The Next Step In Spam Filtering

simeonbeta2 writes "Paul Graham (of "A Plan for Spam" fame) has a couple of new articles up. The first one details the success of Bayesian spam filters despite various circumvention techniques by spammers. While the success of Bayesian spam filtering is encouraging, it certainly hasn't seemed to stem the flow of spam in the last year or so. His second article, however, suggests finally taking the anti-spam battle to the spammers! Paul proposes that spam filtering packages automatically spider links contained in probable spam. Not only will this increase the accuracy of filters (by running the retrieved content through the spam filter as well) but this would effectively be a massive distributed DOS attack on spammers. This isn't a new idea nor is it without its problems but I think it's definitely an idea whose time has come."

Are these subject lines example's of anti BF?

[t0qer]

Are these subject lines anti Bayesian filters? Just curious cause they've been getting weird lately..

Xanax_-_No_Prescription_Needed_-_neonatal
Kuasx ep Pharmaceuticals including Valiumm, prozac, aAmbientforth mw
Enter to win free cigarettes pedant
Fight Aging and Skin Cancer Xpxtdp
Bigger Penis is Better betsy

I'm just curious why my spam lately seems to just have weird random junk in the subject line, I actually find it sort of amusing because some of the randomness reminds me of turetL}...yndrome.

Section 508

[yerricde]

the filter points people to my captcha, which is here and they have to type in "I am not a spammer" and then the letters in the graphic.

The problem with your approach and with any approach that uses a CAPTCHA is that it provides no way for a visually impaired human being to first-contact you. If you use a CAPTCHA, you can't do business with the U.S. government.

Go after the source

[DigitalSpyder]

Legislation is working, albeit slowly.
What is required is that we start fining the companies being spamvertised.

This will force companies to assess who they deal with and make damn sure they understand that they are responsible for this just as much as the spammer (they are the ones that ultimately benefit and therefore pay the spammers).

This would only work however if you could prove a legitimate relationship exists between the spammer being sued and the company. With sufficient resources and investigation this is not as hard as it sounds.

If a company is joe-jobbed in someway, then the spamvertised company shouldn't be targeted unless you can catch the spammer as well and prove that a relationship exists between the two entities. You are then just working up chain, similarly to how cops catch street dealers and work their way up.

Regardless, there are many ways joe-jobbing could be resolved. This is just one idea.

What would eventually happen (through smart legislation) is that it will force spammers to use servers in other countries where it is legal.

This is where blacklists will become most effective then. Business and individuals in these countries will create a public outcry so large that legislation will have to change. And if legislation doesn't change, they still remain blacklisted.

This would stop a significant portion of spam.

The rest (abused networks, open relays) should be be made liable and culpable for spamming. A few well aimed lawsuits against companies with negligent system administrators or people running dedicated servers should get the point across. I have no sympathy for Joe Blow with Winbloze 95 who has no firewall software, no anti virus software, has no idea what a patch is, and expects the ISP to take care of it all for him. And they are just as liable.

We don't let people drive without a license, it should be the same principle with users on the Internet - because there are very real and sometimes drastic consequences of their actions (or lack thereof). It is already in the T's & C's of every AUP for every ISP that the end user is responsible for their actions under their account. It's time that ISPs and the courts *SERIOUSLY* enforce it!!

Long term solution + ramblings from tired mind

[lightspawn]

Replace the email system with a system that makes sending forged email non-trivial.

I may still wish to accept anonymous emails, but nothing that contains HTML for sure, and maybe only if I can cause the sender 1 cent of damage (maybe by depleting some anonymous fund - for most people paying 1 dollar as a deposit will last forever, spammers would have a dollar disappear in seconds as 100 people mark it as spam and a cent is claimed each time).

In the meantime, seriously, I'd be happy with bouncing each message containing HTML+links, links by IP addresses, or links to domains registered in .cn, .kr or .br . These seem to be the big three right now. Unfortunately I'm using a web-based email solution so I can't implement any of this.

If only we could convince lawmakers to pass actual anti-spam laws, it would be a nice stop-gap solution.

Specifically, we need a way to go not after the anonymous spammer, but after the business being spammed.

What if anybody receiving a spamvertisement for a product could order it, pay with a credit card (up to $500), then present the spam, keep the product and not be required to pay the credit card company?

Just an example, I know that would not work in practice.