Slashdot Mirror
The Spam Conference 2005
dos_dude writes "This year's Spam Conference is over. As usual, the MIT provides low and high bandwidth webcasts. The talks featured a full spectrum of anything possible. From absurd to sound, from boring to entertaining, and from dead-horse-beating to brand-new. Highlights: John Graham-Cumming presented the results of the survey he did with the help of many Slashdot readers, Jon Praed gave the details of the trial against spammer Jeremy Jaynes and friends, Brian McWilliams posed the question what will happen when all spam is finally filtered, and Matthew Prince plugged Project Honeypot in a very entertaining way. Shameless but useful plug: here's the final schedule with links to the webcasts."
How do they get their anti-spam software from filtering off all the mail from someone with such a name?
The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam, or for a complete redesign of current mail systems which would require centralized authority.
The first of those things will likely never happen; instead, the government would simply make it legal to send spam for certain reasons, and likely make it illegal to mess with such "mail" - in the same way the federal mail system works. They'd likely get a fair cut of all profits from that.
If that were to happen, there'd be little likelyhood that authorized hosts would do any good. Even if we can get such authorization sorted out first, it'll likely have design flaws for a good long while which will be exploitable.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
The only way to truely stop spam is build a white list, in which you can only recieve e-mail from the addresses on the white list. The downfall is that you cannot recieve e-mail from people that aren't on the list.
But if you only send and recieve e-mail from a few select people on your e-mail account, then a white list may be a good option for you.
SPAM: Stupid Pointless Annoying Messages
Does anyone else agree with me that it is kind of sad that it has gotten to this point, where we need a conference just to battle these messages?
Especially when it's only a small core group of individuals which accounts for most of the spam...
Will there always be people that abuse systems in any possible way?
Is when ISPs keep sigining pink contracts. We can filter untill we are blue in the face, but as long as spammers still have unfettered access to 'bullet-proof' hosting we will never win this war. What we need is for ISPs to actually ENFORCE thier AUP/TOS and the problem is solved. Of course the big problem is GREED and MONEY, and ISPs love to rake in spammer money without ANY reguard to consequences to the rest of the net community.
How did John Graham-Cumming get through High School with a name like that?
At a certain point, we will spend more time reading about anti-Spam measures than we will be reading about Spam.
Since there is a Slashdot article about Spam every day, and I usually spend about 5-10 minutes deleting spam, we might have already reached this point.
Hopefully I didn't put any [] around my words.
I learned around Election Day last year that lots of my friends' corporate mail servers were filtering my personal messages mentioning politics as "spam". Though they weren't commercial, weren't unsolicited, my name is in their address books, and political email (even if unsolicited) is excluded from at least legal definitions of spam. Many of my friends complained they weren't getting these messages they heard about from other friends (though I don't know whether any were forwarded into spamtraps). Will spam destroy the Internet by raising our guards so much that some messages never get through, though we want to exchange them? How much political and commercial power do these spam filter companies have now?
--
make install -not war
This is a setup that filters the mail of me and my family, and works very well (only 1 false negative in 200 spam messages, and no false positives so far). I filter all my messages through spammassassin, with bayesian filtering enabled. Bayesian filtering causes a lot of CPU load when a message is scanned, but it's worth it. And URL blacklisting . That URL blacklisting is really important, since a lot of spam today only contains one image, with a link to a site, but that one link, makes it very easy for blacklists.
I hope they can come up with new ideas to defeat spam at the convention, but for now, this solution works fine for me.
This is one lame signature, please read the message above instead.
Invented SPAM
(1) All spam is finally filtered.
(2) Buy first snowplow dealership in Hell.
(3) Profit!
Find free books.
Who in their right mind decides to publish media in RealMedia format?? Seriously? I'm really, really sick of that real stuff. Anyway, I found a decent solution... use Real Alternative on Windows (contains a simple media player and real codecs!) or the heavenly RealPlayer for Linux.
