Slashdot Mirror
Trustic Anti-Spam Service To Close
An anonymous reader writes "I recently received an email from the anti-spam service Trustic saying: "We have decided to close the Trustic service. We have determined that the system as it currently is designed will not achieve the level of accuracy that we require, and an inaccurate system is worse than no system."" We covered Trustic's anti-spam service, which billed itself as "a community-based block list that prevents untrusted servers from sending spam", as recently as a couple of weeks ago.
Say what you want about statistical anti-spam methods implemented server-side or locally, but they work. Either SpamAssassin or SpamPal do their job at above average level.
This appeared to be really one of the few spam handling i have seen in a long time with a lot of potential. Im hoping that it will comeback in a different form someday.
inaccurate system is worse than no system
I think any blocking is better than no blocking. The only 'bad' thing is false-positives. If you lower your blocking to prevernt false-positives, you still have a service that is desired even if you don't catch them all...
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
I recently received an email from Microsoft saying:
"We have decided to stop distributing Windows. We have determined that the system as it currently is designed will not achieve the level of reliability and security that we require, and an unreliable and insecure system is worse than a non-MS system like Linux or MacOSX."
Anyone with experience with this system and the Bayesian filtering know how they rate against each other? Can one conceivably combined the two?
EvilCON - Made Famous by
Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them. All too often they find ways.
Even Earthlink's vaunted SpamBlocker is not bullet proof, in spite of using it, I still get some spam that slips in through it.
This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.
These folks had a dream. They tried to make it work. When it became apparent that their solution was not viable, they had the honor to admit to it.
The hope of finding a solution to spam is expressed in the final line of their current site welcome screen:
We remain confident that the problem of spam is a solvable problem. Thank you for your help with this great experiment.
God bless them for trying.
I have been using an outfit that supplies a whitelisting service (port995.com). The idea being that the first time anyone sends you an email, it gets put into a queue and they get a response asking them to reply. Once they reply they get put on the whitelist, the message goes through and all future messages pass through without further messing.
As only a teeny tiny percentage of spammers supply genuine return addressess or read the responses the upshot in my case seems to be "new spray on no more spam"..
Inevitably some people don't read the first response or cannot be bothered to respond, but I guess those folks didn't want to contact me that badly anyway, so I don't want to read their messages that badly.
Marcus
I've been doing some research about the accuracy of different spam-blocking solutions, and Trustic had a huge false-positive rate. It misidentified 8% of my personal non-spam mail as spam, including mail from my Mom (it blocked our local cable ISP completely), my aunt (it blocked some AOL MX's), my insurance company (who the hell knows why), security warnings from CERT, and the NANOG mailing list.
It did have a good blocking rate---65%---but using a combination of other RBLs (the most optimal I found was DSBL + SpamHaus + Blitzed) it's possible to block nearly 75% of spam with only a .02% false positive rate (a single mailing list correspondent with an Argentinian ISP that has open relays was blocked).
It really is probably best that they laid this project to rest.
My Web Page
If they had only had more customers, I'm sure they could have held on longer.
If only they had found a quick, easy, inexpensive way to solicit hundreds of thousands of new customers using the Internet they could have stayed alive!
This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.
This is one of the reasons why we need to get to the root of the problem so we can neuter parents to preclude them from having these children.
Seriously, there's a problem with attitudes. What the hell happened in their childhood that promotes these people to ignore their conscience and annoy millions of people for the name of $? Once they're in their adulthood, no laws or technology will fix their behavior. Gotta fix it while its fresh in their impressionable minds.
"Last one in is a rotten goblin!" - Kepp
Alas, it could not even filter out their own mass email...
Spammers flooded the system with valid adresses to ruin the system. There was no way to combat this problem.
This is why we need vigilantism. Spammers are less likely to risk spamming if it puts their families' lives at risk! And no, I AM NOT KIDDING HERE.
If you outlaw spam, only outlaws will have spam
Worst. Sig. Ever.
While I did my part to contribute to the Trustic database, I wasn't real sure about their methods. I submitted spam messages as they requested, but I had to tell them which address to consider to be a spam gateway. The addresses above that are marked positive. I always picked the first address outside of rr.com, but for all I know the nearest Roadrunner smtp system is a spam forwarder and I should have flagged it as negative. Pooling lots of people's ignorance won't necessarily provide good information.
