Slashdot Mirror
DSPAM v3.0 RC1 Spam Filter Released
Nuclear Elephant writes "DSPAM v3.0 RC1 is now available for download, with a stable release scheduled for June 13. DSPAM has appeared on Slashdot and in Wired News in the past for its high levels of accurate spam filtering. v3.0 is the product of three solid months of work. Some of the highlights include a very sleek redesigned interface, PostgreSQL support, many mathematical enhancements, and support for many of Gary Robinson's algorithms (such as Chi-Square, Geometric Mean Test, and Robinson's technique for combining P-Values)."
I don't get it.
I am using this filter and after some training it is very effective. Especially useful is the inoculation feature, which you can use to register a spam only address to spam sending sites so that it trains faster.
My heart is pure, but make no mistake, it's pure evil
I'm all for throwing technology at the problem, but I hope people still realise that having a complex (and effective) spam filter does not take away the millions of megabits of traffic wasted on UCE when it's in transit.
Why would I need this?
Looks really promising, and I'll probably install it on my own e-mail server to give it a try. Now, how do we convince our ISPs to do the same?
But will it find out who sent the SPAM and hurl them into the Sun? Until I get this feature, I don't think it'll be perfect :)
DSPAM has a strong focus on providing better data to already existing algorithms (Bayesian, Chi-Square, etcetera) Combination algorithms work inherently well, but depend on the quality of data. Some of the approaches deployed in DSPAM towards this goal include Chained Tokens, Inoculation Groups, Classification Groups, advanced de-obfuscation techniques, and a new noise reduction algorithm called Bayesian Noise Reduction. The goal is to incorporate processing algorithms that can withstand the long haul of ever increasing message complexity. So far we're doing a great job.
The idea of combining more than one anti-spam heuristic is not new. But one thing that cant be denied is that all methods are just complementar to Bayesian analysis, that can reach up to 95% precision by itself. Chi-Square, itself, can reach up to 85% precision
Look! We came out with this great filter so nobody else gets spam! This solves the problem of spam once and for all! Even though spam is still clogging our networks and wasting bandwidth, this filter will solve all of our problems.
With all the time spent on making spam filters, why don't we spend that time working out a new protocol for email transfers, one that would not be able to spoofed, or spend that time installing server side programs that put a small time delay between messages as well as bandwidth restrictions for all outgoing mail?
unless mail sending protocol is redesigned(for example,in a way you have to have your fingerprints recognized when you type it) we will have to face the fact SPAM will be in our daily news. Soon slashdot will put an article where the best 3 spam filters are compared, like a normal review.
"The quality of life is inversely proportional to the number of keys on your keyring."
Been looking for a new spam filter, hope this one does the trick. I tend to have alot of false positives with most spam filters i have tried. I would rather have a few spam slip through rather than having to weed through all my spam just because it may have blocked a real email.
A Fatal OE Exception has occurred, Sig will now reboot.
... works for me ...
How does DSPAM compare to other OSS projects like Spamassassin?
Laugh while you can, monkey-boy.
I tried to setup spamassasin a couple of months back and I found it to be too much of a hassle to setup. Could someone who used both spamassasin and dspam comment on easy or difficult it is to setup dspam?
Do not read this
Warning, it seems to be designed more for high volume use than individual sites. I've fed dspam almost 3000 spams and it is still only catching 80%, does seem to be getting better though.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
When you run your own mail server, or administrate a mail server for a large number of people, server-side anti-spam filters and countermeasures start making a lot more sense. Do the math on a company with 100 employees (at $25/hr) who check mail twice a day and spend 5 minutes each time hassling with anti-spam measures in client-side mail apps. In this scenario, a seamless anti-spam solution is worth conservatively $400 per day, or $100k/year not counting bandwidth savings. There are definitely cases when client-side filtering makes sense, but if you can handle it at the server, email-based business methods scale better.
http://tinyurl.com/4ny52
I have not actually used DSPAM, but have just read the specs.
