Trustic Anti-Spam Service To Close

An anonymous reader writes "I recently received an email from the anti-spam service Trustic saying: "We have decided to close the Trustic service. We have determined that the system as it currently is designed will not achieve the level of accuracy that we require, and an inaccurate system is worse than no system."" We covered Trustic's anti-spam service, which billed itself as "a community-based block list that prevents untrusted servers from sending spam", as recently as a couple of weeks ago.

This is really too bad.

[MrLint]

This appeared to be really one of the few spam handling i have seen in a long time with a lot of potential. Im hoping that it will comeback in a different form someday.

It takes Balls to admit that you're wrong.

[_Sambo]

These folks had a dream. They tried to make it work. When it became apparent that their solution was not viable, they had the honor to admit to it.

The hope of finding a solution to spam is expressed in the final line of their current site welcome screen:
We remain confident that the problem of spam is a solvable problem. Thank you for your help with this great experiment.

God bless them for trying.

Whitlisting alternative

[Marcus+Green]

I have been using an outfit that supplies a whitelisting service (port995.com). The idea being that the first time anyone sends you an email, it gets put into a queue and they get a response asking them to reply. Once they reply they get put on the whitelist, the message goes through and all future messages pass through without further messing.

As only a teeny tiny percentage of spammers supply genuine return addressess or read the responses the upshot in my case seems to be "new spray on no more spam"..

Inevitably some people don't read the first response or cannot be bothered to respond, but I guess those folks didn't want to contact me that badly anyway, so I don't want to read their messages that badly.

Marcus

Re:Whitlisting alternative

[trala]

Now if they would just develop something like this for telemarketing calls...

"Hello. You have reached my house automated answering filter service. Please leave your name and number and a brief message and I will call you back if I feel like it. Once I call you then you will be able to freely call me from this number at any time."

Why technology nor the law is the answer

[mobileskimo]

This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.

This is one of the reasons why we need to get to the root of the problem so we can neuter parents to preclude them from having these children.

Seriously, there's a problem with attitudes. What the hell happened in their childhood that promotes these people to ignore their conscience and annoy millions of people for the name of $? Once they're in their adulthood, no laws or technology will fix their behavior. Gotta fix it while its fresh in their impressionable minds.

Re:It really wasn't very accurate

[Hayzeus]

65%? Seems low compared to something that scans content, like spamassassin. I get around 90% blocked, with a relatively low (maybe 1% false positive after a week of tweaking on and off).

The biggest problem spam assassin has as far as false positives appears to occur when people attach text from a commercial web page rather than a URL pointer. This invariably causes the email to get identified as spam, particularly if the page text contains any references to commerce.

SpamAssassin

[aclarke]

Agreed. SpamAssassin with the Bayes filtering turned on (and properly trained) is a wonderful thing. It is amazingly accurate and the other good thing is that it's not obnoxiously intrusive like IP blacklists.

Of course, it's not exactly a trivial install for your typical Windows/Outlook user, but the fetchmail/procmail/spamassassin/IMAP combo I have running now is hard to beat for a well oraganized email system.

Re:Bad Philosophy

[sjames]

Change ISPs

If only it were all that simple. Some blacklists make an honest effort, others are far too broad. In cases I have seen, people have found themselves on a blacklist because:

1. A long time ago, in a galaxy far away, a spammer used the block, but got terminated the same day
2. ISP has strict no spam policy, but has had several spammers come onboard (and get quickly terminated), they're more than willing, and quite strict, but it's like playing whack-a-mole.
3. A dialup bank exists in the same class C, or did at one time
4. Someone not connected with the company once exploited a hole in a colo machine on the same class C and got some spam out. The hole is closed or the customer is gone, but the blacklist remains.
5. A server in the same class C runs a mailing list. Some dummy signed up for it, confirmed it, then forgot all about it. Sure enough, the first mail that came out of it in a month was reported as spam.
6. The list is one of the new breed of shakedowns and someone on the class C didn't choose to pay the 'consulting fee' to 'verify that the relay is closed' after the 'spam' was reported.
7. The list maintainer is pissed off at someone in the same class C for completely unrelated reasons

I WISH that blacklists were all well run and free of politics and other non-spam issues with good criteria for inclusion, but many simply aren't.

Re:Why technology alone is not the answer

[letxa2000]

Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them... This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.

