Slashdot Mirror
The Next Step In Spam Filtering
simeonbeta2 writes "Paul Graham (of "A Plan for Spam" fame) has a couple of new articles up. The first one details the success of Bayesian spam filters despite various circumvention techniques by spammers. While the success of Bayesian spam filtering is encouraging, it certainly hasn't seemed to stem the flow of spam in the last year or so.
His second article, however, suggests finally taking the anti-spam battle to the spammers!
Paul proposes that spam filtering packages automatically spider links contained in probable spam.
Not only will this increase the accuracy of filters (by running the retrieved content through the spam filter as well) but this would effectively be a massive distributed DOS attack on spammers.
This isn't a new idea nor is it without its problems but I think it's definitely an idea whose time has come."
We've seen first hand how the early Bayesian filters were circumvented. Remember the images instead of text, then the HTML Entities (like A instead of the letter 'A')? The second and third generations of the Bayesian filters had to account for them. I can just see how a DoS filter would be circumvented early: redirects and browser scripts.
If a filter spiders a spam, all the spammer needs to do is use a redirect or, for smart filters, a small page with javascript that the browser would understand, but would confuse the filter. So yes, the DoS would work at first, but the spammers would realize what was going on and adapt.
I'm sure meta refresh tags would work in the beginning, but it's simple enough to get a filter to look for those. Eventually, a good filter will have to mimic what the browser does very closely. Maybe it'd be better to actually use a browser that the user can't see.
A programmer is a machine for converting coffee into code.
That should be at least as important a figure. How many false positives does this Baysian filtering generate?
-Libertarian secular transhumanist
I think we're on the right track with fining people large amounts of money for being associated with the spam. If you not only go after the people who send the spam, but the people whose products are being advertised, then I think we'll get some results.
Congratulations, Slashdot editors, this is a dupe.
0 6&mode=thread&tid=111&tid=126. Anybody there?
And I'm a subscriber.
And I emailed you before it was posted saying it was a dupe of this story: http://slashdot.org/article.pl?sid=03/08/10/16192
John.
This is a half repeat. He's had those articles online for weeks, and the fighting-back one was already covered in Slashdot.
Then all I need to do to launch a DoS attack is send a piece of spam?
Feel free to read the comments from when this article was posted to slashdot in August.
Imagine a Joe-Job where an EvilDoer wants to knock someone else offline and sends out bogus spam with the victim's website.. Think before you jump.
Trolling is a art,
In that the better the spam filter, the better the spammer that gets through. Imagine now your spam is one of 3 or 4 instead of 1 of a hundred. Isn't that more valuable to the spammer thus an incentive to work harder at defeating the filters. It's a viscious circle methinks. Unfortunately, I think legislation and lawsuits will end up taking the profit out of spamming M
Having every recipient spider the links in the spam they get will not only make spamming inefficient, but web browsing as well. Enough with anti-spam cures that are worse than the disease -- the last almost killed SomethingAwful, and this might knock off the rest of the websites.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Is that if they use unique links, and track them, they can verify working email addresses easily.
Who the hell is making it worth while for these people to spam?! Maybe that's the question we should be coming up with a solution for.
ender-iii
What about the case where the spammer puts a uniquely identifier into the URL. Sure, he may not get a sale from the clickthrough, but he gets verification that your e-mail address is good.
Then, you get more spam.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
The idea I've had to kill spam is to have a mail system that generates a new e-mail address for each potential sender (i.e. mailing list, subscription, etc) that blocks anybody else using the e-mail except for the first user. A unique e-mail address would be generated each time a user wants to give out their e-mail address, and can block any given generated address at will. This will allow the ultimate control in who sends traffic to who, and solves the issue.
Erik Brandsberg
I have enough bandwith wasted by spam now, without spidering anything.
Submit the url's to /.
My current trick is subscribing the spammers to spam lists, if I get a valid address. Lost 2 addresses on a client's domain this month to spam. (one being our generic "contact us" address).
I use Macs to up my productivity, so up yours Microsoft!
Are these subject lines anti Bayesian filters? Just curious cause they've been getting weird lately..
x ep Pharmaceuticals including Valiumm, prozac, aAmbientforth mw
Xanax_-_No_Prescription_Needed_-_neonatal
Kuas
Enter to win free cigarettes pedant
Fight Aging and Skin Cancer Xpxtdp
Bigger Penis is Better betsy
I'm just curious why my spam lately seems to just have weird random junk in the subject line, I actually find it sort of amusing because some of the randomness reminds me of turetL}...yndrome.
The time has come for vigilante actions ?
Is that what you're saying ?
I have a better idea - if you feel your spam detection is secure enough to warrant DoS attacks, then get together with a bunch of other people who find the same results and organize a lobby to your ISP or providers even further upstream to block the e-mails at their end.
Ideally, this would lead to providers / relays halting probable spam before it traverses more than a few hops around the internet.
This -limits- the bandwidth usage by spam.
Compare that to vigilante actions, and you're just making the bandwidth usage worse - thus turning your personal discomfort due to a spam e-mail into a discomfort for many more users.
Yes, I know, some ISPs/relays live by providing for spammers, but in the end one of those ISPs won't help much if the next still blocks the e-mail.
Now, please poke holes into this idea, as I think it just might work, and it's a lot friendlier than stumping down to a level of carrying out DoS attacks.
of the 100 or so messages I get every day on my home account 90% or more are caught by the spam filter my hosting company has put in place. To me it is the best feature of the $14 month web site plan I don't really use. Recently the only spam that gets through are very, very short messages with links or, web-based images. They are very hard to filter, this might do it. It will be great to make them pay for each hit, it would be like going from a resonse rate of .01% to 20-50%, even fools who would check the spam site wouldn't be able to get to it.
The grass is only greener, if you don't take care of your own lawn.
I just read a great article in the Boston Globe Magazine from this weekend that detailed some efforts and dilemmas.
l es /2003/10/05/spambusters/
http://www.boston.com/news/globe/magazine/artic
How 'bout we make a law that puts a bounty on spam, and allows people to sell their spam to bounty hunters. Then you'd get a cottage industry of bounty hunters in it for just the thing that motivates spammers -- money. Sorry, technology just can't keep up with greedy people.
The article mentions that this could be turned against an innocent victim, which is the only reservation I'd have here. But when you really think about it, to effectively DDOS an innocent victim you would need to send out a ton of email and that effectively requires the same means as a DDOS itself, so why bother with the email instead of going for a DDOS directly? I suppose the Joe Job links could be to very large files. However, the crawler could be configured to only retrieve the first 50K or so, so I think this could be avoided.
but this would effectively be a massive distributed DOS attack on spammers
...)
Well, I never thought I'd say that one day, but when this filter comes out, I will turn into a spammer. I will send out kajillions of carefully crafted emails with lots of links to "http://enlarge.microsoft.com/", that will barely be rejected by the filter and will cause it to retrieve the content of my links to check it out, which in turn will look legit and make the email pass the filter. So I'll have achieved:
- kajillions of machine banging on M$'s machines (hell, why should I always do it myself
- kajillions of users pissed at M$ for sending them spam (the filter let it pas, no?)