Yawn. Yet another, albeit well designed, content-based filter. While content-based filters are a valuable tool, let's not forget that the spam problem is one of anti-social behavior and consent and has nothing to do with content. Using content as a factor in deciding what is spam or not spam will always be flawed. Even if you tweak your favorite filter from 99% to 99.9%, the spammers can just up the ante by sending more. Scaling up costs them little on an individual basis. It saddens me to see really brilliant people put great amounts of work into a project whose underlying premise is flawed.
would be to publicly humiliate/boycott the companies that use the spammers services. Like drug dealers, as long as there is a market, the spammers will be around. Remove the demand, and the suppliers will eventually move onto selling something else.
If you can't kill the leeches because the water is too murky, then boil off the pond!
CodeTrap (www.codetrap.net)
So how does this help me reduce the amount of bandwidth and server resources used by spammers who continue to try sending spam to me and my users?
now we need to go OSS in diesel cars
There is no such word as "administrate"! You can "administer" or you can "manage" but please do "administrate", at least while not in the privacy of your home...
I wanted to try DSPAM some time ago, but I stopped as soon as I read that DSPAM puts an ID string in every mail it processes. In the mail body, that is. I have no problems with a program that adds headers, but it should leave the message body alone.
Does DSPAM do that now? Can't find anything about it...
An excellent spam filter for Windows is K9 found here.
I'm the one running the spam filter (SpamAssassin) at work. Overall, it has been VERY popular with everyone else. They don't receive the most obnoxious sex spams any more.
On the other hand, there are a few false positives that reduce the overall savings in your post. I auto-delete anything about 10 and flag anything above 5.
But the end users still have to look through the flagged stuff to see if there are any false positives. Then they drop them into the false positive folder. The users also have to identify all the missed spam and drop that into the spam folder.
It's still work for them so the costs aren't as clear as in your post. But the non-tangible benefits are also important.
I think we're at the point of dimishing returns on simple scanning processes. I think we need to look at actively seeding the spammer's lists with false names and tuning the spam filters with those.
You can configure DSPAM to not use the ID, but this requires users to "bounce" the incorrect e-mails instead of forwarding them (as forwarding strips the headers).
Is the ID really that inconvenient?
I've been running DSpam for several months now and have found it works much better than Spam Assassin at catching spam. Furthermore, unlike SA, I have yet to get any false positives.
My only problem is DSpam was not easy to set up with Postfix, at least for me since I'm not an experienced mail administrator. While I now have it mostly working, I have not been able to get the alias accounts working so I can forward missed spams for automatic learning.
I look forward to upgrading to DSpam 3.0 when it is fully released. So far it is working much better than even Mozilla 1.6's spam filter.
I have Postfix running with DSpam and Cyrus IMAP, and by using sieve I have it automatically place spam messages into a spam folder.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
One thing that bothers me with this project is that the author has made wild claims about its accuracy in the past without backing them up. I mean everything the guy writes smacks of pure marketing and little technical.
He's claimed that the program is uber-accurate but doesn't give details. Compare with the popfile guys who publish their statistics in real-time for all users. http://www.usethesource.com/popfile_stats.html
Anyone done a real comparison of dpsam vs. popfile vs. spambayes?
The problem of UCE is bad enough, when you receive a bunch of incoherent gibberish, ads for bank loans, five thousand penis enlargement scams, and worse. What's worse, at least philosophically, is when "legitimate" sites spam the living fuck out of your addresses. Most of the time, this is because the guy who had the address before you signed up for all this crap, or because someone signed you up maliciously, or because someone typoed their address. The Cypherpunks list, may it rest in peace, was a good example. Over the course of a year or so, the entire list went to a signal to noise ratio that was negligable, because malicious parties signed the list addresses up for every bullshit mailing list they could find. I'm continuously spammed by davidbowie.com (I hate that no-talent shithead), a bunch of stock sites, and a bunch of "legitimate" Internet dating service sites. Of course, because they're "legitimate" sites, nobody places them under any obligation what so ever to remove my address from their lists, and they're free to spam me with impunity because it was supposedly requested. Complaints to their webmasters, postmasters, administration, and anyone else I can find always go without response, or I get some form letter telling me to use my userID and password to "opt-out." (The fact that they have a form letter should be a big clue here.) So why don't I just go to the website and remove myself? Do you honestly think I have the userID and password that Joe Numbnut used to sign me up for this shit? Unfortunately, email has become something that is destined to become useless. Even if we could control the spammers, such as by dragging them behind an 18-wheeler on I95 going 70 for, say, the entire trip up the coast, we'd still have to content with the mental midgets who run web sites that insist on badgering their users with mail on a continuous basis, and who won't honor complaints about it.
