Analyzing AT&T's Anti-Anti-Spam Patent

An anonymous reader writes "Dan Gillmor is reporting in his eJournal taken, in turn, from Gregory Aharonian: AT&T has apparently been awarded a patent for circumventing certain spam filters, thereby providing slimeball spammers with yet a bigger hammer!" The patent covers "A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.)", although it's unclear exactly what AT&T want it for.

Re:PRECISELY!

[fishbowl]

Looking at my inbox, they appear to be mainly in Korea. I don't think AT&T has much litigation influence there, but I could be wrong.

Re:Hey! Shortsighted people!

[GammaTau]

Has it occured to anyone that by patenting an anti-anti-spam technique, AT&T can legally forbid spammers from using that technique?'

If the technique is well-known and utilized prior the patent as well as extensively discussed in public forums (like nearly all ways of bypassing the spam filters are), then the patent can be nullified. In other words:

• If the spammers have been using this patented method, the patent is void
• If the spammers haven't been using this patented method, the patent has very little effect on spam

Re:Just going from the summary...

[Corydon76]

The DMCA only covers protection mechanisms designed to protect access to a copyrighted work, not just any protection mechanism. The Computer Fraud and Abuse Act is probably more applicable to spam, although you'd still need to get a judge to agree with you on that one.

Read the patent itself.

[zen+parse]

I suggest reading the patent itself.

From the final paragraph, before the appendices:

Thus, Anti-spam techniques based on the various forms of duplicate detection are useful only as long as spammers don't use the list-splitting countercountermeasure, because the LS-spammer has a powerful advantage in the arms race. I believe the anti-spam research and development communities should focus attention instead on the techniques that are impervious to list Splitting, such as cryptographic techniques and the email channels approach.

Keeping information secret about methods that could let spammers avoid filters would not prevent someone else from discovering the same techniques, if they haven't already.

Having information publicly about how to circumvent a technology at worst will let these techniques be used slightly earlier than they would've otherwise.
At best, it allows some people to start thinking about how to make counter-counter-counter-filter detectors, or come up with some other strategy AND sue spamming software makers.

So you know what the "email channels" mentioned in the previous quote are, patent are the 2nd to last paragraph states:

By contrast, the email channels approach (see R. J. Hall; How to avoid unwanted email; Comm. ACM 41(S'), 88-95, March 1998) exploits the simple idea that spammers must know a valid address in order to successfully send email to a user. The user is provided with a transparent way of allocating and deallocating different addresses for use by distinct correspondents. Thus, if a spammer obtains one address for a user and sends a message to it, the user can simply close the channel and all subsequent messages are bounced by the server at the protocol level before the message data are even transferred. Because this approach is not dependent on message content, it is completely impervious to list-splitting.

(No, I'm not going to paste the whole thing in backwards.)

Some mail providers allow you to have multiple aliases for one email address, and to remove any of them when you feel like it. The same (or at least a similar) idea as using an @hotmail or @yahoo account as your non-primary mail, but much simpler to manage your contacts with.

The patent has nothing to do with this method of spam avoidance, except to mention it as not being susceptable to the patented form of counter-filtering. Read the patent. Just thought I'd mention that in case someone didn't RTFA.

Re:Hey! Shortsighted people!

[matvei]

That's definitely not the way to educate people.

Would you educate them about the dangers of walking on dark alleys at night by cornering them with a gun and then taking their wallets?

Wrong numbers

[Betcour]

Those numbers are very wrong. Spammers count returns in sales per MILLION emails, because the rate is so low. It's profitable because they send huge quantities of spam, so even a very low sale rate is quite profitable.

On the other hand real email marketing (done by a well known legitimate business, targetted to specific peoples who agreed to receive it) can get much better results.

useless patent

[geoff+lane]

having actually just read the patent it would appear to be useless as it describes a means of avoiding a rather poor spam detection mechanism which I've never actually seen deployed.

Modern spam detection which uses statistical methods applied to the spam content would be unaffected by the techniques described in the patent.

Re:probably just a fluke

You are right on target: in his paper, he announces the patent (page 16). And he also says that he filed the patent, and that the idea was to sue spammers for patent infringement if they start using the list-splitting technique.

Re:Hey! Shortsighted people!

[NickFortune]

You appear to be suggesting that we solve the spam problem by sending more spam.

The currenty existing spammers are not going to cease their activities - and if they had any respect for common sense conventions or for good manners then the spam problem would never have occured.

So the only way we're going to implemnet your educational strategy is if we do it ourselves.

Somhow I have my doubts about the effectiveness of this, except for providing a pseudo-ligitimate pretext for scumbag spammers. Honestly, your honour, I wasn't going to take anyone's money! All those Nigerian scam eamils were purely an education measure. They said it was ok on Slashdot!

Oh and just for the record: I would object to receiving the "spams" you describe, just as much as all the other crap I have to filter daily.