**EVIL MANIACAL LAUGH**
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
What we, as system admins, should do is disable internet access for those lUsers that respond and buy the crap the spam hocks. Just kick them off the internet.
If you are a system admin, and find out one of your users has purashed something from a spamhouse, then disable their account. Period.
Second, we need to make this policy, and an industry wide standard, and frown down upon those who do not disable email access for the users that fall for spam.
Miror
Now I really like spam assassin but it is a damn bitch to get up and running. I have been getting a increasing amount of spam that passes through it because the message is short and only contains web links. It is time to take spam assissin to the next level and have it spider the links running it through something like dans guardian to further qualify the message as spam. That and adding a routine that checks the domain record age.
Got Code?
after the corepirate nazis 'fix' the email system, you'll only get spam from them.
after that, when folks need to catch up on stuff that matters, they'll be forced to look for sites that are not financially obligated to the aforementioned execrable, or face being held hostage/'protected, from information about stuff that really matters, like the truth, survival, etc.....
lookout bullow.
I am currently working on a add-in for postfix. And here is the README which offers an explantion.
WHY:
There are several ways to stop the spammers.
So, that leaves changing the receipant. Some try to hide the accounts by embedding human filterable, but not easily machine filterable, substrings. This helps on mailing lists, but does not pevent large portals from selling them (tired of being burned by a company that is too hot , or perhaps from yodeling?). Instead many end-users create accounts on hotmail, Yahoo, AOL etc. and use them as temporary email addresses. This solves the issue of the companies selling your account, but it is a bad choice for everybody. So, what is the real work-around until a good (3) comes?
Allow users to create temporary mail aliases that have time-based or count-based expirations, associated with a single login.
Design:
provide an ephemeral alias. That is
I prefer the "u" in honour as it seems to be missing these days.
How long before some nut on slashdot goes and kills or seriously injures a spammer?
Although, just driving by a spammers house and posting pictures and the address does some good.
But how far before it gets as crazy as the anti-abortion people who started logging the license plates of people who work at abortion clinics. That, combined with the shooting/killing of doctors, really cut down on doctors who perform abortions.
The animal rights people have started logging plates of lab employees at the UC Davis monkey lab. Although that freaks out employees, someone shooting an employee will cause employees to quit which will hurt tests on anti-HIV vaccines and the ilk.
riding round the world on an old motorcycle
We need to restrain spammers more effectively. Here is a possible cure. It may even work on Darl.
I used Paul's software called Spammunition, which is a plugin for Outlook, and it only worked for a while. The idea is that you tell the software which email you think is spam. Then, it takes that into account for testing if the next email is spam.
It starting getting too many false positives, and deleting my real email. I'm guessing its because I marked too my emails as being spams.
For example, I get an email where the body says "Check out my new website here" and it would have a link to the site. But I think since the text was so generic, it was throwing off the spam filter. I dont know, the point is I stopped using it because I'd rather get spams then have false positives.
My spam filter was working ok, but recently, I started reciving messages that had stuff like this at the end:
. asp
"If you don't want to hear from us again please follow the link below
http://www.onmarclass.com/host/emailremove
yh23mb3rmxuue vw2slgnzl4v 2srh8p3r6qsy12
pjc1342e9lz 7kmvq9162pshe dfkr9y2446mny
04jpwn1mfkt 0ex14b11a8
0l6sie3byxd8p 3td8n23ejny lo3vth1l1x6
x7m6ky1ys2 tz4q7f2uo9
nrr0wa3heg nw32a31fy29 jae7wa3tru3l wjfocy1upvzm c89vrr1tnig m004911bsqqg kqw3bg2ker
fqcjnf9dvkwf1 6zla9m1tz8yt owt5jr3ezg
bwsge13wq3 fyejef3je3pu mw1gp53g83bn53 m1xpox3qil7k2 l8upwg103f gg69uuu7et bc1uzdgsdo d3xxww1vh6951
Thanks, bye."
So, would those rubbish strings screw up my filter and make spam like this score less and get into my normal folder?
From this page:
;-)
Why have email as part of the system? Why not just have a blacklist of spam sites and encourage people to beat on them?
Several people have written suggesting a "DDoS@Home" project of this type. (Two correspondents who shall remain nameless simultaneously invented this catchy name.) But I think mail should remain in the system for two reasons: (a) it tells you which sites to pound, and when, and (b) if you included it as part of a filter, you could get more users.
On the other hand, if some group managed to launch a DDoS@Home project aimed at spammers, that would be enormously amusing. I'd sign up for it.
Sounds like a challenge. So who's going to be the first to post a URL to the SourceForge project page?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
The obvious problem with this is that it provides the senders with more information. Using URLs that are unique per recipient, it allows them to track who is likely using these filters, that the address is valid, what IP address is associated with the e-mail address, etc...
In particular, you may be telling the spammer that you are more likely to see their message if they work hard at getting it through this particular filter (say, by not using a URL, or slightly mangling the URL).
I really wouldn't want the spammers to be able to build up a database of what IP addresses I frequently use for reading my e-mail. I would implement the scanning on a central server, but many people do not have that option.
Sean
Malicious virus and trojan authors spend a lot of time and energy writing code that can infect host machines across the internet and wait for incoming instructions to launch a DDOS attack against a target.
And there is actually a proposal for people to voluntarily install this on their machines? And the trigger is simply an email?
Sick of yahoo.com today? Take them down -- just spam the net with junk mail that points their site. Have a vendetta against a guy that hosts his own email over a DSL line? No problem -- you won't even need to spam that many people before their auto-crawling DDOS boxes take his server down.
Yikes.
Once you follow the link more than once, and programatically, you are treading into the aea of DDoS. It could be that the authorities will come looking for you!
But the real key is that spammers are using distributed hosting techniques to host there web sites through unprotected windows machines with a trojan. So a million machines would be hitting another million machines, not a million hitting one server.
... enlarge you're penis by 2" and put hair on you're chest.
GURANTEED!!
It's just a game of one-up, and as long as we continue to use SMTP, the spammers will always have the upper hand. New authentication and verification methods need to not only be developed, but supported by the big ISPs.
How about we just STOP ACCEPTING HTML EMAIL? If we filter that virus ridden crap out, all that's left are nice text messages to filter. If you're hell-bent and determined to have html email, just filter on whether or not there is an image in the html that doesn't trace back to the same dns as the (always faked) domain in the sender address? That'll fix it good, and still allow emails from vendors who actually have a real web site and return address.
I know this is a bit basic, but it seems to work fine for my personal accounts.
I simply filter ever email address not in my manually added address book to a spam folder. Every person I email has an entry in my address book (automatically added).
Once in a great while, I'll go into my spam folder and check for mail that might have been filter by mistake and add any email addresses to my address book from those emails.