I have two stages of email account -- the first-level account, and then a second-level account. All non-friend/family email goes to the first, and everything from people with close ties or sensitive information goes to my second-level (personal) account.
So far, I've been able to cordon off 99.5% of my spam just like this. One or two may slip by from time to time, but so far it's been surprisingly effective.
Of course this isn't a solution for the fact that spam clogs up internet traffic like a cotton ball in a straw, but it's still food for thought when it comes to a personal front against spam.
SNACKS ARE AWESOME
As John states in his presentation, he is not a real pollster and his data is awfully skewed, so I can't have one look at it without doubts.
--- Sigmentation Fault - Comments Dumped
Spam for fraud schemes is growing. But even there, some kinds of frauds are dying out. We don't see many stock pump-and-dump spams any more. This is partly due to action by the SEC, but it's mostly due to lack of investor ignorance. Spamming about a stock doesn't affect stock prices much any more.
Fraud schemes are a law enforcement problem, and we're seeing more action there, because the "phishing" thing has grown to be such a big problem.
Between lawsuits by Microsoft and AOL, enforcement by the SEC, banks watching for phishing schemes, and, finally, some activity by the FBI and FTC, being a spammer is becoming more hazardous. We've seen a few spammers go to jail, which should have some deterrent effect.
oh.. ram it up your ass, bigberk!
that's probably the most useful link that's fallen in front of you all day. it took me 3 years to find a way to play real content without realplayer
I would have attended this, if I would have known about it. Does anyone know of a place that has a list (not just spam, but short, sweet and to the point IT-related) of these types of conferences coming up?
You should try some good SPAM recipes.
One line blog. I hear that they're called Twitters now.
As usual, somebody describes the problem, says that all the common solutions don't work and doesn't give any other solutions.
Will probably be modded up to +5 insightful, while it is nothing more than -1 troll.
bash$
I'll give you a solution: encourage your ISP to make use of the dozens of blacklists that currently exist. Select a reasonable blacklist that puts pressure on bad ISPs (those that don't do their part to eliminate spamming customers). Spamhaus comes to mind, and SPEWS has some merit too. Push businesses away from ISPs that support spammers or refuse to adequately secure their network. Spam does not come from any other place.
Blacklists these days don't have to accept/reject mail (binary decision); with spamassassin you may just be talking about a different threshold for spamminess depending on where the mail came from. This throws out the complaint, "doesn't give legitimate mail a fair chance".
Just today I ran across Internet Mail 2000, a concept apparently initially conceived by Dan Bernstein. I haven't read all or even most of the information on that page, finding it somewhat difficult to wrap my head around. The big difference from it and SMTP is that it is a pull rather than push protocol. For Alice to send a message to Bob, Alice puts the message on an IM2000 server (replaces the originating SMTP server) which sends Bob a note "hey, I've got a message for you". Bob's email client then downloads the message from the server.
The big advantage here is that the note is small, and Bob need not download the message at all if he believes it is spam, reducing the spam bandwidth usage. Also, the sender must make an effort to have a permanent server so the receiver may even get the message. Not really a burden for legit mails that already need a permanent server somewhere for receiving mails (right?). Forgeries are also prevented, because the note necessarily contains correct information about how to find the message.
Aside from the usual reply to anti-spam solutions (this one requires mass participation and won't happen, yadda yadda), and the lame name (shouldn't they change that to IM3000 now?), have others looked at this? What are your opinions on it?
I provided a clear and simple suggestions to fix this : add decent authentication to SMTP daemons, legislate and eliminate mediocre auth. schemes such as SASL.
Broken Hearts are for Assholes. - Frank Zappa
The conference presentations look invited rather than refereed, but doesn't a "scientist" usually have both interest in and obligation to the bases of the scientific method? Why bother to collect data if you intend to apply no analysis?
[1] There is one solitary mention of possible bad data, ignoring the fact that all the rest is totally unverified as well.
I wasn't asking for solutions, just commenting on the previous post.
