Copyrighted Haiku Delivers Spam Through Filters

An anonymous reader writes "Remember that antispam company that includes a copyrighted haiku (which I can't quote here due to copyright reasons...) in emails vouching for their nonspaminess and thus bypassing spamfilters? The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones. Well it seems said haiku has lately been figuring in a large spam run trying to pitch the usual medical remedies for various unfortunate ailments. What do you think? Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?" We mentioned this brilliant anti-spam scheme last April.

It was always going to happen

[Ckwop]

Darwinian Selection is the governing rule of spam.. If appending a Haiku makes a message 'fitter' it will survive the slaughter more readily and therefore make it into your inbox more often.. until some realises what's going on and combats it with a new filter.. and then the process starts all over again.. :) For this reason, I think we're going to be fighting spam for a long time to come :) Simon.

I've gotten a few

[ghettoboy22]

About 5 in the past couple days. I noticed the unusual X-headers and finally remembered what it was. Increased the SA score yesterday and now I get none! woot!

I can see this company being semi-successful in taking spammers to court under copyright lawsuits, however like the article says the latest rash is (not suprisingly) zombied broadband hosts, making their chances of finding someone to sue almost nil.

Re:I've gotten a few

[Tripster]

making their chances of finding someone to sue almost nil

Not quite, the spams are selling a product at some point, someone is somehow receiving payment for doing the advertising and there is where you get them, whether it be the actual spammer or the company being advertised.

If the spammer is paid per lead there you have them, if they are paid per sale same thing, somehow the money gets to the spammer and there will be a trail to it. Even if they use false aliases they just add fraud to the list, they still have to pick up the money at some point.

The choice for the companies involved should be disclose the information for the spammer you hired or you get fined or criminally charged instead.

The spammers could flood the world with false spam runs targetting innocent companies, hiding their true money making runs, but I think those would stand out as the ones selling Viagra/Penis Patches/etc. as they do now.

We need something and soon, it's a losing battle on the mailservers, I tend to a local dialup ISPs incoming scanning server, they have slowly been losing clients over the years as broadband has taken hold and yet the mail server resource requirements continues to grow at an alarming rate, we turn away 80% of the SMTP connections that come in as it is and still a large percentage of what comes in is still spam. His customers are demanding a solution and the sad thing is the stuff that gets past all the RBL/SpamAssassin checks is the freaking adult stuff most people want rid of the most, especially parents.

Re:I've gotten a few

[Permission+Denied]

The choice for the companies involved should be disclose the information for the spammer you hired or you get fined or criminally charged instead.

I love this. Great idea. Monumental.

We make the companies talk, and if they don't rat out their spammer brethren, we fine the company into the ground and maybe even throw some execs into the pen. This will surely end the spam problem: no way the spammer scum will find a way to turn this against us, like they did to Habeas or other anti-spam fighters.

On a completely different note, friends, I have an important message for my fellow slashdot readers:

MICROSOFT SERVER 2003

Microsoft Windows Server(TM) 2003 helps you do more with less. In the rapidly-changing world of corporate IT, you need to stay pro-active and think out of the box. With Microsoft Windows Server(TM) 2003, you can deploy Enterprise-ready applications faster and more securely, all the while reducing your TCO and increasing your ROI.

Where do you want to go today?(TM)

The spammers could flood the world with false spam runs targetting innocent companies, hiding their true money making runs, but I think those would stand out as the ones selling Viagra/Penis Patches/etc. as they do now.

There are legitimate companies that sell Viagra. I would guess that I could get Viagra at the corner Walgreens. But it would be obvious that the mom-and-pop viagra-selling shop advertised via spam actually supports spam, whereas when Walgreens is advertised via spam, it must be completely innocent because a large corporation would never do such a thing, right?

Similarly, when you get a spam advertising some shady stock deal, it's a "real" spam if it advertises some small trading shop, but it can't be a real spam if it advertises Morningstar.

If you think about it, legitimate companies can be easily identified: if they can afford extensive litigation, it's a legit company. Given this, we don't have to put any kind of qualifier on your original suggestion: any company advertised via spam should be forced to give information implicating spammers or face legal sanctions. Those few theoretically "innocent" companies can afford to protect themselves.

We can surely find the spammers if we presume people guilty with no evidence. Hey, it worked for finding the witches and the Communists, right?

