Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trustic Anti-Spam Service To Close

Posted by simoniker on from the people-can't-be-trusted? dept.

An anonymous reader writes "I recently received an email from the anti-spam service Trustic saying: "We have decided to close the Trustic service. We have determined that the system as it currently is designed will not achieve the level of accuracy that we require, and an inaccurate system is worse than no system."" We covered Trustic's anti-spam service, which billed itself as "a community-based block list that prevents untrusted servers from sending spam", as recently as a couple of weeks ago.

15 of 173 comments (clear)

  1. On blocking spam by Anonymous Coward · · Score: 5, Informative

    Say what you want about statistical anti-spam methods implemented server-side or locally, but they work. Either SpamAssassin or SpamPal do their job at above average level.

    1. Re:On blocking spam by OMEGA+Power · · Score: 5, Informative
      Either SpamAssassin or SpamPal do their job at above average level.

      Agreed, I've been using SpamAssassin and would say it averages about 2 missed spams per 1,000 messages and almost no flase positives (I don't have a exact number but I would estimate about 1 in 20,000)

    2. Re:On blocking spam by mumblestheclown · · Score: 5, Insightful
      Shortsighted, shortsighted, shortsighted.

      Statistical anti-spam methods work NOW because they are at the bleeding edge of the spam game. Only a few of us have bayesian filters going, and so the spammers haven't caught up.

      Meanwhile, when the spammers catch on, that is to say, once enough ISPs or individuals install bayesian filters that they notice that their spam isn't getting through, they'll compensate, just like they have with EVERY other anti-spam "technology" out there. In fact, I suspect it's already happening - my SpamBayes Outlook add-in is catching less now than ever before. It still does a good job, yet, but false positives are up as are uncaught spam--all this despite 100,000+ "training" spams (I get about 700-1000 spams a day). Why? Spammers catch on. Email looks more innocuous. There are more clever tricks.

      I suggest, therefore, that statistical methods are EXACTLY THE WRONG SOLUTION in the long run, therefore, because their net effect is that SPAM will look more like regular email, thus disrupting email service in the long run even more. Yes, it makes sense for an individual on the bleeding edge like you or me to run statistical stuff, but the ultimate answer to SPAM is:

      Law, litigation, jail, and accountability.

      that's it. it works in other countries, and it could work in yours and mine too. yes, there's that sticky problem that the internet is global, but fortunately there is no government in the world that is ideologically "pro spam." At best, there are ignorant governments that can be manipulated into stupid net tricks as tuvalu and turkmenistan were with their country suffixes, but that's a temporary thing.

      SENSIBLE REGULATION OF THE NET TODAY, PLEASE.

      not big brother, not slashdot-esque slippery-slope arguments of how once a government gets their hand on anything they can't stop, just reasonable law enforcement and law. if you show a stranger's 7 year old a picture of a man sucking off a donkey in almost any city in the world, you will go to jail. Yet on the internet this happens daily and nobody is punished OR EVEN SOUGHT.

  2. Bad Philosophy by FortKnox · · Score: 5, Insightful

    inaccurate system is worse than no system

    I think any blocking is better than no blocking. The only 'bad' thing is false-positives. If you lower your blocking to prevernt false-positives, you still have a service that is desired even if you don't catch them all...

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    1. Re:Bad Philosophy by Anonymous Coward · · Score: 5, Funny
      I think any blocking is better than no blocking.

      Then block all mail from odd-numbered IP addresses. A full half of all spam comes from those addresses!

      The only 'bad' thing is false-positives.

      Oops!

      If you lower your blocking to prevernt false-positives, you still have a service that is desired even if you don't catch them all...

      Ah, change it to only block prime-numbered IP addresses. Much fewer false-positives, and you are still blocking some spam.

      Seriously, I'm really impressed that Trustic had the ethics to back off when they determined that the system didn't work. I hope they'll be back with a better system.

    2. Re:Bad Philosophy by kmak · · Score: 5, Funny

      I agree.

      This reminds me of a story:
      A guy was speeding along many others along a highway. He was later pulled over by a policeman. The guy cracked, "But everyone was speeding, why did you get me?" The police then asked, "Have you ever gone fishing?" "Sure.." "Have you ever caught them all?"

      --

      I'm not the devil.. just his advocate.
  3. One can dream! by borgdows · · Score: 5, Funny

    I recently received an email from Microsoft saying:
    "We have decided to stop distributing Windows. We have determined that the system as it currently is designed will not achieve the level of reliability and security that we require, and an unreliable and insecure system is worse than a non-MS system like Linux or MacOSX."

  4. Why technology alone is not the answer by Rathian · · Score: 5, Insightful

    Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them. All too often they find ways.

    Even Earthlink's vaunted SpamBlocker is not bullet proof, in spite of using it, I still get some spam that slips in through it.

    This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.