It is pretty difficult for a spammer to defeat this. You would have to customize spams for each person and would have to know who I email.
It has some drawbacks obviously, but all in all, I don't have any false negatives (my inbox never has spam) and I rarely see any mail filtered in my spam folder that was from people I want to talk to.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
I think the only option to fighting spam is changing email as a whole as specified at www.spamnazi.org.
If the plan is to DoS blacklisted sites, why not just DoS them anyway, and forget about the spidering? Sounds easier (plus you help defeating other spammers than the ones that bother you)
As a professional sender of UCE, I just want to tell you slashdotters to keep on playing with your spam filters. As long as you use spam filters on your e-mail, I can continue to reach my real intended targets, those non-slashdotters who do not know better and will buy my products or click through to my client's websites. Your filters really help cut down on the complaints to the Internet service providers I do business with, and as long as not too many complaints come in their marketing people assure me we can do business. Of course, I still waste your bandwidth and mailbox capacity, but you no longer complain to uce@ftc.gov, my access providers, or anyone else who might cause me problems. My yahoo and hotmail and other accounts for replies are lasting much longer before getting shut down because someone complained to these service providers. And my clients are even reporting that they can start mailing out 800 numbers like 1-800-901-3719 again and they will not have you damn geeks set up your modems to keep autodialing them, since you spend your own time and effort to filter the e-mail and only clueless users who might actually call will see the numbers.
Please don't bother your Congressmen or Senators proposing legislation that might not work 100%. Just keep on filtering the spam I send you, I know you would have never bought from me anyway. That you can filter legitimizes my business and my waste of your bandwidth.
P.S. To be sure of not getting a false positive, be sure to send all filtered mail to a special folder. Waste your storage space storing the mail until you manually go through every piece to be sure you didn't accidentally filter something important. Of course, this will take exactly as much effort as it would have to just check the e-mail when it first came in, not to mention the extra effort spent in setting up the filters and the extra space for storing your incoming spam folder, but what the heck. If you think that you can scan e-mail for false positives faster this way you are just fooling yourselves, if you are scanning faster e-mail that you expect to be all spam, you will miss the very false positives that you think you are looking for. And any fales positives that you do catch will have been delayed, perhaps days or more. You geeks enjoy wasting time this way, and I certainly appreciate it. It makes the work of all us spammers much easier. After all, slashdotters like Moderation abuser tell you that Bandwidth is cheap, disk is cheap, CPU is cheap , which is good, because at the rate spammers like me waste it the costs still adds up. I am gald I never pay for it, and I would just as well that everyone else takes the additude that all of the resources I waste are cheap than band together and pass laws against us. No one should care about spam because Bandwidth is cheap, disk is cheap, CPU is cheap and it is your job to filter it.
Think you've seen this before? Don't complain. Just go through lots more work to set up special filers on your computer so that you will not see it again. Crawl into your holes. You should have to do that. It's the true geek solution, and I would really like it if you did.
And don't pay any attention at all to the fact that those anoying telemarketers suddenly stopped calling you two days ago, not because you wasted time and money getting caller-id and setting up systems to filter them out, but rather because the do-not-call list became law. You know, the law they said wouldn't work. Heck, in my case, even those annoying calls where someone who hangs up as I answered, which used to happen several times a day, completely stopped. But just recite that laws can't work, the end user must have their bandwidth wasted and go to extra work to filter their spam themselves. How else can spammers count on reaching the sheep who don't filter their mail and will respond to our great offers?
No Karma is given if one is modded up "funny".
I am currently running POPFile 0.19.1 and it's classifying my two main e-mail accounts (approx 200 e-mails per day, 17.89% spam) at 98.92% accuracy. I'm pretty happy with that...
Help save the critically endangered Blue Iguana
- We'll, that's good, I guess we'd better give him the new hardware and T3 connection he wanted then, we may have even more traffic. Keep up the good monitoring work!
In Canada, we don't fancy things like socks
I am filtering spam at the MTA (sendmail) with RBL and open relay plus the usual credibility checks like valid sender domain etc + SpamAssassin set up with beysian filtering primed with 1,000+ spam and ham mails. The result? about one piece of spam per day in my mailbox, and something like 60+ spam e-mail in my spam-box. This stuff really works. I am amazed just how well.
Anyway, what did you think when you have designed the site that displays on a third of my monitor width leaving two thirds as an empty blank white space?
Yes, I do have 1280 horisontal resolution. And yes, I do know that there are people with worse resolution of their monitors, like 800.
But don't you know that you can use "%" when you control the width of table elements, filling the whole space of all monitors with actually usefull content of your web site?
Sorry if it looks offensive, but you gotta change just few bytes in your web templates in order to show that you respect people no matter what monitors they have. In other words, please don't punish people who have got good monitors.
Less is more !
Yes indeed, ladies and gents - i am going to share with you all, free of charge, the ultimate spam filtering method, guaranteed to catch 100% of all incoming spam mail.
All you have to do is redirect all incoming e-mail to the trashcan.
(standart disclaimer: this system will have about 10% false positives for most users)
Spammers' links generally contain lots of advertising. If our spam filters now automatically visit all webpages pointed to in spam mails, couldn't that in itself become a source of revenue? Just spam with as many URLs loaded up with as many pay-per-impression ads you can think of ... would this really help?
Cyde Weys Musings - Scrutinizing the inscrutable
Many of the mailservers spammers use are hacked I guess ... poor admins ... and now they'll also be DoS'ed! :)
Kill the spammers, then stick their heads on a pike as a warning to all the other spammers who are even thinking of this.
Do a few here, a few there, and suddenly people get smart enough to know that if they spam, their life expectancy goes waaaay down.
Personally I'd hire the guy who used to run Saddam's toture chamabers as the grand inquizitor, but hey, that's me.
What about phrases like "by clicking on this link you agree to let us call your house" kind of things (where the link containers a token for identification purposes). Having a filter auto-follow links could be really dangerous then.
The interesting thing is how the courts would end up viewing auto-clicks vs manual clicks. I'd bet that if a user set up a filter then it would be effectively view as the user doing the clicking...
Already been thought of.
I use some forms of that, and there are several services such as Spamgourmet who have automated parts of it.
It actually makes sorting spam more interesting because then you can then track individual spidered addresses and see what happens when you do certain things.
Gentoo Sucks
heh, automatically clicking links? lol. and a couple articles earlier there was one where spammers and crackers were working together. 2+2=....
How would this be any safer than allowing an email client to, for instance, download a "web bug" image embedded in a spam message's HTML content? If the filters simply follow whatever links are in the message, and the spammers include a link with a unique tracking ID (don't they already do this sometimes?), you'd be telling them your email address was "live" just as surely as if you sent them an unsubscribe request.
Ubi dubium, ibi libertas.
Great, what a way to DOS someone else's site.
Just spam everyone with your enemy's URL.
I will shed no tears over the death of a site which has its users spam the K5 userbase to vote up some crappy article.
What's wrong with the good old method of posting the link to Slashdot!?
