practice, but they wouldn't ignore another patent.
Mailblocks itself is an anachronism--a bubble-era startup with no realistic business proposition, financed, in this case, by the winnings from the founder's previous dotcom. Most likely, Microsoft will buy them out to own the technology for Hotmail. If not, they will keep suing people until somebody does buy them.
No, increased load. Instead of dealing with one spam, you receive the spam, send out a useless C/R email (creating load on a third server), and then get a bounce back again requiring time to deal with on your mail server.
.01% sales rate, he won't be making it at .001%
Then you delete all 142,675 copies of the spam, keeping it from being downloaded 142,675 times by your customers. Then spam decreases by 99.9% because spammers know that their messages don't get through. Use some foresight, man! Don't just look at the first 50 transactions. Consider the implications down the road. If spammers know that their messages will be blocked because of challenge/response mechanisms, then they will stop spamming that ISP.
Disk space is cheap compared to bandwidth and CPU load dealing with all of it.
There's a bandwidth and CPU cost for spam that is received. There's cost when it is received. There's cost when the customers retrieve it. There's cost when the e-mail clients retrieve images from the spammers' servers. ISPs like Earthlink recognize that keeping spam out of customers' mailboxes helps them attract more customers, keep the customers they have, and decreases their costs long-term due to the projected reduction in spam.
Either that or a spammer will set up an account at Yahoo, send an email to the targetted user, will receive the challenge, will respond, and then will spam the target using that "From" address--and maybe even pass the "unlocked" Yahoo address to other spams who will send in a ton of spam taking advantage of the fact that it is currently open. The target eventually logs in, downloads a ton of spam and nukes the newly-unlocked Yahoo address... but the spam still made it through.
Or, another possibility... Spammers may deduce commonly unlocked email addresses. Perhaps a full 1% of users have unlocked "Support@microsoft.com" and another 1% have unlocked "list@bigmailist.com." So instead of dealing with the challenge response, spammers will just send the same email to each user with a hundred different "commonly unlocked" email addresses. So you'll get spam with forged email addresses that are often unlocked, and instead of a spammer sending the user the email once he will attempt to send it 100 times.
I run the domain anti-spam.org. I understand how spammers work. I know that spam would be economically infeasible with either of the methods you describe above.
You ignore the fact that the receiving server could easily determine, by IP address, that the mail purporting to come from "support@microsoft.com" or "enlarge_your_penis@yahoo.com" was, instead, coming from an open relay in China. Drop that connection and the problem is gone.
So much worse than doubling spam (by sending a C/R response for each spam), you may have increased it by an order of magnitude by giving spammers an incentive to send the same spam multiple times from different forged addresses hoping that at least one is unlocked...
If you sharply increase the number of times that a spammer has to try to get a message through, you make spam unprofitable. While he may be making money with a
C/R is an unworkable solution to spam.
You are incorrect. It is, in fact, an elegant solution that does not require legislation or a fundamental change to the e-mail infrastructure of the Internet.
- MailBlocks is owned by Phil Goldman, the WebTV millionaire .com millionaire, and former employee of Apple, Generial Magic, and knows what patents are worth, so he did a patent search
6 5843.htm
- Phil Goldman is skilled in the art of computing, and so he _obvious_ly thought of using a Challenge/Response system for stopping Spam.
- He's a
- Found patent 6,199,102 (Granted March 2001), and bought it from Christopher Alan Cobb
- Found patent 6,112,227 (Granted August 2000), and bought the owner, Jeffrey Nelson Heiner, who signed over all rights
- Patents are "one of the largest expenses that we (at Mailblocks) have."
- MailBlocks has also sued Spam Arrest (case pending in WA), DigiPortal, and MailFrontier (resolutions unknown)
- MailBlocks actually started suing before releasing a product of their own.
- Goldman regularly responds to penis enlargement spams with his credit card number and a request to have them delivered in a plain brown paper wrapper
- So far, none of them have worked (somebody should tell him creation != enlargement)
Here is an interesting article: http://www.siliconvalley.com/mld/siliconvalley/55
Do daemons dream of electric sleep()?