Slashdot Mirror
Copyrighted Haiku Delivers Spam Through Filters
An anonymous reader writes "Remember that antispam company that includes a copyrighted haiku (which I can't quote here due to copyright reasons...) in emails vouching for their nonspaminess and thus bypassing spamfilters?
The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones.
Well it seems said haiku has lately been figuring in a large spam run trying to pitch the usual medical remedies for various unfortunate ailments.
What do you think? Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?" We mentioned this brilliant anti-spam scheme last April.
It's an interesting idea, I really hope it'll work too.
:-/
Unfortunately I think they might need to make it so that they couple it with a white-list, ie *all* mail with their signature that is *not* on their whitelist is assumed to be spam... Otherwise there will just be too much spam specifically intended to make their service useless, actually harmful to their customers... There'll even be fake spam designed to be hard to track, just to force people to filter out any mail with their delivery and thus forcing them out of business
I keep getting those nonsense-spams, too (as if the other ones made more sense :-)).
From what I understand they are meant to somehow "poison" the bayesian filters out there so they can't do their job any longer. Maybe someone with more insight into the workings of bayesian filtering can tell us if this is feasible?
Joe-Jobs are made to order... Just send a bunch of mail through a rooted proxy, advertising the competition's stuff, and watch Habeas sic the lawyer dogs of war on your competition. You'd laugh all the way to the bank.
Same type of thing if enough spammers use this trick, the lawyers will be too busy.
Did Habeas actually think this was going to work? I mean, spammers are willing to do ANYTHING to make sure Joe Public reads their garbage. Constantly changing tactics to evade filters, to write viruses specifically to generate more open proxies to send their garbage through, to Denial of Service attacks against those who try to filter out this stuff, to garbage lawsuits. This is nothing compared to those..
People Talking in Movie shows.. people smoking in bed.. people voting republican.. GIVE THEM A BOOT TO THE HEAD!
The Habeas mark is just a way of making money, it has nothing to do with opt-in or responsible e-mailing. I've tried to contact Habeas in the past about a company that used their mark, while they did not correctly verify their opt-in mailadresses. There was no reply (and IIRC, their web form didn't work at all at the time).
my other sig is a 500 page novel
Note that using the Habeas Headers to filter out such mail may be a copyright infringement, too.
See also the following Paragraph of the "HABEAS WHITELIST LICENSING AGREEMENT":
Yeah.. the great thing about Spam is that it's pretty obvious what is spam to anybody..
If it was a criminal offense and went to a jury, the jury could very easily sift ham from spam making the conviction rate very high!
I believe a law of this nature would be very effective indeed, for this reason..
Simon
I'm confused by all of this. How is Habeus forcing spammers to use their haiku when sending spam so that they can in turn sue those spammers?!
I mean, if I'm going to use haiku to get past spam filters, I'll just write my own instead of a copyrighted one. They take all of 30 seconds to write a decent haiku. Am I missing something here?
More, uh... why would a spammer say "Hey, I'm going to use this COPYRIGHTED HAIKU THAT SPECIFICALLY IS OWNED BY AN ANTI-SPAMMING OUTFIT TO SUE ME OVER" rather than write their own?!
Any /. geeks with basic poetry 'programming' skills here? I have a question:
:
How exactly does the haiku verse form go?
Like this?:
^_ ^_ _
_ _ _^^_ _
_ ^^_ ^_
Please correct me if I'm wrong.
Additional info
Here the copyrighted Haiku - I believe the (tm) is part of it.
Winter into spring
brightly anticipated
like Habeas SWE (tm)
We suffer more in our imagination than in reality. - Seneca
http://pharmacourt.biz/about.htmlo urt.biz/contact.html
http://pharmac
Seems they were hacked [valuepointmeds.biz]
Now they are slashdotted.....spam problem cured.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Another way these nonsense spams work is, in my experience, by having two different MIME parts, a plaintext part of random words, and an html part with the actual spam content. Since I don't use html mail, it works rather poorly on me, but I did once take a look at the html part, and it was formated text, not random nonsense like in the plaintext part.
The haikus do not have any real creative value. They exist for a purpose I do not believe the legislators in most countries had in mind when they wrote the laws.
People are not interested in the value of the haikus. People are just using it as a key to check for clean mail.
Using copyright law in this context is imho pervertion of the law.
Purpose might or might not be an issue for the law depending on country.
Just give the spammers jailtime for spamming.
Agreed... and it's something that I think a lot of folks miss. Creating yet another law will not stop X, but it might make it easier to prosecute once X has happened. However, whenever you create a new law to prosecute X, there's a high chance of the system being subverted to also allow Y and Z to be prosecuted, or weirdness where X doesn't get addressed at all.
Spam, in particular, is a combination of technical (SMTP is too trusting), economic (receiver pays the majority of the costs), and social (willing to do anything, don't care about existing laws).
On the technical side, there's small rays of hope. Reverse-MX proposals (SPF, LMAP) or Yahoo!'s domain-keys are trying to eliminate the Mack-truck sized loophole that allows domains to be forged and companies to be joe-job'd. This should also put a dent in the e-mail worm/spam problem or at least force those machines to route e-mail through a (likely) better-administered SMTP server. Bayesian seems to be working well still and has a bit of life left (multi-word / markov bayesian is probably next). Whitelisting of domains gets easier once the forging issue is taken care of. IP blacklists are still around (don't care for them personally, like hunting flies with a shotgun). We may even see e-mail get as far as requiring public-key signatures along with web-of-trust. I'd say that all e-mail will be required to be encrypted to each recipient's private key, but gov'ts would probably nix that. Individually, none of these technical proposals make much of an impact, but each one closes up yet another loophole.