What is the point wasting time and effort to try and circumvent anti-SPAM techniques?
Anybody with the initiative and brains to bother installing SPAM filters is NOT going to fall for the SPAM, filter or not. So if you're a SPAM'er, why the hell are you trying to get around their filters????
The people who are going to get sucked into that SPAM crap are the ones who don't bother to install even the most basic SPAM filters at all.
This is like the national Do-Not-Call list. The smart telemarketers won't call those on the list, legal or not, because you're wasting your time. Those are the people where you have almost zero chance of success.
If the spam filter spidered links, wouldn't that cause the hit count of the target page to go up? If so, what's to stop Spammy McSpammer from using his incredible hit count to convince people to buy ads on the site? We don't want to make these bastards more money.
Or, it could very well be that I'm misunderstanding the whole thing...
-troy
Much of the spam these days is being sent by trojans running on unsuspecting computers, and many of the web sites pointed to in spam are on systems whose owners have no idea their machines are being abused.
A better idea would be to work on speeding up the response time for mechanisms used to shut down spam, such as Spamcop and Vipul's Razor. The general idea is that we should automate and accelerate the chain of events starting with spam detection (manually or by spam filters,) followed by reporting of spam, then blockage of spam in as many places as possible as well as TOS termination of the spammer's accounts. The entire process from spam detection to widespread blockage and TOS termination should take no more than five minutes. Every time a spammer starts spewing crap to people's mailboxes, he should expect to have his connection cut immediately. If the spammer is a trojan running on an innocent's machine, it still gets cut, with the ISP telling the user they'll be reconnected after they fix their machine. Bayesian filtering is a good start for fast spam detection. We need more mechanisms in place to distribute that information and block spammers.
Meldroc, Waster of Electrons
This plan would have the effect of turning the email system into a DDoS amplifier. A simple email sent through some SMTP server somewhere saying "Enlarge your penis! http://12.34.56.78:1234" to multiple recipients would greatly increase an attacker's effective DoS bandwidth.
I have a free Yahoo mail account and the false positives are non-existent. Well, as soon as I put one of my relatives guilty of forwarding inspirational messages to me onto a white list, there weren't any. A couple of false negative slip through, but those are few and far between. I'm pretty diligent about clicking on the "inform Yahoo this is spam" link.
And what are you going to put into your Return-to configuration parameter of your email-reading program?
I've said it before, I'll repeat it again: all RFC822 header fields are useless to fight the spam as they are not protected by any strong encryption/signing/certifying technology.
Untill all (or at least a majority) of installed SMTP servers will use some PKI to identify senders - all anti-spam wars will be lost.
I'd rather force (and actually i already do) my private friends and business partners to sign their message with the key I certify, than rely on any RFC822 header fields.
PS. If only my bank would use it too to send me my monthly statements ...
Less is more !
Dunno if this has been mentioned before, but couldn't you use spamcop's "top 10 spammed URL's" data as the root of where to launch the DDOS attack?
Thus the DDOS@home merely goes to spamcop.net, grabs the top 10 list of most spammed URLs and goes to work on them. In order to get an innocent person DDoS'ed, it would take A LOT of work to get their victim listed in the top 10 most reported spams...
that way not a single email can initiate a large scale DDoS on someone.
"A unique e-mail address would be generated each time a user wants to give out their e-mail address, and can block any given generated address at will."
This does _not_ work if you own your own domain. The only thing that will happen is that you get each spam _multiple_ time, for each of the burned addresses. Yes, you can discontinue the addresses and have them automatically filtered out. However, all the _multiple spam traffic_ is still going to your host. It is like a self-inflicted DOS...
Believe, I suffer from this problem, getting each virus/spam 5-10 times is not fun, and now imagine getting it 10-20 times...
Best wishes,
Tels
filter all you want, but the spam won't go away. you can make laws against spam, but then many (most?) of the companies are out of the country. but almost ALL of them use credit cards, or maybe paypal to perform their transactions.
so how about if we make a law that fines credit card companies if they do business with a known spammer (a business who has been reported by many and verified to be spammers)? perhaps the spammers will start accepting check or cash, but i think their returns would drop so substantially (not being as convenient) that it would probably make it unprofitable to do business that way.
I want filtering software where I'm (read: easily) able to enter domains from which I'd like to recieve emails from, or even a specific address. Everything else is, by default, blocked.
Left 4 Dead Gaming Group - http://www.l4dgg.com
if someone wanted to ddos a site, those types of filters would make it a wonderful tool.
i.e. I wanted to ddos some competing website for something and so blasted out billions and billions (think Sagan) of emails and used peoples paranoia to my evil benefit.
No, I don't think that will work, the human portion he mentions would require someone always sitting around waiting which by then the spammer could be almost finished with his spam run..
I don't think so, it could be turned around so fast..
anime+manga together at last.. in real time.
There's some lively discussion on this topic here.
Prevent email address forgery. Publish SPF records for y
If someone kep dumping crap I didn't want on my lawn, and the state of the law was such that I couldn't stop them legally...
I'd take it to them.
A physical beat down.
Flash mods are an idea...
Blar.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
If I remember well lessons from a grand master: NEVER download an URL automatically. I can already imagine viagra commercials with links to the sites the sender wants to see down ...
--
Go debian!
Subscribers see stories early == MORE DUPES!
Because teh editurs wouldn't dare pull a duplicate story after already annoying their paying customers, now would they? (That'd just annoy the oblivious subscribers that had posted under teh dupe story!!!)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I set up a whitelist after getting hundreds of spam per day and trying every filter and this and that.
It was just ridiculous.
the filter points people to my captcha, which is here and they have to type in "I am not a spammer" and then the letters in the graphic.
The amazing part is, I have actually had spammers complete this process (by hand obviously) trying to get their email to me..
Anyway, the system I use is opensourced here if anyone wants to set one up.
anime+manga together at last.. in real time.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
This has been tried, and there are a lot of reasons why it doesn't work.
1) innocent websites could get hit (already pointed out)
2) I remember a time when auto-responders were popular. I remember a time when somebody with an auto-respender would mail somebody else with an auto-responder. Of course, this caused a bot-war between two innocent auto-responder bots.
I know this is a different technology, but in my experience, such bots can easily be baited into self-destructive patterns.
Don't give spammers and hax0rs any more weapons than they already have, please.
MakePassword.com Mp3 Blog
I agree their filters are pretty good, however I have had more then a few false positives.
You likely don't get any spam. You also likely don't get a lot of valid mail that you would have received, including a lot you wanted. Maybe you even miss some important things. Many businesses use automated e-mail for valid reasons - order confirmation and shipping information status, verification of account creation (including mailing you a password), rebate status confirmation and more. Even slashdot can do this to tell you if there is a response to your post or to inform you of moderation. These automated systems are not going to deal with a challange/response system. Heck, I know humans who wouldn't bother either, particularly if they are trying to do you a favor with their initial e-mail effort. Sure, in some cases you can put a trusted address in a challange system to let it pass, but sometimes you just don't know the address that the sender will be using. So a challange / response system will do most people more harm than good.