:-)
But if you're wondering what we're doing:
- greylisting (handy to get rid of 95% of the spam and 99% of the viruses)
- sbl-xbl.spamhaus.org
and spam assassin on the rest of the email which actually gets through
bash$
probably the only downside is the greylisting delay
Delay, delay, what is delay....
We have set it to 30 seconds (45 maybe, can't be sure), so the second attempt is always working.
For the rest, it's only the first sender/addressee/MX gateway which is delayed, the rest is automatically forwarded.
If you want to know what the real disadvantage is, it is broken windows software which doesn't know the difference between the 450 and the 550 status message: Read my experiences at http://weblog.barnet.com.au/edwin/000081.html.
bash$
BLOODY VIKINGS!!!
What does this button do...
Which means that some spam was learned that had that string so any messages with that string are flagged as likely spam.
During specific times (elections, disasters, etc), the spammers will attempt to poison Bayes databases by including phrases about those events.
There's nothing political about it.
Check what triggered on those emails. That's all.
It's about strings.
And spammers know that.
So the spammers include those strings in their spam.
Someone sees the spam and has Bayes "learn" it. Now those "political" strings are learned as spam.
You receive an email with those strings, but it is flagged as spam because of the Bayes database.Great. So all a spammer has to do to make sure his spam gets through is to include a segment of a political story.
Which means that there will be NO way of stopping ANY spam, ever.
This is NOT political.
This is all about spammers using strings that they know will be on lots of email that lots of people will be sending / receiving from their friends.
I don't sweat it that much because I really *knocks on wood* don't get that much spam. The one exception is that #&%%@ kid in Texas who I'm pretty sure is behind the mortgage spam. Anyway, is there something that'll "que" the spam,so that the recognized addresses go to the top and the ones that meet less and less criteria go further to the bottom of the list?
What does this button do...
oops, I thought the article was talking about the 3rd Annual Nigerian Email conference.
If blacklisting worked we'd be rid of spam. Google tried it, they quickly noticed spam growth is geometric, their own capability is not.
Blacklisting is bullshit, they gave you mods up for ranting but my post is still concise, the solution is technical : authentication.
You ignored the fact I mentioned that Wietse Venema wrote Postfix, and I offered a solution : add proper authentication to Postfix.
You also ignored what I said about SASL, which is a mediocre authentication system. I proposed fixes, but you went on to discuss blacklisting.
Blacklists are what FBI uses to find thousands of criminals. In cyberspace you know well there are 4 billion possible IPv4 and the near infinite capabilities of IPv6 are just around the corner.
Infinite domain names combinations, cheap domain names and a universe of IP addresses. Blacklist that....you'll spend the rest of your life either running queries on the blacklist or updating the blacklist.
Authentication and legislation: the only solutions to spam, whether you like it or not.
Broken Hearts are for Assholes. - Frank Zappa
Sorry for ignoring... I did read your post, I'm a big fan of Postfix and Wietse's work. I'm watching him add TLS into Postfix main and also like the greylisting. But I think blacklist still have their place. There are not 4 billion possible IP addresses; you know most of those are reserved, and the remaining real internet is divided by hierarchy into a few hundred class A's by geography and a finite, several thousand major networks under each. Every IP address fits within a clearly identifiable network, for whom there is a business or organization responsible. Some of these networks are responsible and responsive to fixing abuse, and others simply aren't.
So while I think there are better solutions to spam, I think blacklists play a vital role in protecting my own servers from regions of the Internet which are mismanaged. These regions are well known, and I won't accept traffic from them.
"Bush" is political when used in political context.
"Bush" is sexual when used in a sexual context.
"Bush" refers to plants when used in that context.
"Bush" can be used in one context to make a comment in a different context in a single message.
It's all about the CONTEXT because "Bush" is just a string.Again, ONLY if a message with those STRINGS in it was submitted to YOUR Bayesian database as SPAM.
If they were NOT, then they will NOT count towards the spam count.
