Slashdot Mirror

← Back to Stories (view on slashdot.org)

Revolutionary Spam Firewall Developed

Posted by CmdrTaco on from the well-that-said-so-anyway dept.

psy writes "physorg has a story on a new spam firewall developed at The University of Queensland. The new technology is the only true spam firewall in existence, according to co-developer Matthew Sullivan. "Existing anti-spam software filters out spam whereas ours puts up a firewall, stopping all email traffic and only allowing real mail through," said Mr Sullivan. "In addition, our technology is accurate and fast. We recently completed a successful trial of a key layer of the spam firewall and it processed the emails at 90 messages per second, misclassifying only one out of 25,000 emails." "It turned out that the software was even better than us, picking up spam we'd incorrectly classified as legitimate emails."

16 of 507 comments (clear)

  1. Spelling by swordboy · · Score: 5, Funny

    I have a simple algorithm to reject spam: spelling.

    If you can't spell correctly, then I don't want your v1agr4.

    --

    Life is the leading cause of death in America.
    1. Re:Spelling by random_culchie · · Score: 5, Informative

      Yes and aparently there are 600,426,974,379,824,381,951 different ways to spell viagra!

      Will your algorithm do it with polynomial complexity ;)

    2. Re:Spelling by gowen · · Score: 5, Funny
      We should apply the "good spelling" rule to /. posts.

      ( Read More... | 2 of 1274 comments | it.slashdot.org )


      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    3. Re:Spelling by swordboy · · Score: 5, Insightful

      I honestly think that we need an RFC for this so that idiots who can't spell can get a real error message back when their legitimate email gets rejected. At this point, all spammers would be forced to spell correctly and it would be difficult for them to get their point across without using obvious spam keywords like 'viagra'.

      --

      Life is the leading cause of death in America.
    4. Re:Spelling by wheany · · Score: 5, Insightful

      Only if the bayesian filter sucks. Or rather: Only if the tokenizer of the filter sucks. Bayesian filters don't have to treat the message as a raw string. They are free to parse it to, for example, remove comments, use image urls, or the difference between the foreground and background color in html mails as words.

      You can make a tokenizer that not only treas a word written like this: 't.r.i.c.k.y', as the word 'tricky', but also as a "pseudoword" like 'trick:dottedword.' So the "bayesian part" of the filter would see these two words: 'tricky' and 'trick:dottedword.'

      And there is of course loads of information that can be extracted from the headers of the mail.

  2. Not the first; not revolutionary by Anonymous Coward · · Score: 5, Informative

    I think Barracuda Networks would rather disagree with the idea that this is the "only true spam firewall in existence," considering that Barracuda's entire product line consists of spam firewalls.

    Damn fine spam firewalls, too, I might add. They handle around 115 messages per second, and can run up to eight filtering steps (including Bayesian analysis, which is similarly efficient to SVM, which the one in the article uses). Plus Barracuda's can do virus scanning.

    I'm not sure how this is revolutionary.

    1. Re:Not the first; not revolutionary by Rikus · · Score: 5, Insightful

      Isn't "spam firewall" just a marketing term for "filter"?

      Isn't "revolutionary" just a marketing term for any stupid new product?

    2. Re:Not the first; not revolutionary by Greyfox · · Score: 5, Informative
      I believe the distinction is when the filtering takes place. If you wait for the spam to be placed on your hard drive and filter it out when you start your mail client, then it's filtering. If you reject the spam before the remote MTA drops the connection, then it's a firewall.

      I'm using Postfix at home and it's got some nifty features to allow you to do this sort of thing. You can write a simple SMTP server that listens on some port of 127.0.0.1 and configure postfix to send the mail though that. Your server scans the E-Mail and sends a reject or accept message back to postfix, which sends it on to the remote MTA. Your SMTP server then feeds the mail into another postfix server which listens on an odd port of 127.0.0.1 and doesn't have the restrictions that your publically accessable postix server does. There are packages available for all sorts of scanning based on this ability. Since you reject the message at MTA time, you don't have to bother with sending a bounce message, either.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    3. Re:Not the first; not revolutionary by Rei · · Score: 5, Insightful

      Isn't slashdot supposed to be more than just a conduit for corporate press releases?

      --
      No matter how kind you are, German children are kinder.
    4. Re:Not the first; not revolutionary by LaCosaNostradamus · · Score: 5, Insightful

      Isn't "marketing" just a term for people who don't know, selling to other people who don't know?

      --
      [You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
  3. What happens to the 1 mis-classified email? by Thrymm · · Score: 5, Interesting

    1 out of 25k is impressive, but what happens to these spam mails? Are they bounced back as an error "no user account found"? Or done like a blackhole where the spammer doesnt know if it reeached its intended recipiant? I like my SpamBayes :)

  4. Re:1/25000 by stienman · · Score: 5, Interesting

    Most users of email are now treating it as a lossy messaging system, and the users themselves accept that some messages simply don't make it. Critical business is always followed up with a call.

    -Adam

  5. My favorite line: by calypso15 · · Score: 5, Funny

    "...companies losing valuable employee time to deleting spam..."

    Maybe they should be working on a Slashdot-Firewall. Damn, I really should get back to work.

    Oh, and since the linked article got /.ed, here:
    http://www.uq.edu.au/news/index.phtml?article=5833

  6. Re:1/25000 by cyngus · · Score: 5, Insightful

    One of two conditions exists in this case.
    1) The e-mail is vitally important and your business will be seriously damaged by its failed delivery.

    2) The e-mail was somewhat important, but not something large enough to materially change your revenue/profits.

    If the first is the case, you probably shouldn't be using e-mail in the first place and/or whoever sent it is probably going to follow up with a FedEx or phone call.

    In the case of number 2 (ha ha, number two), you've saved so much time not having to wade through spam that the losses are negated.

  7. Here's how it probably works by lokedhs · · Score: 5, Interesting
    I heard about this new technique before. Apparently it works trmendously well.

    The idea is that the mail server keeps a whitelist of "allowed" addresses which are always accepted. If a mail comes from an address which is not known, the mail server will reply with a "server unavailable, try later" error message. All real mail servers will try to send the message a little later (I don't know the exact time, but it's probably less than an hour. Someone else might know better).

    The second time the remote mail server tries to connect, the server accepts the mail and adds the address to the whitelist.

    However, mass mailers for spam don't do this but simply go on to the next address in the list if this happens. This way the spam message is filtered out.

    Note that this method doesn't require any analysis of the actual content of the messgae, nor does it involve any manual actions from neither the sender nor the receiever. Currently it's porbably the best spam blocking method that exists.

  8. I hope they don't reject my e-mail by koinu · · Score: 5, Funny
    I'm a.l-wa-ys wr|?|-ng l|-ke ðißs 2 m.y f-iends

    amidoacetic platymyoid granomerite nonacceptant dorsoposteriad uninclined unshocked zibet intercity lornness