Slashdot Mirror
Copyrighted Haiku Delivers Spam Through Filters
An anonymous reader writes "Remember that antispam company that includes a copyrighted haiku (which I can't quote here due to copyright reasons...) in emails vouching for their nonspaminess and thus bypassing spamfilters?
The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones.
Well it seems said haiku has lately been figuring in a large spam run trying to pitch the usual medical remedies for various unfortunate ailments.
What do you think? Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?" We mentioned this brilliant anti-spam scheme last April.
It's an interesting idea, I really hope it'll work too.
:-/
Unfortunately I think they might need to make it so that they couple it with a white-list, ie *all* mail with their signature that is *not* on their whitelist is assumed to be spam... Otherwise there will just be too much spam specifically intended to make their service useless, actually harmful to their customers... There'll even be fake spam designed to be hard to track, just to force people to filter out any mail with their delivery and thus forcing them out of business
Joe-Jobs are made to order... Just send a bunch of mail through a rooted proxy, advertising the competition's stuff, and watch Habeas sic the lawyer dogs of war on your competition. You'd laugh all the way to the bank.
Same type of thing if enough spammers use this trick, the lawyers will be too busy.
Did Habeas actually think this was going to work? I mean, spammers are willing to do ANYTHING to make sure Joe Public reads their garbage. Constantly changing tactics to evade filters, to write viruses specifically to generate more open proxies to send their garbage through, to Denial of Service attacks against those who try to filter out this stuff, to garbage lawsuits. This is nothing compared to those..
People Talking in Movie shows.. people smoking in bed.. people voting republican.. GIVE THEM A BOOT TO THE HEAD!
The Habeas mark is just a way of making money, it has nothing to do with opt-in or responsible e-mailing. I've tried to contact Habeas in the past about a company that used their mark, while they did not correctly verify their opt-in mailadresses. There was no reply (and IIRC, their web form didn't work at all at the time).
my other sig is a 500 page novel
Note that using the Habeas Headers to filter out such mail may be a copyright infringement, too.
See also the following Paragraph of the "HABEAS WHITELIST LICENSING AGREEMENT":
Another way these nonsense spams work is, in my experience, by having two different MIME parts, a plaintext part of random words, and an html part with the actual spam content. Since I don't use html mail, it works rather poorly on me, but I did once take a look at the html part, and it was formated text, not random nonsense like in the plaintext part.
Agreed... and it's something that I think a lot of folks miss. Creating yet another law will not stop X, but it might make it easier to prosecute once X has happened. However, whenever you create a new law to prosecute X, there's a high chance of the system being subverted to also allow Y and Z to be prosecuted, or weirdness where X doesn't get addressed at all.
Spam, in particular, is a combination of technical (SMTP is too trusting), economic (receiver pays the majority of the costs), and social (willing to do anything, don't care about existing laws).
On the technical side, there's small rays of hope. Reverse-MX proposals (SPF, LMAP) or Yahoo!'s domain-keys are trying to eliminate the Mack-truck sized loophole that allows domains to be forged and companies to be joe-job'd. This should also put a dent in the e-mail worm/spam problem or at least force those machines to route e-mail through a (likely) better-administered SMTP server. Bayesian seems to be working well still and has a bit of life left (multi-word / markov bayesian is probably next). Whitelisting of domains gets easier once the forging issue is taken care of. IP blacklists are still around (don't care for them personally, like hunting flies with a shotgun). We may even see e-mail get as far as requiring public-key signatures along with web-of-trust. I'd say that all e-mail will be required to be encrypted to each recipient's private key, but gov'ts would probably nix that. Individually, none of these technical proposals make much of an impact, but each one closes up yet another loophole.
Social-side I'm not sure of what is going to make a difference. Too many countries involved with different social mores or laws (or lack thereof).
Economic sanction is possible, but currently it's easy-as-sin to joe-job your competition - so there's a high risk of false-accusations. Plus, it's easy to move the stuff off-shore and out of reach of authorities. However, as some of the technical means come into mainstream it will hopefully drive spammer costs up (having to register new domains all the time, etc.).
Wolde you bothe eate your cake, and have your cake?
Main article refers to a spam attack started in 2004, your link refers to a spam attack in 2003, so i find it unlikely that they are referring to the same case unless habeus have a time machine.
...is not haiku or any other kind of rearrangment of normal speech. What's pouring right through my filters are messages consisting of just a half-dozen lines of random English words. No sentences, no advertisements, no links, nothing but everyday words.
It's a fairly clever attempt to poison the Bayesian filters. Either I associate these words with spam and risk losing legit email, or I loosen things up and let more real spam slide through. It's frustrating because there's absolutely nothing I can do about it.
[insert long ranting call for vigilante bullet-to-the-head-style action here]
You cannot apply a technological solution to a sociological problem. (Edwards' Law)