There is nothing magical about it.
There isn't a government agency secretly populating your Bayes databases.
The Bayesian databases reflect exactly what was put in them. Which is why they are so effective at fighting spam.And WHO is telling the database to do that?
Hmmmmmmm?
Do you believe that someone is pre-loading your Bayesian database?
Do you believe that someone is intentionally altering the settings on your Bayesian database?Well I'm certainly not surprised. Even though it wouldn't take much effort to look at the headers to see.And that's just more evidence that you do NOT understand the situation.
You're still putting "political" in there.
It isn't "political".
If a friend emails me that he's selling his home because he doesn't want to pay the mortgage while his cheating wife has sex there and it gets flagged as spam, I don't worry that there's some RELIGIOUS problem with my filters. I understand what "strings" are and how they are used in these Bayesian databases based filters.
But to you, it's all about some political catastrophe.No. The problem is that you don't understand the technology.
You don't understand how/where spammers get addresses.
You don't understand how filters (particularly Bayesian based ones) determine whether an email is spam or not.
You don't understand how spammers try to get around those filters.
Despite all of that, you're still convinced that there is a problem that YOU see that others who actually understand the issues are blind to.
Scenario #1:
A completely blank Bayesian database. Brand new. Your son "Kerry" is emailing you about how funny it was that another kid was caught "cheating" in one of his classes.
Those strings populate the database with a high "ham" factor.
Political emails about how "Kerry" was "cheating" in "Vietnam" will come through without any problem (and "Vietnam" will be learned as ham).
So, where's the political bias there?
Scenario #2: Same as scenario #1, except your kid's name is "George" and the political email is about how "George" "Bush" was "cheating" during "Vietnam".
The political crap still gets through.
It's all about technology and statistics.
It only looks like magic to those who don't want to spend the time to learn it.
anything about
-- Viagra RX
-- Vioxx RX
-- Levitra
or
amy and her web cam ?
http://www.vanillaafro.com - take me seriously and I will shoot you
One of the problems directly connected to SPAM or better to AntiSPAM measures is that the global email connectivity is severely damaged. Many sysadmins are enabling blind filtering on national IP ranges. And which networks end up in the blacklists most of the time? You name it: chinese, african and eastern european.
While such measures do really help they also hurt. I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear on the way and I cannot do anything but validate each message via IM or GMail. And what if I address a mailing-list? Or a business partner who neither uses IM nor likes to receive emails from free webmail providers?
More and more of our hosting companies (they usually provide email services too) suddenly find themselves in different RBLs and you know how HARD is to change a hoster.
One way is to find a relay outside Russia but those industrious SpamAssassin installations on the Net will check all the relays that the email passed through and figure out that the very first is in Russia. Ahh..
My invite to this got filtered out, hence I missed it :/
How do you get rid of those mischievous links?... atm /stats/referers
http://GuideToProblematicalLibraryUse.buzzword.co
It's a blog template provided free to bloggers but with not that great support !
God I'm sick with this stupid form. Why would a solution not work if it's useless against brute force attack. So SSL, http, and virtually every existing protocol out there is useless?
Of course there are problems in the filters. Duh!
And, at the same time, any mail system operator HAS to filter today.
The biggest cost of SPAM is not the wasted time on the delete key. The biggest cost of SPAM is the loss of reliability of email.
We used to be able to depend on email getting through. Now, I'm afraid that good email practice is to reply "Yes, I received your mail..." to any significant piece of email. What a waste!
-- Sally
You wrote, "Spam, as an advertising vehicle, is dying out."
Yes, it's dying for legit businesses. That's another of the costs of SPAM. I don't mind marketing messages from legit messages so much. Promotional emails from identifyable businesses with legit web sites and domain registrations. If I don't want their mail, I write them politely. I really hope our spam solutions still enable legit businesses to send promotional email. I want to do so at times, and I don't want my mail to trigger anger, SpamCop complaints, etc. (It's not SPAM, honest!)