I don't understand why everyone is so worked up about SPAM filters. There is a simple way to handle SPAM - use whitelist.
I have been using a whitelist email for over a year and I can honestly say SPAM's don't bother me at all. It takes literally 4 to 5 seconds to look over 40 to 50 unapproved senders' message headers (enough for once a day). It is a LOT easier to sort out names you recognize from a sea of junk then the other way around. And when you get an email in the Inbox, you know it is somebody from you know and relevant to you.
Who needs a filter?
How about we set up a market for spammers, modeled after the Iowa Electronic Markets. Except instead of buying futures in political candidates, you buy futures in a spammer dying. If people stand to make millions from a certain spammer biting the dust then the market forces will apply themselves naturally.
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
He forgot to add that the rest of the letter read
"... so instead, we are offering you a true ONE-TIME OPPORTUNITY! You too can get a credit card, COMPLETELY FREE OF CHARGE! Call 1-800-TRUSTIC NOW!"
Statistical filters (like those that run at the user level, not side-wide) can very effectively filter spam for users without the fear of collateral damage that goes hand-in-hand with blocklists. Although locking IPs and netblocks definitely saves bandwidth, it can result in loss of legitimate mail.
Statistical filters such as Bayesian filters have the advantage of considering all mail, then filtering out spam based on content. In my testing on over 5000 emails over several months, I have only had 5 "false positives" (all non-English, BTW) and a total filter effectiveness of over 97%
If you have access to a shell account on your mail system, or you run your mail server you really must check out spamprobe and optionally the webfilt interface. spamprobe is a fast Bayesian mail filter that is invoked by procmail, and webfilt is an interface that aids reclassification. Both are free.
what we need is white list servers, where only those who are in your contacts list (Addressbook) can be let through to your inbox. A standard Comma Seperated Value (.cvs) document with just addresses at the least will do just fine leaving the server to do the filtering to /dev/null.
When a user sends out to a new address it's automatically added to the white.lst this can also work for domains...
Another idea... have special filtering options available so if you fill out a form on a webpage, you can add a special filter in the subject ie: subject:[special filter](in a subject.lst)so it'll get through.
even better, throw in gpg/pgp for the heck of it.
anyways, jsut my 0.02c
Maybe their solution WAS viable, but they would rather not be just a half-assed anti-spam service.
Maybe all the mediocre hardware manufacturers should give up too. "Who needs another low-cost motherboard?"
Or maybe Red Hat and Mandrake should just give up because Debian is obviously better?
Maybe Yahoo and AltaVista should shut down their seach engines because we already have Google.
It would be sad if this was a trend in today's economy. Companies just give up because they think they can't make money.....
Of course, it's not exactly a trivial install for your typical Windows/Outlook user, but the fetchmail/procmail/spamassassin/IMAP combo I have running now is hard to beat for a well oraganized email system.
www.clarke.ca
Tell me how I am going to look at the hundreds of senders a day and verify they are OK to let through? I can't. Therefore, something needs to be there to filter it. Are filters tons better? No, but they atleast keep some of the crap out.
I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
Trustic is a good service, The author is trying to save the world and his giving up when he feels he cannot.
I didn't think his service was all that bad, it just needs some shaping up.
1) Pos query was a bad idea, since all emails are trusted by default and were overriding negative trust on real spam which results in way too many false positives.
A good solution would to create multi trust levels with a no status default query.
Example:
I enable trustic query on my mail server, then i login, i see all the mail servers that tried emailing me, now i look at which ones spammed me based on complaints or un-expected email i receive and set a blocking bit with the reason I think i should block this mail server with proof of an email.
Then set a 3-day wait period on this mail server
to see if it becomes a legit repetitive offender and then, if it received a lot of attention, and the reason's are valid, the operators block it from ever coming through.
Right now their pretty weak but if they had a good attentive user base, they could poke mad holes in spam.
Greed is that thing that happened in their childhood that promotes these people to ignore their conscience? Please explain.
If you're gonna make an offtopic response to make a remote analogy, in order to push your opinion about music sharing, atleast make the analogy work right.
If you want to go offtopic, you picked the wrong guy to start a debate. Greed is what causes executives in the music industry to blame music sharing as the ill of their demise, instead of the profit making crime organizations that burn CDs and sell on the blackmarket that actually steal potential sales, as this article points out. Since the evil music sharers are much easier to serve court papers than a rogue black market businessman, they can point the finger at these students that wreck so much havoc, and save their jobs when the board of directors ask why their revenues have slumped in this wonderful economy, inlight of such a great outlook for their industry.