I run a small (~50 users) e-mail system, using Ipswitch's IMail Server (yes, I hate it too, but am not able to migrate away for several reasons) on Windows 2000 Advanced Server.
Does anyone know if DSPAM can be plugged into this kind of setup? I have a MySQL installation running on the same machine which could be used as the database backend required by DSPAM.
Others I've had direct experience with are spamprobe, spambayes, and CRM114.
My best experience has been with spamprobe, because it compiles as a standalone app, is very fast (at one point I was filtering over 10,000 emails a day on a Pentium 200 MHz) and is completely command-line oriented, best for scripting/custom mail systems. Colleagues of mine who use CRM114 are very happy with it, but I got discouraged by its large database files. I'm now experimenting with spambayes, the only difficulty so far being installing the python/bsddb environment.
NOT having companies advertise on my computer without my permission.
This is also your right on line...
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Otherwise your weights will be all wrong.
Equal parts ham and spam will yield good spam catching. RTFAQ.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
administrate....sounds like the result of an evil marriage between a management consultant and a dalek.
...is that spammers have access to the anti-spam tools.
They have access to DSPAM. They have access to SpamAssassin. They have access to the Bayesian filters found in Mozilla and other products.
When crafting their spams, they run them through these tools, and they keep obfuscating their spams until they get one through. Once they've got it perfect, they send a hundred million copies out to the world, and whammo! Your mo.rt-gage has been ap.prov/ed, and your v1ag---ra is ordered!
Tired of FB/Google censorship? Visit UNCENSORED!
DSPAM is uniquely suited to this (compared to other statistical filters) because of the ID string it uses. Users can simply forward their corrections to the gateway machine.
This has the added benefit of shielding the internal server from the outside. The only thing that appears to the outside is Exim (from Debian stable).
However, the GPL requires that authors retain their copyright in order to enforce the terms of the GPL. This statement instead releases code into the public domain. Once that happens, it's no longer GPL-able. The overall package includes a copy of the GPL, so presumably the authors think they're releasing a GPL product. But in fact, they seem to misunderstand the way the GPL works and its purpose.
If they want a PD package, drop the GPL. If they want the GPL, then they need to change their requirements for submitters. For instance, they could require transfer of the copyright from the authors to the DSPAM "governors", much in the way the FSF encourages authors to give them the copyrights to GPL'd work.
Or, as spammers like to call it, "double opt-in": It's when you get a challenge to your subscription, and must issue a response _before_ any other mail starts flowing in; single-submission subscription counts as illegitimate spam in my book.
If a given site/company doesn't bother to confirm someone actually wants to read their "news", I don't want to bother reading them. And yes, I know the confirmation rate (even for legitimate subscriptions) is low: tough luck.
Whenever I get some info "I requested" or end up in someone's list, I block them without giving it a second thought. The rejection message is explicit enough: show me a mail from me or any customer of mine confirming that subscription, and I'll let you in. Until then, all my customers (and we're talking a few million mailboxes) are off-limits to you.
Your post advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
(*) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(*) Huge existing software investment in SMTP
(*) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
I've been using DSPAM for about three months. A few criticisms:
First, by default DSPAM wants to run as the "root" user and usurp delivery of e-mails. (With Exim, they actually want it to recursively reinvoke the mail server for actual delivery!) It took quite a bit of configuring to get it to work like SpamAssassin from procmail.
This software is somewhat buggy, so running DSPAM as root would also introduce security concerns. For example, I'm using 2.10.6 because the 3.0.0 compiled and installed with no problems, but failed to classify anything. (Even with several hours of gdb tracing I was unable to determine why). Another bug is that if I run the "--falsepositive" on an e-mail that's lacking the "!DSPAM" signatures, the message should be ignored, but apparently this is not the case because the statistics counters are incremented.
From the FAQ:
"Q. Does DSPAM support whitelists?