But, SPAM is going strong for shady businesses, sex, porn, fraud, and phishing. No identifyable sender, domain registered in the last ten days, etc. These I send to SpamCop.
-- Sally
No one ever said that there weren't false positives. The issue was whether they were political.
You don't understand the technology. Suppose you found a new scandal involving Bush and Meitnerium.
That would probably get through their filters. Unless their filters were also trained on the word Meitnerium.
Well, you believe you do.
I thought you understood the technology.
...
...
...
...
...
...
...
So, what you're saying is that a corrupt politician
Would pay a spammer
To use certain words
In a spam flood
Against a specific news organization
So that that specific news organization's filter will learn those key words as spam
And someone with info on a new story involving that politician and those words will have their email eaten by the spam filter
Interesting theory. Of course, no one at CBS would wonder why all of their email to their news shows suddenly stopped mentioning "Bush" (all emails mentioning Bush were eaten).
The US post office. People never send paper letters.
This would only affect CBS. What if the story was sent to MSNBC also? ABC? CNN?
No, not "regardless of how or why".
To be political, it has to be "why".
I understand far better than you do.
... just sending 1,000 spam messages would only bring the likelyhood of it being marked as spam up to 50%.
First off, I understand that email is NOT the only means of communication. Even if someone could block email traffic about Bush / scandal / whatever, they couldn't block the others. Nor could they block the email traffic to other news organizations. Even your extreme example is meaningless.
I understand that CBS news gets TONS of spam and TONS of ham about Bush and scandal.
I understand that it takes a ton MORE messages to alter a Bayesian filter.
If CBS has 1,000 ham emails that had Bush / scandal / whatever
The spammer would have to FLOOD their mail server with those tailored messages. The spammer would have to send 100x the previous TOTAL number of ham messages, at once.
How does the spammer know what that previous total was? Was it
100? Send 10,000?
1,000? Send 100,000?
10,000? Send 1,000,000?
100,000? Send 10,000,000?
All to CBS news. Of course, you'll assume that their servers can handle that load.
All to shutdown one avenue of contact (email) for one phrase (whatever the sc
It was posted right here on SlashDot a few weeks ago.
I attended. Pretty academic but interesting.
-- Sally
Kappa wrote, "I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear..."
A good friend from the Netherlands has exactly the same problem.
This is a real problem for the people in such countries who do want to be good global citizens.
You could sign on with a legit provider in one of the "good" countries and work through an SSH tunnel to that server. Then there will be no headers with problematic IPs. Hope this helps. I understand hard currency might make this expensive.
-- Sally
As I sat in the MIT Spam conference, I had an overwhelming sense of waste. As Barry Shein said last year, "Look at the great minds here working to stop penis enlargement promos!"
I believe there is SPAM because email is essentially free. The SPAMmer can send millions of messages for $ nil and doesn't have to care about the response rate. Ordinary advertising grates on us a bit, but not as much as SPAM. Why? Ordinary advertising costs money and HAS to be a little bit interesting.
How do we think about the right costs for things on the internet. I believe we have a mental model that the "best" strategies are the ones that drive the costs to zero. But, if you look at email, you can see what happens when the cost is zero.
We would all be better off if it cost a penny to send an email message. Or, if Esther Dyson's micropayments scheme were to become universal (sender pays, reader receives a micro payment for each msg). SPAMmers would NOT send a millions of SPAMs at $0.001 per msg.
I think the idea of free WiFi is dangerous. Think about the kinds of abuses that would be encouraged.
Another scary thought: Look what's happening to the cost of telephone calls, including international calls...
Zero is not the price we want. Zero cost -> abuse.
-- Sally
p.s. Caveat... Even if email costs $0.001/msg, frauds and phishing would still be problems. And, there would still be a market for bot-nets for other nasty schemes (DDOS, etc.).
i hate the nuisance of spam, but what about addressing the pain of those that send out newsletters and find that their legitimate emails are marked as spam?
two thumbs down.