Social-side I'm not sure of what is going to make a difference. Too many countries involved with different social mores or laws (or lack thereof).
Economic sanction is possible, but currently it's easy-as-sin to joe-job your competition - so there's a high risk of false-accusations. Plus, it's easy to move the stuff off-shore and out of reach of authorities. However, as some of the technical means come into mainstream it will hopefully drive spammer costs up (having to register new domains all the time, etc.).
Wolde you bothe eate your cake, and have your cake?
Main article refers to a spam attack started in 2004, your link refers to a spam attack in 2003, so i find it unlikely that they are referring to the same case unless habeus have a time machine.
This one is really easy though:
/test.txt HTTP/1.0
.. will create http://pharmacourt.biz/test.txt.
.php file, and when using the PUT method in this way, the server executes the .php file rather than just overwriting it as with the .html files.
$ telnet pharmacourt.biz 80
Trying 211.158.7.147...
Connected to pharmacourt.biz.
Escape character is '^]'.
PUT
Host: pharmacourt.biz
Content-Length: 10
hello!
The only problem with this is that the front page is a
I think it is time that we look into developing a real solution to spam.
The problem is that, just like the postal service, you can put whatever you want for a return address on the outside of the envelope and drop the letter in one of those blue mailboxes and it will get delivered without anyone in the process caring.
Currently, everyone is trying to figure out what the magic bullet is to fix this at the delivery end. But no one has bothered to think that it is the process itself that allows this to continue.
Therefore the solution is that SMTP needs to be changed.
An idea would be to maybe offer a secure transport in which every part of the process puts a certificate into the message and a corresponding entry in a log. (Yeah, I know. Alot of overhead per hop but...) The idea would be that if you got spammed that would be a path to follow back until it broke. That server would then be checked for the origionation of the message and the problem fixed. This would thereby for your email address to be real before it was sent and the path would be traceable back to you.
Well, that is my 2.
Anonymous Coward who can't find his username and password cause it is in my email at home.
Thought -- Imagine if they end up in jail; considering how many inmates' only contact with the outside world is via the Internet, what would be the inside lifespan of a convicted spammer?
Do not mock my vision of impractical footwear
I decided to actually read a spam yesterday. What I found was amazing: Almost every other word was not spelled correctly. Random characters seemed to be inserted throughout. Now I need to ask myself, why wasn't this picked up by spam filters? How much more obvious can you get?
1) is the subject matter adult? yes
2) is it written like a five year old? yes
This doesn't seem that hard to me.
Funny. I would pronounce that as
Like Ha-be-as ess dub-ell-you ee
making for a grand total of nine syllables.
I'm keen to find out what this strange new one-syllable pronounciation of the letter w is.
This might not work as expected. Since SA assignes -8.0 score for Habeas rules, and default configuration for autolearning ham is -5.0, SA would have learnt that Habeas headers are associated with ham messages. As a result, Bayesian scores for _any_ message with these headers will score very low (50-60% probability even for the spammiest spam).
I had to manually train SA by feeding it habeas headers and training as spam, until habeas headers were associated with enough spam AND ham messages.
This balanced things out.
If you start filtering on that mark you *WILL* falsely filter out a lot of legitimate mail.
Incorrect. This spam was the first to reach my site bearing any Habeas mark. The Habeas mark, to my knowledge, has not kept any spam out of my co-worker's inboxes, nor has it made sure that any wanted mails made it through the filters. Our sole experience with the Habeas mark has been this infringing spammers using it to bypass our filter. We bounce 400 spams/minute with scores over 10, just to give you an idea of how much mail we get, and therefore how rare a properly used Habeas mark really is at our site.
The Habeas rule stays off. I will not trust 3rd parties to tell me who is playing nice. I will not use negative-scored public-knowledge rules anymore, either.
Edith Keeler Must Die
...is not haiku or any other kind of rearrangment of normal speech. What's pouring right through my filters are messages consisting of just a half-dozen lines of random English words. No sentences, no advertisements, no links, nothing but everyday words.
It's a fairly clever attempt to poison the Bayesian filters. Either I associate these words with spam and risk losing legit email, or I loosen things up and let more real spam slide through. It's frustrating because there's absolutely nothing I can do about it.
[insert long ranting call for vigilante bullet-to-the-head-style action here]
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I've blocked any email with .biz in it for a long time. Haven't gotten any false positives yet and don't expect to.
Under the CAN-SPAM act, ISPs can sue. If you read the definition of an "ISP" in the act, it's clear that a mail processing service like SpamCop would qualify. What's needed is a paid service like SpamCop that files at least one high-profile lawsuit a month, increasing to one a week as volume builds up. That would make a dent.
When I checked on net.admin.net-abuse.sightings, there are several hundred of these reported, and NONE of them use our domain. Checking a few at random, it looks like they are using many many many forged domains, so we are just getting the bounces from a tiny fraction of these these.
It doesn't really "poison" the filters, because there are just wayyyyyy too many posible words for this to work. Bayesian filters assign a huge probability of spamminess to every word in a spam email and an exceedingly low prbability of spamminess to every word in a non-spam email during training. If a word appears in both, it just averages out. Over time a given word will appear only once in a spam email with a bunch of random words, and many times in non-spam emails, and therefore after some time (or even pre-emptively) the good words will be recognized as good. The more training, the better; poisoning has little chance of success as long as there's at the number of good and bad emails going in are within an order of magnitude of each other.
That's not to say the technique doesn't help the spammers in the short run; it probably gets past less sophisticated and trained filters.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.