Never likely to work

[DrPepper]

In theory the Habeas scheme is very clever. It's difficult to get spammers under any anti-spam law (where they exist), so change the ballgame so that you can prosecute under copyright law instead.

Unfortunately though, I suspect it's going to be difficult to track these people down, and even when Habeas do, they will need to mount a prosecution in another country - wherever that happens to be. The spammers may even win given that each country enforces copyright laws differently.

According to the statement given, the latest version of SpamAssassin should be able to filter these out. We're running what I think is the latest (2.61) and it still seems to be letting them through - thanks to the Habeas mark. I'm beginning to think I should just disable the Habeas rules completely and let these get scorded normally.

Re:Never likely to work

[Tackhead]

> I don't want to remove the SA rule for Habeas. They have an interesting and original idea that I would like to see work.

Likewise.

The more people who do remove the SA rule for Habeas, however, the more damage this spammer has done to Habeas' customers -- and consequently, to Habeas.

Every system that starts using X-Habeas-SWE as an automatic "+5.0" (instead of (-5.0)) in their SA scoring mechanism, is another $BIGNUM in damages for which Habeas can sue when this spammer is finally brought to court.

This is the Habeas test case. Either Habeas is able to enforce its trademark and copyright, and sue this spammer off the face of the earth, or Habeas - the company - dies, due to the efforts of one spammer.

translation of article header

[JimBobJoe]

The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones.

Which should read:

The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent laws that are difficult to enforce instead of the weaker laws which have proven so hard to enforce.

I'm amused by the idea, but it seems to me that if you couldn't get (find) them under anti-spam laws (especially the newest ones) then how could you get them on copyright laws? Are the new anti-spam laws so lacking in punishment that they pale in comparison to copyright laws?

Re:translation of article header

[amcguinn]

Copyright laws give the power back to the people, as it were.

No they don't.

The flaw with this scheme is that while it tries to stop you from being spammed, you have no recourse if you are spammed. The only party that can act is this essentially uninvolved third party which holds the copyright.

In other words, it has exactly the same problem you've (correctly) identified in CAN-SPAM.

Secondly, when it succeeds it's a bad precedent. It eats away at the principle of "reverse engineering for compatibility", that was upheld in the garage-door-opener case. Exactly the same technique could be used to restrict access to other kinds of services. The fact that this instance is in a "good cause" doesn't change the principles.

It comes back to my first point: the only person with authority to say who accesses my servers is me.

Well, that was quick - site hacked.

Classic. These folks are obviously having a bad day. First they get /.'d then there web site gets defaced. Can't say I'm upset about it, infact it made my night.

I've said it before, I'll say it again...

[Dimensio]

It's time that we started executing email spammers, and anyone who contracts email spammers.

Spammers are sociopaths. They don't care that their efforts are always, without exception, criminal. They don't care that people don't want their junk. The best thing to do is to kill them and remove them from society.

Hopefully someone will soon snap and put a bullet in Alan Ralsky's head, signaling the start of the true anti-spam revolution and doing a great favour to the world.

Re:bayesian filters

[silentbozo]

I've already manually kicked the SpamAssassin score for Habeas to -.5. If things don't get better, I may help out the bayes filter by turning Habeas scoring off (set to 0). Habeas should be spitting brass tacks PRwise - every day that goes by without a peep from them just enboldens other spammers thinking about trying the same stunt.

After all, Habeas was whitelisted because they promised legal action against spammers infringing on their copyrights... well, the spammers are infringing. Where are those spam-eating lawyers we were promised?

Stop the merchants!

[AoT]

The only way to stop spam is to "affect" the merchants whom outsource to spammers. This will stop the competition between Western merchants and make spamming unprofitable. Everyone! stop the merchants!!!!!

Attack of Haiku-Resistant Killer Spam

[leoaugust]

It just illustrates the lengths the spammers will go to, including taking on Habeas' proven legal capabilities, to distribute their spam.

It is interesting that they tout their proven legal capabilities rather than "proven" technology. Will it be enough to stop the Attack of Haiku-Resistant Killer Spam. RIAA and SCO are trail blazers in using the legal system to stop ....

Our patent-pending Sender Warranted Email(TM) service vets messages for legitimacy, guaranteeing that they're not spam.

Guaranteeing? Sounds like a pretty tall claim now. Not to say what should happen to the pending-patent - a review of the claims perhaps ?

Adding the IP addresses to the HIL (aka Habeas Blacklist) should not impact the legitimate mailing activities of the owners of the compromised PCs.