I'm an American. I love this country and the freedoms that we used to have.
Charge 1 penny per email. You pay 1 penny to your ISP, they pay 1 penny to their upstream provider, all the way through the system. At the other end, the email recepient gets 1 penny from their ISP.
When they respond to the email, they pay their ISP 1 penny. The penny flows back through the chain to you.
Under normal conditions, everyone's net will be near zero. People who send a lot more than they receive will pay more. If they don't pay, their providers will be left uncompensated.
A single spam sent to 100,000 recipients would now cost an extra $10,000 to send.
Most spam has forged headers, so you're probably sending out challenges to random people. Getting such random challenges is incredibly annoying, it basically doubles the volume of MY spam for YOUR benefit. I've played with the idea of answering all such challenges for spam mails, but I decided it would be too much work. I'm glad to hear that others are doing it, though.
thanks to the unwanted mail i get everyday i now have a penis thats longer than i am tall! it used to be so small i could fit my replica of J Lo's ring around it, but not anymore! now even printing a full size picture of it is easy thanks to the great deals i got on printer toner! well im off to my free las vegas vacation that i got just for punching the monkey!
(disclaimer: i am NOT the man from nantucket)
Everybody denies I am a genius--but nobody ever called me one!
I suppose you take the time to post this every time a spam filter story gets posted?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
When spammers send e-mail to your ISP, all of the users end up bearing the costs. Filtering out spam so that you don't see it does nothing to stem its flow. You weren't going to buy something from a spammer anyway and that's just one less anti-spam activist to lodge a complaint to the spammers ISPs. Spammers would love it if all of the people who complain about spam filtered it out instead.
I referred to this as being a "spam ostrich" in a previous post: You bury your head in the sand so that you can't see the spam and then pretend that it isn't there anymore.
but this would effectively be a massive distributed DOS attack on spammers.
versus
In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine.
Attacking a spammer's resources only increases the spammer's impetus to steal resources. The further you push them underground, the harder they are to uproot when you get a real tool.
StoneCypher is Full of BS
About the same time as Tom St Denis stops CANNING the MANHAM.
The spammers are *already* one step ahead. How are we going to DDoS an operation getting free bandwidth from 400,000 compromized machies as open proxies?
-to hell with GreenPeace, its now time for GreenWar!
-the only good spammer is a dead one.
"You're on my side and the dark side, like Lando Calrissian?" --Gimpy, Undergrads
I think most of us agree that spam is really an 'arms race' -- it's all about us building better spam traps faster than spammers can build better spam-senders that defeat our spam traps.
This idea is akin to introducing nukes to the arms race. Short term, it might give us an advantage over spam. But in the end, the Internet's worse off -- mail servers will be using significantly more bandwidth for no particular reason.
We ought to look at it as an arms race, and consider the 'good of the Internet' -- not just what will win the war (nuking the globe _will_ stop Saddam), but what is good for the Internet as a whole.
________________________________________________
suwain_2
All we need is 50 million people to sign up... the US government does seem to respond to that size population.
White lists. On the net every encounter (email/im) is a potentially hostile encounter. I was using Bluebottle.com (R.I.P.) for a few months (6) and it was the bomb.
I added whoever I wanted to my list or they authenticated themselves. At least if a spam did get through (not in my experience) it would have to have a valid return address and thats a step in the right direction.
Quack, quack.
Not that I'm advocating it, but if you're worried about bandwidth, we could always adopt the teergrube tactic. You don't actually download much of anything, you just open up TCP connections and keep them alive until their servers run out of process space.
Perhaps the way to combat span is to create a trusted mail server system. This requires mail clients to be modified, but it would work something like this: Senders of e-mail register with a username/password with the mail server. The sender sends an e-mail to the server, then the server encrypts and digitally signs it. Once it gets to the receiver, the fact that it properly decodes with the public key proves (and checking the digital signature) that it came from the trusted source, and won't be spam. It costs something like 1 penny per 1000 e-mails to use this service, so spammers would go bankrupt trying to use it. Volume users (mailing lists) would get a discount, but their accounts would be monitored for possible spamming ...
That asks for trouble: a lot of the URL's have unique identifiers, like http://spammersite.com/idiot?moron=asdjicn98niucdn 23d where the identifier is linked to your email address on the spam server. Retrieving the url is then like clicking a remove link: it confirms to the spammer that your address is live, so he works harder to get through your filters. You may get more spam just from using the spider strategy.
In the first article Paul uses the word;
"Spamminess".
Complete with double Ms.
I love it.
There is something wonderful in seeing a wrong-headed majority assailed by truth. ~John Kenneth Galbraith
I have an easier way. First everyone donates $1 to a fund called "Beat Spam". Then we find the identity of one hundred random spammers through their web urls. Then we hire (with the money) some goons to beat ther tar out of the spammers and publish their hospital x-rays on the web. We do this each month. It may not get rid of spam, but it would sure feel good. Oh and by the way, if you continue to spam and get randomly selected again, you get the special prize -- a one hour scuba lesson with a half hour of air.
Can I bring my six-foot steel prybar? Does he have a plan for preventing me from being convicted of murder?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
One of the nice thing about the Net is that we don't have a single authority that polices us.
Policing on our own is thus necessary. Done right, it can even be a boon.
However, any failure to be extremely fair and as gentle as possible will add credence to those who would call for a single authority.
I'd rather have spam than the FBI, or Regional Bureau of Concern, in my affairs.
Fight the spammers, but don't go overboard. Mistaking innocents for spammers would be overboard.
I've read through the comments at score 3, and I'm surprised that no one has mentioned using the spamd utility that comes with OpenBSD 3.3 and above. Basically, it hurts the spamming mail servers, while although normally some poor machine caught in the crossfire, does make me happy to use.
Basically, for every email I get, it gets put through a baysien filter (bmf in this case) and handled through procmail correctly. However, the email is then passed through another program which constructs and adds to a whitelist and blacklist of IP's. Basically its a 3 to 1 ratio. If a mail server sends me a legit message, followed by a spam, it is still considered a legit server until I recieve 3 more spams from it and no more legit email.
Once an email server is considered to be on my blacklist, my firewall redirects the next connection from that server to my teergrube, which emulates an deaf man which you have to keep repeating yourself to rather loudly and slowly. The use of my resources is minimal.
For a more detailed explanation, take a look at Annoying Spammers with pf and spamd.
Lemure, wtf! Don't you mean Lemur?
the filter points people to my captcha, which is here and they have to type in "I am not a spammer" and then the letters in the graphic.
The problem with your approach and with any approach that uses a CAPTCHA is that it provides no way for a visually impaired human being to first-contact you. If you use a CAPTCHA, you can't do business with the U.S. government.
Will I retire or break 10K?
Is this proposal legal? Probably not within any given country. Unless, of course, it were legalized by legislation.