  5. Re:Whitlisting alternative by grogglefroth · · Score: 5, Insightful

    The problem wtih this solution is that legitimate mail from new contacts never reaches you - because it was a machine that sent it in the first place. Bill notifications and software registration keys etc would all fall victim to this, as you will often not know ahead of time what to whitelist. The greylisting approach seems *safer* in this regard than the challenge/response systems like port995.

    --
    Good, Fast, Cheap - Pick any two. - RFC 1925
  6. It really wasn't very accurate by sgifford · · Score: 5, Informative

    I've been doing some research about the accuracy of different spam-blocking solutions, and Trustic had a huge false-positive rate. It misidentified 8% of my personal non-spam mail as spam, including mail from my Mom (it blocked our local cable ISP completely), my aunt (it blocked some AOL MX's), my insurance company (who the hell knows why), security warnings from CERT, and the NANOG mailing list.

    It did have a good blocking rate---65%---but using a combination of other RBLs (the most optimal I found was DSBL + SpamHaus + Blitzed) it's possible to block nearly 75% of spam with only a .02% false positive rate (a single mailing list correspondent with an Argentinian ISP that has open relays was blocked).

    It really is probably best that they laid this project to rest.

    --
    My Web Page
    1. Re:It really wasn't very accurate by Hayzeus · · Score: 5, Interesting
      65%? Seems low compared to something that scans content, like spamassassin. I get around 90% blocked, with a relatively low (maybe 1% false positive after a week of tweaking on and off).

      The biggest problem spam assassin has as far as false positives appears to occur when people attach text from a commercial web page rather than a URL pointer. This invariably causes the email to get identified as spam, particularly if the page text contains any references to commerce.

      --

      Roving Web-Teleoperated Robot
  7. Just needed more customers... by Anonymous Coward · · Score: 5, Funny

    If they had only had more customers, I'm sure they could have held on longer.

    If only they had found a quick, easy, inexpensive way to solicit hundreds of thousands of new customers using the Internet they could have stayed alive!

  8. Ironic by Root+Down · · Score: 5, Funny

    Alas, it could not even filter out their own mass email...

  9. Can be a server operators nightmare... by Sim9 · · Score: 5, Insightful

    For small server operators, getting falsely listed in a central blacklist can be a long and painful process. Inheriting a 'bad' IP address (one that was previously used for spamming, and is now recycled to a new owner) or getting banned as part of a range for the datacenter hosting you essentially blocks you permanently. Few people running these are concerned about false-positives, as everyone that tries to get themselves unlisted /must/ be a spammer. Perhaps this isn't true of the majority, but I've had horrible experiences with at least a minority.

    Mod me down if you must, but if there's going to be a central blacklist, there should be checks and balances to its system.

  10. Innocent victim of anti-spam systems by Cogneato · · Score: 5, Interesting

    Over the past few months I have been through a lot fighting anti-spam ip lists, primarily relays.osirusoft.com and spews. For all those saying that false-positives are rare or not that much harm compared to the need to stop spam, I think if you were in my shoes, you would feel differently.

    The whole thing started when a spammer signed up for service at the hosting company that I have been with for several years. I have a server there with many of my clients websites on it (I am a web designer). So, the spammer purchased service at the same host as me, and happened to fall within the same IP block as I did. He was soon discovered and shut down, but the damage had already been done... spews and relays.osirusoft.com both put the ENTIRE ip block in their system.

    Think about it this way: what can the host really do? The spammers come in, pay the setup fees, get one good night of spamming in, and then move on.

    It took me several days to track down why some of my emails were not going through and who I had to contact to get removed from these lists. relays.osirusoft.com had some tools that is supposed to re-check, but it did no good... as far as I know, the thing doesn't even work.

    In reading through these two websites, the self-righteous bastards that put together these lists really don't take any responsibility for their actions. They are quick to add entire IP blocks and take weeks to remove them even after the host has contacted them to inform them that the spammer has been shut down. These anti-spam lists apply fault to the host or to the isp implementing the list, but never to themselves, while at the same time preacing the wonders of the services they provide. If they don't want to take responsibility, then they should print more warnings about the mass amounts of false-positives that actually happen.

    In addition to the anti-spam lists, the isps really need stop relying on these lists as the first defense to stopping spam. I had a chance to talk to one of them that a client of mine was going through and they told me that there was no way they could add me as a trusted ip because the anti-spam list comes in front of the exceptions list as a first line of defense. Even after we finally got removed from the anti-spam lists, many ISPs did not update their copies of the lists for weeks afterwards, causing more blocked emails even after we were off the list.

    So, after hours and hours of frustration, fielding support calls, yelling, long distance phone calls, writing emails, reading page after page of self-righteous dribble, and trying desparately to explain that I just happened to have an IP address that was a coupled dozen numbers off of that of a spammer, as far as I am concerned, the more anti-spam lists that die, the better the place the world will be.

    I hate spam. I cuss every fifth time I have to delete one (making that about 20 or 30 nasty words a day)... but the people who have really cost me the most time, money, and headaches are the anti-spam lists. Good riddance.