Representatives such as RIAA and MPAA like to use the term "steal" and "theft" to promote the scarlet letter labeling of "criminals" like the students they've prosecuted. They are masters of advertising afterall, they know how to make an impression on the less informed public.
"Last one in is a rotten goblin!" - Kepp
They had a vision...
(who here can post the rest of this classic?)
I am not fucking joking here.
Wow! That's the most interesting thing in the article, if true.
It's also a problem that will recur in any public cooperative effort. SETI@home has to essentially double their work because they know that it is possible that a large percentage of their results are crap. The problem is guaranteed to be worse if someone profits by poisoning.
The only answer I know of is validation. As I understand it, SETI@home ensures that any dataset is processed by at least two different nodes. I assume one problem with Trustic was that there's no time for validation. By the time you've validated that an address is evil, the parasite has moved on.
I'd love to hear what makes Trustic unfixable. It sounds like Trustic's "trust network" model (weighs contributions from trusted members more) didn't work, but the difference between not working and insurmountable is interesting.
Assembly is the reverse of disassembly.
And you idiots modded it to (Score:5, Insightful)! What a bunch of dumb fucks.
I'll take Mozilla's filter over that. By now, I have over 98% spam tagging rate, and I've only ever had 1 false positive, and it was an autorespond from a company (hardly counts). It has seen about 1500 spams or so.
What we need is a massive spam repository to train those Bayes filters.
-Looking for a job as a materials chemist or multivariat
For small server operators, getting falsely listed in a central blacklist can be a long and painful process. Inheriting a 'bad' IP address (one that was previously used for spamming, and is now recycled to a new owner) or getting banned as part of a range for the datacenter hosting you essentially blocks you permanently. Few people running these are concerned about false-positives, as everyone that tries to get themselves unlisted /must/ be a spammer. Perhaps this isn't true of the majority, but I've had horrible experiences with at least a minority.
Mod me down if you must, but if there's going to be a central blacklist, there should be checks and balances to its system.
The effect of this was that large mail servers (eg cable gateways, etc) which let through a very small percentage of spam but s detectable quantity, would get a host of negative recommendations and the server would become untrusted.
I don't think this was an unsolvable problem - it requires dealing with trust, and positive versus negative recommendations, and volume assessments. But it should be possible to come up with a function that would give meaningful responses even in an inherent;y untrustworthy system of recommendations, and disproportionately few positive recommendations.
For one thing an inappropriate listing of untrusted would provoke a host of positive recommendations.
And of course you could/should whitelist your Mum's cable based SMTP server anyway.
There are people who want to pick up the Trustic idea (or keep Trustic going if possible), and I wish them every success and will support any such efforts.
I think there is a place for cooperative based recommendations estabishing a trust network. It will just take time and thought to determine how to balance the positive and negative recommendations.
What I particularly like about Trustic is that I can make recommendations based on IP address alone - if a mail server tries to send email to clearwater@codeworks.gen.nz I KNOW it is sending spam - I could reject the recipient, and report the IP without incurring the time and bandwidth of accepting the mail message.
Recycle PCs and build a wireless community network www.hillsborough.org.nz
My experience with the Bayesian filtering based Spambayes is extremely good. It is very transparent so that you can see how it is classifying.
Unless you use Outlook, you would need to use the pop3proxy.py application.
Read to understand how it works. Too dense for me - but it does work!
Over the past few months I have been through a lot fighting anti-spam ip lists, primarily relays.osirusoft.com and spews. For all those saying that false-positives are rare or not that much harm compared to the need to stop spam, I think if you were in my shoes, you would feel differently.
The whole thing started when a spammer signed up for service at the hosting company that I have been with for several years. I have a server there with many of my clients websites on it (I am a web designer). So, the spammer purchased service at the same host as me, and happened to fall within the same IP block as I did. He was soon discovered and shut down, but the damage had already been done... spews and relays.osirusoft.com both put the ENTIRE ip block in their system.
Think about it this way: what can the host really do? The spammers come in, pay the setup fees, get one good night of spamming in, and then move on.
