Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Solutions from an Expert

Posted by CowboyNeal on from the separating-the-wheat-from-the-chaff dept.

Mod N writes "SecurityFocus has posted a nice survey of anti-spam technologies by spam expert Neal Krawetz, in which he delves deeply into the specifics and pitfalls of the numerous proposed solutions. Krawetz makes it obvious that securing the email infrastructure is a very complex problem that many of the current (simple) solutions can't solve alone."

11 of 420 comments (clear)

  1. Proof? by monstroyer · · Score: 5, Interesting
    The marketing myth emphasizes two misconceptions: (1) a human must perform the challenge, and (2) these problems are too complex for automated solutions. In truth, most spam senders ignore these CR systems because they do not account for a large recipient base, not because the challenge is difficult. Many spam senders use valid email addresses for their scams or for validating mailing lists. When CR systems begin to interfere with spam operations, spammers will automate the responses to these challenges.

    Excuse me, what? Where's the proof? That's quite a brave statement to be making considering i've never seen this cracked, ever.

    I challenge someone to find an automated response to C/R.

    I did hear of a theory where C/R was being cracked by taking the C/R image, posting to a porn session, and letting a seeing person do the work. However, i've yet to witness this in practice. Show me the automated response to C/R that exists beyond a blog theory, and i'll believe. Until them, i hardly consider it "marketing hype".

    1. Re:Proof? by ookabooka · · Score: 5, Insightful

      I cant even get my scanner to correctly identify a regular text document, it gets most of it, but it still misses a lot of letters. A computer program could do this, but you would need either a very large database of the letter pictures (most places use all different kinds of text pictures, and add in a degree of randomness). Or you would need a very developed algorithm to detect the letters (in which case you would be making oodles of money from the scanner industry. . . spam would be the least of your worries.
      In the end i think it is inevitable that software will eventually break this system, but as soon as it does, there will be another system in place. . . .

      --
      If you are about to mod me down, keep in mind that this post was most likely sarcastic.
    2. Re:Proof? by jazman_777 · · Score: 5, Funny
      The point I was making is that, while noone has done it yet, there's no theoretical reason why it shouldn't be possible.

      I think you have a future in marketing.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  2. Cut Your Junk Mail By 50% !!! by Snagle · · Score: 5, Funny

    Just buy porn in magazine format instead of registering for it online :)

    1. Re:Cut Your Junk Mail By 50% !!! by redJag · · Score: 5, Funny

      What is this buy? *squints suspiciously*

  3. Solution: Stop Spam at the Source by ElliotLee · · Score: 5, Insightful
    According to the article, there is no good lasting solution to spam. Indeed, there isn't, but we need to consider more the reason behind the spamming.

    Why has spam grown to what it is today? It is an undeniably effective means of cheap marketing. What we need to do is come up with a way to stop this not on our end, but by looking at as a social problem or making it non-worthwhile to the spammers. If nobody ever responded to spam, spammer wouldn't bother.

  4. Let's use the Patriot Act for the benefit of good by mao+che+minh · · Score: 5, Interesting

    I am in full support of using the broad-powered, freedom crushing Patriot Act in apprehending and imprisoning spammers. We might as well get some good out of it.

  5. More details in Part 1 by fembots · · Score: 5, Informative

    The linked article is part 2, Part 1 is here.

    --
    Rock that crushes, Paper & Scissors that don't matter.
  6. Having experience, I can answer 1.2.1 by snakecoder · · Score: 5, Interesting

    I am not recommending mailblocks, I belive there is a sourceforge project called TMDA which does the same thing. Having said that, my experience comes from using mailblocks:

    -cr deadlock: This does not exist because when you e-mail someone in a challenge and response system, it automatically assumes they are friendly. So if they have a challenge and response system, it will make it into your inbox, because you e-mailed them first

    -automated systems He is correct here. Personally I hate when friends submit my e-mail to third parties without my consent so I do not mind missing these e-mails. I have caught a few while searching my pending folder, and inform my friends I rather have them e-mail me directly.

    -interpretation challenge I believe he is wrong here because of a fundamental issue. When dealing with spam filters, the onus of working out refinements is left to the spamee, to make sure they filter out all spam. If a spammer adds a new technique, they get around the filter. With challenge systems, you have a few methods waiting as backup. When a spammer finally figures out how to read your words through AI, you simply change the challenge system and they are back to square 1 in trying to figure out how to defeat. As long as you have a few methods waiting in the wings, the spammers can easily be defeated, and have huge amounts of work to do.
    if you doubt this, write an AI system to defeat hotmails gifs. Now what if the next day instead of showing a word, they show you a picture of 3 fire trucks and 2 police cars and ask you how many police cars are in the picture, etc ...

    --
    -Nuke the moon
  7. Do not call ... by Ephboy · · Score: 5, Interesting

    Prior to this October, telemarketing calls were a national scourge. Amazingly, since we signed up for the Do-Not-Call list, we've only received 2 illegal calls. I'm rather surprised, in fact, at the relatively uniform acquiescing to this law. While spam, coming from all corners of the earth and is more anonymous, will be harder to enforce, some law with real teeth may be a good start.

  8. most effective by mabu · · Score: 5, Insightful

    Make no mistake...

    The most effective spam solution at this time is RBL blacklisting. Bottom line.

    When you take into account that the biggest problem of spamming is bandwidth consumption and network resources, there is NO better way than blacklisting spam sources and refusing to communicate with them.

    Services like Spamcop's RBL really piss off the spammers. All client-side filtering is counterproductive and ultimately useless as you constantly have to update the systems to catch new efforts on the part of spammers to thwart the filters. At least with RBLs, the spammers' connections are immediately refused as soon as they're ID'd.

    If you want to identify what is the most effective solutions, it's simple. Look at what pisses off the sleazebag spam community the most. That's relay blacklisting. They don't DDOS the moronic client-side filtering companies because the spammers know they're useless, and even if they're not, the spammers can't tell. What hurts them are when systems say, 'screw you spammer, (click)' and that's done via relay blacklisting.

    Why are spammers increasingly changing mail relays and pursuing open proxies? Because of RBLs. Even AOL uses RBLs (including Spamcop). All the major ISPs look at the RBLs because they are THE most effective way of stopping spam. And they're the only way to actually shut down the spammers.

    Forget client or server-side content-based filtering. They will NEVER work. RBLs are responsible for forcing spammers into corners of IP space, forcing them to deploy worms and viruses to infiltrate new IP space (which exposes them to more prosecution). RBLs ** WORK ** !