;)
Consider that you're not clicking on the email to see what it is, or judge if it's spam, but coordinating with others to coerce the spammer into stopping once you know it is spam. As a rule, coercion within your nation is the right of your government only. If you want to uphold this, you should use the justice system to combat spam within your country.
When it is international spam, it is warranted that we can protect ourselves and each other. The strange state this leads to is that ideally the attacks would be organized so that you only attack foreigners. e.g. I could spider-back a Chinese e-mail from the U.S. and vice-versa.
Alternatively, guidance or validation from an international standards body, either political, like the U.N., or communications-oriented, like Intl. Telco. would be needed. But this is only thinly more legitimate, unless that is, you've voted for representatives to these groups
But this all makes sense only if the bugs can be ironed out, meaning NO COLLATERAL DAMAGE. If so, then I, for one, am all for it.
Legislation is working, albeit slowly.
What is required is that we start fining the companies being spamvertised.
This will force companies to assess who they deal with and make damn sure they understand that they are responsible for this just as much as the spammer (they are the ones that ultimately benefit and therefore pay the spammers).
This would only work however if you could prove a legitimate relationship exists between the spammer being sued and the company. With sufficient resources and investigation this is not as hard as it sounds.
If a company is joe-jobbed in someway, then the spamvertised company shouldn't be targeted unless you can catch the spammer as well and prove that a relationship exists between the two entities. You are then just working up chain, similarly to how cops catch street dealers and work their way up.
Regardless, there are many ways joe-jobbing could be resolved. This is just one idea.
What would eventually happen (through smart legislation) is that it will force spammers to use servers in other countries where it is legal.
This is where blacklists will become most effective then. Business and individuals in these countries will create a public outcry so large that legislation will have to change. And if legislation doesn't change, they still remain blacklisted.
This would stop a significant portion of spam.
The rest (abused networks, open relays) should be be made liable and culpable for spamming. A few well aimed lawsuits against companies with negligent system administrators or people running dedicated servers should get the point across. I have no sympathy for Joe Blow with Winbloze 95 who has no firewall software, no anti virus software, has no idea what a patch is, and expects the ISP to take care of it all for him. And they are just as liable.
We don't let people drive without a license, it should be the same principle with users on the Internet - because there are very real and sometimes drastic consequences of their actions (or lack thereof). It is already in the T's & C's of every AUP for every ISP that the end user is responsible for their actions under their account. It's time that ISPs and the courts *SERIOUSLY* enforce it!!
Replace the email system with a system that makes sending forged email non-trivial.
.cn, .kr or .br . These seem to be the big three right now. Unfortunately I'm using a web-based email solution so I can't implement any of this.
I may still wish to accept anonymous emails, but nothing that contains HTML for sure, and maybe only if I can cause the sender 1 cent of damage (maybe by depleting some anonymous fund - for most people paying 1 dollar as a deposit will last forever, spammers would have a dollar disappear in seconds as 100 people mark it as spam and a cent is claimed each time).
In the meantime, seriously, I'd be happy with bouncing each message containing HTML+links, links by IP addresses, or links to domains registered in
If only we could convince lawmakers to pass actual anti-spam laws, it would be a nice stop-gap solution.
Specifically, we need a way to go not after the anonymous spammer, but after the business being spammed.
What if anybody receiving a spamvertisement for a product could order it, pay with a credit card (up to $500), then present the spam, keep the product and not be required to pay the credit card company?
Just an example, I know that would not work in practice.
Think about it... When ever a new filtering technique becomes public it also falls into the hands of the spammers. This means that they can then begin to search for a way around it. With every new "solution" that is a published spammers find a way around it. By constantly trying to stop them _publicly_ all you are doing is making them stronger. Think antibiotics folks.
Believe me when I say that the anti-spam folk are too soft on these vermin. It should be legal to kill them but then all the spam would turn into targetted joe-jobs.
There are only two solutions to this problem: 1) create a private solution, 2) create a mailing system that costs money. (BTW, 2 has the other nice side-effect of stopping all the morons who keep forwarding jokes. Hell, think how well it would punish Outlook virus propogators!)
Any scheme that requires recipients to accept the inbound SMTP connection and receive the body of the spam will fail.
Bayesian filtering will always be a cat and mouse game. Anything that requires receipt of the email in the first place has already lost the battle because the bandwidth was consumed and the damage has been done. The spammer has successfully delivered the spam to a working email address and will keep the address for future spam.
Spammers will continue to flood the Internet with junk until ISPs everywhere get their act together and start giving them the boot immediately upon detection. No warnings; just immediate disconnection and enforcement of stiff penalties described in Terms of Service policies. THIS SHOULD APPLY TO OPEN SMTP RELAYS AS WELL.
The DOS concept is amusing, but if it ever worked, the spammers will simply shift to 1-800 numbers. Those of you with DNS servers, check to see how many bogus PTR reverse DNS lookups are being thrown at your DNS servers right now in an effort to DOS known spammers. You'll see scads of PTR requests all from the same IP either trying to reverse your own IPs or random sequences. I spoke with a twtelecom tech the other night trying to determine whether all the UDP packets supposedly from 66.98.152.55 were actually originating from there or not. 66.98.152.55 is a known spammer, so I figured it was a DOS against them from some llama that thought my DNS server would participate, but I wanted to be sure. Turned out it was a DOS. He muttered something about seeing 400 Mbits/sec inbound and 1 gigabit outbound to ev1.net, who I had tried to reach but wasn't interested in DOS attacks. This was a concerted attack that I had been observing going on for THREE WEEKS, and none of the target's upstreams had even noticed. I hardly think that a DOS attack based on spam email bodies (which the spammer will be able to throttle) will cause any sort of problem at all for them. If anything, all it will do is provide the spammer with a highly accurate database correlating types of filters to MX records.
Go for it though. Might as well. ISPs don't seem to give a shit about DOS attacks going on between spammers and antispammers nowadays.
Any chance we could convince the credit card companies to refuse service to spam-sites?
One very efficient way for a spammer to know that your account exists is using webbugs, often 1x1 images, which often are not so trivial to detect. some are obvious like
<img src="http://site.invalid/images/pic.pl?id=5">
would be trivial for a spammer to send a image of some kind and log your ID "5". While something like that could easily be detected by a spamfilter, the following could be just the same
<img src="http://site.invalid/images/5.jpg">
buy using a simple rewrite-rule in apache there could be a script behind logging your ID which in that example could be "5".
What i am going to say: If i automatically follow the links in spam and try to slashdot the files linked to in the spam, i will definitely hit some of these webbugs, veryfiying that the spam reached the recipient.
Lord "not Gargamel's Cat!" Azrael
How many times will we have to repeat that filtering IS NOT the solution!!!!
Filtering is only an automated way of pressing DELETE.
I'll have to say that I wish Graham would get back to work on his new Lisp dialect, Arc.
A lot of people are working on spam -- and as others have mentioned, the idea of spamming spammers isn't anything new -- but Arc is the best hope I see of bringing Lisp into the 21st century.