It would be nice if it works well, but I am curious as to how they are going to distinguish from a single IP address whether the email was sent from the compromised PC when it was "alert" or when it was in a "zombie" state.

Your reporting here of spam you've received with the Habeas Warrant Mark will help us track down and prosecute the responsible parties.

Habeas - Welcome to the Party. In addition to the call for rounding up a posse, if you need some help from the Feds, write in to the FTC at uce@ftc.gov. Despite having the Federal powers to kick a**, I am not really sure how successful they have been.

What Can I Do With the Spam in my In-Box? Report it to the Federal Trade Commission. Send a copy of unwanted or deceptive messages to uce@ftc.gov. The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email.

Hey, and I forgot - What happened to the CAN-SPAM ? How long before we have Attacks of the CAN-SPAM-Resistant Killer Spam.

Copyrighted Haiku

[perly-king-69]

Every work created by you is copyrighted. The act of creating something gives you copyright. For instance, I own the copyright on this post.

Some spam legitimate?

Although I despise spam, clearly the CAN-SPAM bill would indicate that there are some situations in which unsolicited e-mail will be sent in the future that will be commonly accepted.

Will spam be as large of a problem when the scummier segments of the market (header forgers/system exploiters/porn pushers) are made illegal? It's quite likely that we will learn to live with some forms of unsolicited e-mail on the Internet rather than eliminate it entirely, especially given the personality types that always seem to chase the fast buck without regard to other people's expense.

Re:Some spam legitimate?

[Dimensio]

Although I despise spam, clearly the CAN-SPAM bill would indicate that there are some situations in which unsolicited e-mail will be sent in the future that will be commonly accepted.

No, it only indicates that a sufficient number of Congress slime balls were bribed by the criminal outfit known as the Direct Marketers Assocation. Email spam is, and always will be, theft. Spammers deserve death, without exception and regardless of any DMA-crafted "rules" that they claim to be following. Since spammers are always fundamentally dishonest, you can bet that they're not even following those rules.

It's quite likely that we will learn to live with some forms of unsolicited e-mail on the Internet rather than eliminate it entirely, especially given the personality types that always seem to chase the fast buck without regard to other people's expense.

This is why I advocate execution of email spammers. Kill the spammers, and you kill the problem. Header forging becomes irrelevant if any email spam, regardless of how or why its sent, merits death.

Until it is legal to kill spammers, or until I finally snap and give Alan Ralsky, Eddie (or Eddy) Marin and the rest of the group what they truly deserve, I will respond to each and every junk email that I recieve with a nasty slew of complaints to the hosting ISPs for the sending IP address and for any website or email account involved. Should the spam continue, my complaints will only increase in number and frequency. I don't care what laws they claim to follow, spam is unethical, fraudulent and it amounts to stealing.

Not far off...

I mean, you can't copyright email addresses, per se, but--image the haiku was copyright Joe Random Spammer, and, someone includes said haiku in some antispam software.

Well, now Joe R. Spammer has an excellent infringement case against Antispam Inc., especially if JRS has otherwise CAN-SPAM legal spam (or, maybe, just legal spam in another country... Berne Convention Copyright baby).

Why should the spammers worry about copyright?

[MROD]

Now, we've seen spammers use a copyrighted poem in their spam headers. I'd like to know how much they're worried about being taken to court about this. After all, they're not exactly on the right side of the law already...

(1) They subvert other people's computers to relay spam: illegal in most juristictions.
(2) They send out viruses and worms to break into other people's computers: illegal in most juristictions.

So, if they're already doing two illegal things, why should they worry about a third?

Re:Habeus have won once already

Tracing spam to its roots is not so difficult. By its very nature spam must point you to a real person where you can buy stuff from. It's relatively easy from then on to find the person who composed the spam, and the person who sent it.

Spam and AI

[gbulmash]

A bunch of neat scientific advances came out of the space program (Mercury / Apollo) because necessity is the mother of invention. There were very specific problems that needed to be solved and inordinate amounts of brainpower were thrown at solving them.

Now comes the spam wars... Once again, a specific problem that must be solved: "How do we develop a method of letting legitimate mail get to us while filtering out spam with a minimum of error?" We don't have the government throwing billions at it, but because it affects the general public, there's an inordinate amount of businesses, academics, and hobbyists throwing brainpower at it.