A. DSPAM doesn't have a whitelist manager, rather whitelisting is an automatic function of DSPAM's Bayesian filtering mechanism."
This is crazy -- the whole point of whitelists is for when the Bayesian filtering fails! And DSPAM does fail. Twice now I've had to reset my database because the classifications were wrong and training wasn't helping. All I can say is I'm glad I've got procmail to rescue the important e-mails.
I think one source of my problems was that the default training mode ("train on everything") causes incorrect learning when you fail to report a false positive. This was a big problem for me, since I get around 700-800 spams/day. While false negatives are easily caught, the false positives go unnoticed unless I happen to wonder why someone never responded, and invest some time to search my spam folders. (I'm still trying to figure out exactly how to deal with this problem. E.g. maybe I could have it challenge the sender with Turing Test or something.)
I will say that DSPAM's basic technology is quite good. It's just that the software still has a "prototype" feel, and I'd caution you to do some experiments before unleashing it on your users. (For example, there's no manpage, and there isn't even a command-line option to print out the current version number!)
-Gonz
Your post advocates a
( ) technical (*) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(*) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(*) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
(*) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(*) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(*) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Your post advocates a
( ) technical ( ) legislative ( ) market-based (*) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
(*) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(*) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(*) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(*) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
As time goes on DSPAM (and SpamAssassin for that matter) become more and more sophisticated, incorporating more complex algorithms. What I also find striking is that many of these algorithms appear to be compute intensive. These spam filters seem to be designed for server side ISP level email filtering. I would expect that a computer would have to be dedicated to running this anti-spam software.
Also, as a number of posters have noted, configuring these spam filters takes some effort and education on the part of the user.
This level of resource comsumption is fine for an ISP, but it seems problematic for a single user or someone using a shared system.
I only use Linux shell based email to avoid worms and viruses. I've had my domain since 1995, so I got a lot of spam. As the tide of SPAM increased, overcoming the primative SPAM filter I was using I looked at both SpamAssassin and DSPAM. But these tools do not appear appropriate for a shared Linix system like the one that hosts my domain. So, in classic "reinvent the wheel fashion", I wrote my own SPAM filter. It is just a simple (compared to these tools) rule based filter. It filters out enough SPAM that email it not totally useless. This email filter can be found here. The email filter is written in C++ in an attempt to minimize resource usage. It is published as open source.
no.
Hahah.
;-)
OK, smartarse - of what is 'configurate' a conflation?
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Administer is the verb form for administration or administrator.
The word administrate is an incorrect form of the verb created by some who drop the -ion suffix of administration.
Incorrect: He did a great job of administrating the estate.
Correct: He did a great job of administering the estate.
Be careful when forming verbs from nouns that end in -ation, as the correct verb form may not end in -ate.
Since this is a spam subject, this is at least partly relevant:
I am a Direcway subscriber, and I was accustomed (angry, but accustomed) to receiving about 15-20 spams per day for as long as I can remember.
Slashdot ran a story within the last 6 months (I don't remember which one exactly) about the FBI raiding one or two of the largest spammers and confiscating their setup.
Almost to the day that the raid was to have occurred, all spam to my inbox instantly stopped. I haven't gotten a single spam message since the about the same time as the second raid.
It seems to me that those guys may have been the sole sources of all the spam going through Direcway to my account. Are there any other Direcway subscribers here that had the same experience, was the whole thing just an extraordinary coincidence, or did Direcway find the holy grail of anti-spam?
As far as I can tell, all my regular email is getting through and going out. No email that I knew was coming has yet failed to arrive, so any filtering at Direcway's servers, if such a tactic is being employed, is doing a great job.
I ^H^H a guy I know used to retaliate, stopped for a while when the spammers built up their defenses, and then tried it again last week against some spams which started leaking thru his filters.
They are wide open again, brothers, because apparently no one else is dossing them anymore either and they have let down their guard.
I would guess that they lost money when they overprotected their forms against that type of "response," which made too many legit buyers say fuck it instead of filling out some bossy form.
SpamAssassin is a good start. If you're really wanting to reduce false positives, consider bringing
dspam into the mix. "DSPAM presently peaks at 99.985% accuracy, which is ten times more accurate than a human being and is presently being used on implementations as large as 125,000+ mailboxes." bogofilter is another advanced project in the same functional space.
http://tinyurl.com/4ny52
For the anti SPAM system that returns it to sender, prints it out and shoves it up his ass.