I know he said that it's best to have a good problem to work on when developing a new language, but the only thing he's talked about for the last two years has been general approaches to the spam problem that don't have anything to do with Arc, while the Arc website itself gathers cobwebs.
In the meantime, a lot of people who like the Arc ideas enough that they'd be willing to help with the implementation, or just implement them themselves, aren't doing so because maybe Graham *is* still working on it, but just not talking about it.
Graham has had some good ideas regarding spam, for which I'm grateful. I hate spam as much as the next guy, but I'm probably not the only one who would rather see his next article be about Arc at Three Years rather than more about spam.
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
This blog article was written in response to a discussion some coworkers and I were having:
This is great, and I applaud all these efforts, but spam will continue as long as it is profitable.
This will help you not see as much spam, but the only thing that will stop spam is to convince people to stop buying products from spammers' clients. And that means teaching everyone, from your neighbors to your grandparents, why it spam is bad, and that even if you really really want that product, you should buy it somewhere else.
Somebody, somewhere, is still buying stuff from these people.
Support the Great Spam Boycott!
I'm assuming that the spammers make money when you go to whatver they are advertising. So that means some people are opening spam e-mails. Why would they send spam out if nobody was opening it. People need to wise up on what e-mails they decide to look at.
do unto others as you would have them do unto you
Wouldn't it be possible to pull the 'important' part of the browser into a component which could just be used from the spam filter, so you didn't need the whole GUI? :-/
Karma: It's all a bunch of tree-huggin' hippy crap!
I know that spam is cheap to send out, so it doesn't take too many people to buy something to make it profitable. But does ANYONE know anybody who has ever purchased anything from a spam email?
How does he intend to show an unsubscribe link is actually 'working'? Most of the spam sites I've been to have unsubscribe links which say they are successful, and then the site keeps sending spam.
So why stop first arrival at an unsubscribe link? The fastest way to thwart the fight-back filter would be to include a fake unsubscribe link on your first page.
Karma: It's all a bunch of tree-huggin' hippy crap!
Check out this draft of a distributed server blocklist system. Spammers are increasingly using P2P technology to gain a one-up on the spam fighters; they use a distributed base from which to launch spam and DDoS attacks against popular blocklists such as monkeys.com, SPEWS, and relays.osirusoft.com.
The dhttp-bl system as described could use a secure and easily deployable P2P system to establish strong blacklists/blocklists that are not vulnerable to DDoS attacks.
This seems like an okay suggestion given that he's trying to work within the same infrastructure as current, every-day email.
But I don't think generating more web traffic is the solution. I can think of a lot of potential abuse for this system. And legal battles that may render it an unusable technique in the end.
The way to fix the problem is to fix the system, not work within it. It may take a few years, but ultimately, a new architecture could resolve these problems.
All I need to do to block 99% of my spam is to block the word Vicodin in the subject. What's up with that? I got 24 vicodin emails today, and no other spam. Weird. Anyway, thank God for Mozilla mail's filter.
The client would spider the spammer's site. Sure, the spammer could ban the spiders, but it would be hard to do, and it would be really hard for the spammer to claim DDOS in court.
As some who works for an ISP I can tell you that those custmer who PC have been taken over will call when there speed drops to nothing trust me.
I think it will work for a little while but spamers will will rebond by load balance the links over multi servers with smaller batch's of spam. Send out 1000 with this address and 1000 with that instead of 100,000 with just 1 address. Load balance and make it harder for the DoS to kill that Cable Modem / DSL connection. That will require alot more systems to work thought. This would require more and more work for lower and lower return but that is in the end the way to stop spam.
I am planning my own spam filter based on a bunch of criteria that I will enter and code myself based on what gets through. I will use combinations of different metrics and tune it along the way. If everyone makes their own, then the spammers have no fixed pattern to work around.
It will rank the "spam-ness" of messages, and the low ranking ones I just leave alone and they will eventually drop off the end of the queue by themselves. No need to manually delete them.
Sure, it won't be perfect, but nothing is these days WRT spam.
Table-ized A.I.
meldroc wrote:
Irrelevant. We don't care where the spam comes from, nor who sends it. We only care about reducing the profit margins of the beneficiaries of the spam -- the sales websites to which the spam tries to attract traffic.
I doubt there is as much of that as you claim, but it still doesn't matter, as you yourself point out in a different context:
And finally:
Maybe, but that is inherently difficult and will require worldwide coordination and widespread implementation and cooperation. Punishing spam beneficiary websites is relatively simple and can be implemented by anyone willing and able to do it. With the release of tools that are sure to be coming soon, the numbers of the able will increase vastly, leaving only willingness as a requirement.
Look at the bright side: there's always seppuku.
Robert The Coward wrote:
Methinks you mayhap miss the point. The point is not to smoke the servers or their connections; the point is to increase their traffic costs without increasing their sales. A million times "gentle" will do it just as effectively as a hundred times "massive." More effectively, actually, since the spamsite operators will have no recourse against anyone.
Look at the bright side: there's always seppuku.
Why do spammers make much uglier, misspelled, and weird garbage-filled mail in attempts to get around the filters? If what this guy says was true, they would not be doing that.
they also said that any link in a spam should be considered a setup until someone had reviewed it and ensured it was real.
Brad Mace wrote:
Whitelist. Whitelist. RTFA.
All together now... W h i t e l i s t .
Oops! ([R]eading [TFA] again myself), I see that Graham revised the article. Mea culpa.
Either way, though, whitelist or blacklist, I think that's Difficult (TM). I think that the way it will evolve will end up as a two-level Bayesian process of classification: one for the spam and the other for the websites.
Then, your Bayesian email filter will segregate new incoming spam in the normal manner, and of the URLs contained in the spam, your Bayesian FFB will download (and eventually throw away) only those sites that can reliably be identified as true spam beneficiary sites.
Malicious spam that seeks to kick off a DDoS attack against innocent websites would thus have little or no effect.
So instead of two bodies of text -- spam email and nonspam email -- there would be four, to include spam web pages and nonspam web pages. This is because the tokens that indicate "spamminess" or "nonspamminess" in spam email will not necessarily be the same ones that indicate the same things in web pages, nor will they likely have the same weights. When (not "if") FFB gets implemented in this manner and with reasonable integration so the average user doesn't have to jump through a lot of hoops, it will be easy and effective.
The FFB tool would download no more than a moderately obsessive/compulsive surfer would, and at a modest rate, looking exactly like a web browser in all respects. It will be the numbers of FFBs in service that will have the desired effect, not the download quantity or rate of any particular one.
Then someone will have to implement a tool that places phone calls to the 800 numbers in non-URL spams and sends snail mail to the physical addresses in the last category of stone age spam. Oh, and maybe Tomahawk missiles to Nigeria for the "419" spam.
Look at the bright side: there's always seppuku.
A lot of spam I get has the same link on it indeed:
Hotmail: your free e-mail ! Click here !You miss one thing: (Almost) nobody is forcing users to run software he developed.