It took me several days to track down why some of my emails were not going through and who I had to contact to get removed from these lists. relays.osirusoft.com had some tools that is supposed to re-check, but it did no good... as far as I know, the thing doesn't even work.
In reading through these two websites, the self-righteous bastards that put together these lists really don't take any responsibility for their actions. They are quick to add entire IP blocks and take weeks to remove them even after the host has contacted them to inform them that the spammer has been shut down. These anti-spam lists apply fault to the host or to the isp implementing the list, but never to themselves, while at the same time preacing the wonders of the services they provide. If they don't want to take responsibility, then they should print more warnings about the mass amounts of false-positives that actually happen.
In addition to the anti-spam lists, the isps really need stop relying on these lists as the first defense to stopping spam. I had a chance to talk to one of them that a client of mine was going through and they told me that there was no way they could add me as a trusted ip because the anti-spam list comes in front of the exceptions list as a first line of defense. Even after we finally got removed from the anti-spam lists, many ISPs did not update their copies of the lists for weeks afterwards, causing more blocked emails even after we were off the list.
So, after hours and hours of frustration, fielding support calls, yelling, long distance phone calls, writing emails, reading page after page of self-righteous dribble, and trying desparately to explain that I just happened to have an IP address that was a coupled dozen numbers off of that of a spammer, as far as I am concerned, the more anti-spam lists that die, the better the place the world will be.
I hate spam. I cuss every fifth time I have to delete one (making that about 20 or 30 nasty words a day)... but the people who have really cost me the most time, money, and headaches are the anti-spam lists. Good riddance.
Interesting, see my earlier post about them.2 483
http://slashdot.org/comments.pl?sid=72548&cid=654
Wasn't too impressed, crazy that the O'Reilly people picked them of all folks, looked to me like the author had some connection with the service. Bad form.
I signed up for Trustic a couple of weeks ago, and fifteen minutes after configuring my mail server to use it, I had bounced a legitimate email. The email in question came through Sneakemail, a service I use to generate disposable email addresses for posting on websites, etc. Well, presumably somebody using Trustic had received SPAM through a Sneakemail address and promptly made a negative recommendation against Sneakemail, which blacklisted the server.
Trustic uses a "karma-like" system where the more recommendations you make, the more your recommendations are worth. I think the problem with that system is that it is very open to abuse and mistakes. And even though I loathe SPAM, I don't hate it enough to want to expose myself to losing legitimate email.
So very sadly I disabled Trustic as an RBL source on my mail server.
I'm sorry things didn't work out.
I don't really see where the "victim" part comes in. Your spammy ISP was blocked, as it should have been. They finally kicked off the spammer when SPEWS turned up the heat by listing a block of ip's. No more spammy - no more listy. Situation resolved. This is exactly how it's supposed to work.
What you fail to realize is that other customers of your ISP probably did not sit around and whine about how unfair blocklists are (probably because they never heard of them) - they called the ISP and complained. As luck would have it, these complaints were directed at the correct party - namely the one who is enabling and profiting from the spammer's activity. The ISP then decided they needed the legit customers' money more than the spam-money.
Also, you begin your rant with a completely unproven and frankly unbelievable premise. You imply that the spammer was "discovered and shut down" before the block was in effect. That's funny because 99.99999% of the time, it's the block that gets finally gets an ISP's attention and results in positive action. Show us the evidence file and your correspondence with your ISP to demonstrate that SPEWS blocked after the fact or, just as importantly, jumped the gun by immediately listing a large block of ip's. Guess what? You can't because the facts contradict your story. Did you even look at the evidence file? It's obvious that you didn't join the newsgroups...
All you really need to understand is that sys admins will continue to use SPEWS and other RBL's because they work. A busy sys admin desperately trying to keep up with spam traffic doesn't care about your opinion.
FYI - I have had my client's servers blocked by SPEWS in the past. The situation proceeded much as yours did. I considered it a success and was impressed that there was a tool which could actually change the behavior of ISP's for the better. The ISP in question (now one of the largest in the U.S.) converted from a spammer haven to a fairly responsible outfit - because they were FORCED TO BY SPEWS.
Rubbish. Spam is well-defined; unsolicited commercial email (or canned pork shoulder and ham, depending on the context). If you send me an email, that I did not ask for, and in the absence of any prior commercial relationship, in an attempt to solicit me, it is spam.