Spam filtering has always been a catch-up game in the past. However, with Bayesian filtering it seems that anti-spammers have deployed a solution proactively rather than reacting to the spammers. And, as of yet, I have yet to see any spam that has implemented any kind of countermeasures to get around Bayesian, and I'm skeptical they will be able to get around it. The few spams that get through to me get through because they happened to to use words very similar to my real email or because it's in a foreign language. No spams have gotten through because the spammer made an effort to get around Bayesian filtering.

Nothing is 100% successful at blocking spam, and I think if 100% is the definition of a "silver bullet" we'll NEVER find it--neither with technology or through legislation. But with current Bayesian filtering catching upwards of 99.5% of spam, that's close enough to a silver bullet for me.

I would personally approve of legislation that makes it clear that theft of services, including the unacceptable use of email services, is actionable. But I don't think legislation that specifically targets spam is going to be useful or enforced, and will probably raise more questions than it answers.

Re:Why technology alone is not the answer

[iabervon]

Filtering technology alone is not the answer. But an authentication scheme where the sender demonstrates the ability to use the From address would eliminate almost all of the spam that forges that information and make filtering or litigating the rest easy.

The issue is that, while weak recipient authentication was built into SMTP, corresponding sender authentication was not; this means that everyone is always anonymous (except for name tags they write themselves), there is no accountability, and people behave badly. Trying to apply technology at the level of behavior is obviously going to be ineffective.

Solution: add a "XM" DNS record type (MX backward), which specifies the hosts which are expected to send emails with the given return address. If a sending machine doesn't have the right XM, MX, or A record, flag the message as likely spam (if it's not spam, the sender should get the DNS updated or their mail routed better).

Re:On blocking spam

[the-build-chicken]

SENSIBLE REGULATION OF THE NET TODAY, PLEASE.

I remember reading once that responsibility is the flip side of freedom...when you ask someone to take care of something (e.g. regulation), you give up the responsibility, and therefor have no right to complain about the loss of freedom. Because we are only free to the level that we are willing to take personal repsonsibility for our lives and the society we live in.

Innocent victim of anti-spam systems

[Cogneato]

Over the past few months I have been through a lot fighting anti-spam ip lists, primarily relays.osirusoft.com and spews. For all those saying that false-positives are rare or not that much harm compared to the need to stop spam, I think if you were in my shoes, you would feel differently.

The whole thing started when a spammer signed up for service at the hosting company that I have been with for several years. I have a server there with many of my clients websites on it (I am a web designer). So, the spammer purchased service at the same host as me, and happened to fall within the same IP block as I did. He was soon discovered and shut down, but the damage had already been done... spews and relays.osirusoft.com both put the ENTIRE ip block in their system.

Think about it this way: what can the host really do? The spammers come in, pay the setup fees, get one good night of spamming in, and then move on.

It took me several days to track down why some of my emails were not going through and who I had to contact to get removed from these lists. relays.osirusoft.com had some tools that is supposed to re-check, but it did no good... as far as I know, the thing doesn't even work.

In reading through these two websites, the self-righteous bastards that put together these lists really don't take any responsibility for their actions. They are quick to add entire IP blocks and take weeks to remove them even after the host has contacted them to inform them that the spammer has been shut down. These anti-spam lists apply fault to the host or to the isp implementing the list, but never to themselves, while at the same time preacing the wonders of the services they provide. If they don't want to take responsibility, then they should print more warnings about the mass amounts of false-positives that actually happen.

In addition to the anti-spam lists, the isps really need stop relying on these lists as the first defense to stopping spam. I had a chance to talk to one of them that a client of mine was going through and they told me that there was no way they could add me as a trusted ip because the anti-spam list comes in front of the exceptions list as a first line of defense. Even after we finally got removed from the anti-spam lists, many ISPs did not update their copies of the lists for weeks afterwards, causing more blocked emails even after we were off the list.

So, after hours and hours of frustration, fielding support calls, yelling, long distance phone calls, writing emails, reading page after page of self-righteous dribble, and trying desparately to explain that I just happened to have an IP address that was a coupled dozen numbers off of that of a spammer, as far as I am concerned, the more anti-spam lists that die, the better the place the world will be.

I hate spam. I cuss every fifth time I have to delete one (making that about 20 or 30 nasty words a day)... but the people who have really cost me the most time, money, and headaches are the anti-spam lists. Good riddance.