You say: "Whoever was responsible for writing such anti-spam software would be the first person to get hit with a massive lawsuit the first time some spammer found a way to "aim" this sort of scheme at an innocent bystander.".
While you IMO should write "Fine, let developers develop such programs. As far as they do not force anybody to run in, then whoever was responsible for running such anti-spam software would be the first person to get hit with a massive lawsuit the first time some spammer found a way to "aim" this sort of scheme at an innocent bystander.".
Like with guns - not those who made them are (rightly) going to jail for injuries and deaths caused by them - users do! Same with any other tool, be it HW or SW.
Of course situation is slightly different when some SW developer is in monopoly position but that's off-topic here.
hany
Most of the spam I'm getting now seems to be using ActiveX for the 'unsubscribe' and reply links.
Even if I were prepared to use internet Exploder or Outleak (or even winders) there's no way I'd let joe spammer run any security menace like that on my box.
On a related note, see this article [Wired]. Ugh, those "spackers" (hacker-spammers) are a nasty crowd.
"Good news, everyone!"
Whoever was responsible for writing such anti-spam software would be the first person to get hit with a massive lawsuit the first time some spammer found a way to "aim" this sort of scheme at an innocent bystander.
And why would the lawsuit be directed at the person who developed the software - why would it not be aimed at the spammer? Does the law have a problem with me using automatic tools to preview emails that are sent to me - whether they be sent to me by friends, associates, spammers, or worse?
Take this into the postal world. Imagine that there are people that are employed to check out the legitimacy of any business that send us stuff through the post. Imagine also that an Evil Person (tm) decided to use the system to cause havoc at a legitimate business by sending us all falsified post from that business. Would the business in question have a case against us? Or even against the people we employ to check out the legitimacy of the business? I don't think so.
Not sure why scanning a blacklisted site is necessary.
/rescanned as well - this would prevent the theoretically-to-be-defunct ew9j.net from being a useless address forever.
Some spam in my inbox at the mo:
increase your gas mileage 27%+
http://www.ew9j.net
So if we know that ew9j.net is a spam site, we don't need to hammer it - ok, the site gets hammered but so does everyone else's bandwidth, and our own bandwidth is wasted. We already know from the fact that ew9j.net is mentioned (and that it is blacklisted) that this is spam.
A whitelist would prevent a DOS attack on a non-spammer. Anything not on the blacklist or whitelist would be scanned, then when the site owner realises what's happening he gets himself whitelisted and the hammering stops. Of course the obvious problem with this is that the whitelist then becomes a list of "approved" sites which has its own problems.
Alternatively the software could report back to a suitable (fileshared?) repository when it scans a site and finds it to be ok; periodic ageing out of entries in the resulting autogenerated whitelist would keep it relatively clean, and sites confirmed to be spam sources either by multiple bad scans or manual intervention can be moved onto the blacklist.
Blacklisted entries could be periodically aged out
With appropriate ageing out and rescanning of both black and white minstr^H^H^H^H^H^H^H -listed addresses, this could be made workable IMO.
As of yet, I've never managed to get it to sucessfully identify those as spam.
Short of installing something else, anyone got any suggestions? Configuration maybe?
Avantslash - View Slashdot cleanly on your mobile phone.
Rememer a while ago where there was some article that said that we could essentially read words as long as the first and last letters were in place and it didn't matter how scambled up the middle letter were? Suppose a spammer would employ this technique to send out spam. How well do you think filters would work against such a technique?
My real estate broker sending me some information on my new house.
According to the article, only web-sites on a manually updated blacklist would get hit.
However, that has lots of problems of its own. Is the blacklist reliable? And won't the owner of the blacklist be legaly responsible for the resulting DDOS attack on the spamvertized sites?
On the Bayesian filters. This is how I think you could create a nice start.
Open a lot of email acounts with easy guessable names on services like yahoo, hotmail etc.
Don't ever use them for real, just mention them all over the web and use them just enough to keep them alive. These mail boxes will be filled with spam before you know it. Since you don't use them at all they will be spam only. This is a nice reference to start your filter with.
Brendan
So an automatic D.O.S on spam email links...
sounds like a dumb idea, asking for someone to write a big spam with a link to someone they
want the masses to DOS for them.
Dumb kneejerk idea
We don't know which side struck first, but we know it was us who scourged the skies....
Geeze, you're all thinking backward.
You're all trying to "save yourselves from spam".
Well, I got bad news. The email system, as it is right now, is flawed. You can't fix something that can't be fixed.
All the ideas revolve around "filtering", "blacklisting", etc... Too bad, all those methods try to prevent a problem that ALREADY HAPPENED. CPU cycles churning and all other ideas are also crap since CPU power is getting cheaper every day (think clusters of cheap PCs to compute those values - the spammers already have the money to buy them, so forget it).
It's akin to saying "crap, someone's shooting at me, I'm bleeding bad! I need to think of something to stop the bleeding or I'll die."
In real life, you'd simply try to stop the shooter instead of "stopping the bleeding".
If any moron can send thousands of emails to anyone, then the method is flawed. I'm not even talking about people receiving the crap (and trying to "filter it"), the whole system is broken.
We need a new email protocol, period. Something with required identification or something, I really don't know. But we do need to think about why the system is broken right now to be sure not to make the same mistakes again (ex: an "approval" request? We'll be flooded with requests from spammers, and we'll have to filter those requests for approval and the legitimate requests will get lost in the approval spam, just as legitimate emails are currently lost in the sea of Spam).
All I know is we must prevent the spammers from creating thousands and thousands of fake email adresses, they have to be unable to fake their "from:" field, etc. The emails must be tracable so they can be easily held responsible for their actions.
The system is broken. Not because it doesn't work, but because its design is flawed and the people who thought about ut didn't expect that crap now known as SPAM.
When people do accept that the system is dead, and they finally devise a new system that can't be screwed with (false headers and such lame crap), then we'll be seeing the beginning of the new email era.
We'll all have to switch to the new system. It can't be done overnight, but if we can at least have the big players on our side (sendmail, Microsoft (for Outlook), Eudora, etc, then we have a fighting chance.
A chance for a new email era free of Spam.
No what I am saying is that spamers will adapt to this new treat and do smaller batch spread accross more machines show that there desired trafic can still get thought. More and more spamers are using Highjacked Cable Modem / DSL Connections so bandwidth become more of an issue when the desired people can't get thought the when hundred of ous do get thought. I think the idea has merit and will raise the bar again and reguire spamers do even more illeage thing to get the junk out make it easier to convect without alot of new and usless laws.
This coming on the heels of the announcement that spammers are using a distributed proxy network of owned machines? The only people to suffer will be the bandwidth providers...
What about people with both hearing problems and vision problems who use a Braille terminal?
I understand the approximation made here, but ideally, I wouldn't approach the question "prove that you're not a spammer" as "prove that you are an able-bodied human" but more as "prove that you have something to write that I would want to read," which is really what we all want.
Will I retire or break 10K?