Despite all the talk about keys and legal threats, verifications and warrants, they just provide hurdles to be overcome, not true barriers to spamming.

But you could train a person to screen your mail with a better level of efficiency than any spam filter on the market today. And that person could catch new spam tricks before they ever got through to you.

As we continuously try to develop better and better filtering systems, I believe that the war against spam could well be be our most prolific source of advances in artificial intelligence. Spammers will throw (purchased) brainpower at coming up with ways to defeat filters and filters will have to get smarter in response.

I know, I know... You could say that I'm looking for the silver lining in this hailstorm of unsolicited pitches. But really, am I so far off? We've got a problem, we're throwing resources at solving it... like the space race, like the arms race, technologies will come out of the spam race that will have amazing implications for our lives.

I hate spam. I would love to be left alone in a room with a spammer, a car battery, and some jumper cables. But at the same time, it's sort of neat to be watching this battle progress.

Greg

Don't be foolish...

[chuckw]

It would be foolish to turn off the habeas checking in spamassassin, or otherwise filter out based on the habeas mark for 2 reasons:

1) Habeas has shown a commitment to actually *EXPEND* The resources to go after spammers. If you dimish the value of the habeas mark by filtering out email with their mark in it, then they have nothing to protect. I personally don't have time to go after spammers. Anyone who has a proven track record of winning against spammers (which habeas has) should be encouraged!

2) There is a large number of users who have added the habeas mark to their e-mail headers based on the assumption that it was a protected mark that would ensure their mail *WASN'T* filtered out. If you start filtering on that mark you *WILL* falsely filter out a lot of legitimate mail.

A previous poster named Mehu, posted an excellent solution to the problem if you're using spamassassin:

"So, rather than just add a score of 0 for HABEAS_SWE, I figured I'd give them a chance & added the following to my ~/.spamassassin/user_prefs, which takes care of the current rash:

body PHARMAWHAREHOUSE /pharmawharehouse.biz/
describe PHARMAWHAREHOUSE Link to pharmawharehouse.biz

body PHARMACOURT /pharmacourt.biz/
describe PHARMACOURT Link to pharmacourt.biz

body VALUEPOINTMEDS /valuepointmeds.biz/
describe VALUEPOINTMEDS Link to valuepointmeds.biz

score PHARMAWHAREHOUSE 10
score PHARMACOURT 10
score VALUEPOINTMEDS 10

Looking through my mail, it turns out some of my valid mail actually does contain those headers (would never have noticed them), and a few spams, even w/ the haiku headers, have been blocked by HABEAS_VIOLATOR (RBL: Has Habeas warrant mark and on Infringer List), so the company does appear to be doing its job.."

-Chuck

You mean stop the fraud

[swb]

I'm not sure how serious you are, but since even a stopped clock is right twice a day I'll have to agree at least with the literal interpretation of your posting.

If law enforcement generally were applied to the sellers of spamvertised products, spam would become far less of a menace. Most spamvertised products are prima faciae illegal (ie, you can't get prescription medications without a prescription), false advertising (a sugar pill won't give you a 12" penis) or are actually just fraud schemes to take money and not deliver a product.

Tracking down email senders is extremely difficult due to header forgery and the use of zombies and other kinds of compromised systems. But just about all spam will take a credit card, which should enable tracking of a financial trail to the sellers. If the Feds would make a RICO case out of it, they could ensnare just about anyone with their finger in the pie, including the spammers, who I'm sure would be fingered by sellers caught in the net.

A few RICO cases that put the squeeze on ISPs, banks handling their financial transactions, spammers, and most importantly, sellers and suppliers of these products would have a pretty significant effect on the whole "scam 'n' spam" business environment. I think there's probably some otherwise legitimate players (ISPs, banks) participating in this field behind the scenes, and some negative exposure in a few of these cases could close the door to a lot of "operators" who need access to the legitimate economy in order to operate.

It's pretty clear that nobody likes spam, but the fact that there have been no high-profile FBI/Treasury/Commerce investigations into some of these things really puzzles me. It may be that the investigations have been done but this angle was deemed not fruitful (doubtful), resources aren't available due to the war on terror (more likely, but not entirely credible), or political pressure has been applied by heavy corporate players to keep their shady business segments viable (somewhat conspiratorial, but believable) -- yet even these theories don't explain the lack of credible, visible efforts on the part of Federal law enforcment to crack down on internet fraud.