Now that will, by god, cut down on SPAM.
Professional Politicians are not the solution, they ARE the problem.
i used it a month or so ago for about 10,000 emails and it consistently did much worse than spamassassin; both on the spams that got thru and the false positives. sorry dspam. good concept. try harder. and stop making false high percentage claims. thats totally invalid and smells of marketdroids.
With drugs, there is a huge demand on the part of the consumer. People will pay great amounts of money to get drugs. That gives big incentives for suppliers. No matter how hard it is to get the drugs in and how much they end up costing, you can almost be assured that someone will buy them.
Not the case with SPAM. There is, in fact, basically zero consumer demand for SPAM. I have never met a person that demands they get e-mail advertisments and would pay to do so. In factm everyone I know (tech savvy or not) is the opposite, they'd pay to NOT get SPAM e-mails.
The reason that SPAM is profitable is because it is very low cost and, at least until receantly, was very low risk. So once and a while the spammer hits someone who is suckered in to buying what they are allegedly selling. Doesn't need to be all that often as costs are low.
That's why things like SPAM filters and anti-SPAM laws can actually make a significant difference. Nothing will ever stop it, of course, there will always be some idiot willing to try it, but it can really help.
You'll notice that all the top spammers are not super rich people. They do not have the millions of dollars that the drug lords do. They make plenty of money, but not an overwhelming amount. Thus if prision and loosing all their illgotten gains becomes a real possibility (and it has, the DOJ is prepping 50 criminal cases related to SPAM right now) most of them will stop. They will find the risk to be too high, and not do it.
Filters also help in the regard of making it less profitable. There IS a cost to being a spammer, even if it is low. Let's say, for the sake of argument, that you need to make one sale per 100 million e-mail messages sent minimum to stay in bussiness. Now with little SPAM filtering, almost all of your messages get through and you find you get 1 sale for every million messages. You are doing great here. But what happens if everyone starts using filtering software that filters 99.95% of your messages before they ever reach the user? That means that only 1 in 5000 messages every reaches someone, so you only get 1 sale for roughly every 5 billion e-mails you send. Suddenly you are way below the line of profitibality.
Now these are made up numbers, I don't know what the real level is, but the point is the better filters are, the less profitable SPAM gets. Combine that with it now being illegal, and therefore not a no risk bussiness, it is significantly less attractive.
Just because we can't eliminate SPAM doesn't mean we can't make a large dent with laws and technology.
SMTP has a security hole: any connecting client can assert any sender address. This flaw has been exploited by spammers to forge mail. The result: your mailbox fills up with bounces to messages that you didn't send. Close the hole, and we can easily block spammers by sender domain.
SPF closes the hole by using a DNS record that says which hosts can send email with a from address in the domain. The record is a simple TXT record that looks something like this:
What most of you don't know is that this is a Microsoft technology. Remember when Bill Gates said that he'd solve the spam problem in two years and you all laughed? Read this for the all the technical details. As it is an internet draft, this is completely patent free and anybody can use it.
I got a message or two archived as spam by my program, CF13 that were deliberatly designed to poision and render ineffective Bayesian filters and their ilk. Instead, my program takes a heristic approach at filtering spam and has been very effective without the overhead of time and system resources that Bayesian-like filtering methods require to work properly.
As an added benifit, my program renders malware inert and 'safe to handle'.
Just wait till the spammers start training their spam generators through dspam.
Furthermore: some people/sites just write messages that look like spam.
A legit sender could say this: "Activate your registration now - click here [url link]". I mean what else do you want them to say without wasting bandwidth?
A spammer could send nearly the same message.
So you'd probably have to blacklist/whitelist the urls they link to.
I think having decoy email accounts to identify spam could be a useful tool.
my 1st question would be how many of the 100 actually need an external use / routable email address? ;)
Maybe my spam-filter hooked that one, but I can't ever recall seeing advertisement for verbal viagra!
Karma be damned: Please post, I can't wait!
Not Buzzword 2.0 compliant. Please speak english.