Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Spam Conference 2005

Posted by timothy on from the it-seeps-in-the-pores-it-does dept.

dos_dude writes "This year's Spam Conference is over. As usual, the MIT provides low and high bandwidth webcasts. The talks featured a full spectrum of anything possible. From absurd to sound, from boring to entertaining, and from dead-horse-beating to brand-new. Highlights: John Graham-Cumming presented the results of the survey he did with the help of many Slashdot readers, Jon Praed gave the details of the trial against spammer Jeremy Jaynes and friends, Brian McWilliams posed the question what will happen when all spam is finally filtered, and Matthew Prince plugged Project Honeypot in a very entertaining way. Shameless but useful plug: here's the final schedule with links to the webcasts."

18 of 156 comments (clear)

  1. John Graham-Cumming? by Anonymous Coward · · Score: 5, Funny

    How do they get their anti-spam software from filtering off all the mail from someone with such a name?

    1. Re: John Graham-Cumming? by kabloom · · Score: 2, Funny

      How do you think he got involved in the anti-spam scene? He doesn't want false positives!

  2. spam will never be gone by CAIMLAS · · Score: 3, Insightful

    The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam, or for a complete redesign of current mail systems which would require centralized authority.

    The first of those things will likely never happen; instead, the government would simply make it legal to send spam for certain reasons, and likely make it illegal to mess with such "mail" - in the same way the federal mail system works. They'd likely get a fair cut of all profits from that.

    If that were to happen, there'd be little likelyhood that authorized hosts would do any good. Even if we can get such authorization sorted out first, it'll likely have design flaws for a good long while which will be exploitable.

    --
    ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
    1. Re:spam will never be gone by northcat · · Score: 5, Insightful

      The only way for spam to go is for the society and current business practices to change. Really, don't you see similarities between spam and today's businesses and marketing?

    2. Re:spam will never be gone by SharpFang · · Score: 4, Informative

      The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam

      Government of what? Of the Planet Earth?
      Excuse me, but you, Americans, aren't the only nation in the world who sends spam.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  3. Kind of sad... by linolium · · Score: 5, Insightful

    SPAM: Stupid Pointless Annoying Messages

    Does anyone else agree with me that it is kind of sad that it has gotten to this point, where we need a conference just to battle these messages?
    Especially when it's only a small core group of individuals which accounts for most of the spam...

    Will there always be people that abuse systems in any possible way?

  4. The biggest spam-enabler... by Puma_Concolor · · Score: 5, Insightful

    Is when ISPs keep sigining pink contracts. We can filter untill we are blue in the face, but as long as spammers still have unfettered access to 'bullet-proof' hosting we will never win this war. What we need is for ISPs to actually ENFORCE thier AUP/TOS and the problem is solved. Of course the big problem is GREED and MONEY, and ISPs love to rake in spammer money without ANY reguard to consequences to the rest of the net community.

  5. At a certain point... by Glowing+Fish · · Score: 4, Funny

    At a certain point, we will spend more time reading about anti-Spam measures than we will be reading about Spam.

    Since there is a Slashdot article about Spam every day, and I usually spend about 5-10 minutes deleting spam, we might have already reached this point.

    --
    Hopefully I didn't put any [] around my words.
  6. Antispam trap by Doc+Ruby · · Score: 3, Interesting

    I learned around Election Day last year that lots of my friends' corporate mail servers were filtering my personal messages mentioning politics as "spam". Though they weren't commercial, weren't unsolicited, my name is in their address books, and political email (even if unsolicited) is excluded from at least legal definitions of spam. Many of my friends complained they weren't getting these messages they heard about from other friends (though I don't know whether any were forwarded into spamtraps). Will spam destroy the Internet by raising our guards so much that some messages never get through, though we want to exchange them? How much political and commercial power do these spam filter companies have now?

    --

    --
    make install -not war

    1. Re:Antispam trap by rjkimble · · Score: 2, Informative

      My guess is that the corporations who filtered your email's just didn't want political stuff floating around their networks because of the potential for complaints of harassment from their employees and/or for productivity reasons (too many people wasting company time discussing politics and not getting their work done). I doubt they were filtering you specifically. I try to use personal email accounts for such correspondence.

      --

      Guns don't kill people -- people kill people.
      But the guns seem to help a bit. (apologies to Eddie Izzard)
  7. What works for me... by Neduz · · Score: 2, Interesting

    This is a setup that filters the mail of me and my family, and works very well (only 1 false negative in 200 spam messages, and no false positives so far). I filter all my messages through spammassassin, with bayesian filtering enabled. Bayesian filtering causes a lot of CPU load when a message is scanned, but it's worth it. And URL blacklisting . That URL blacklisting is really important, since a lot of spam today only contains one image, with a link to a site, but that one link, makes it very easy for blacklists.
    I hope they can come up with new ideas to defeat spam at the convention, but for now, this solution works fine for me.

    --
    This is one lame signature, please read the message above instead.
  8. What the hell is 'ram' format by bigberk · · Score: 2, Informative

    Who in their right mind decides to publish media in RealMedia format?? Seriously? I'm really, really sick of that real stuff. Anyway, I found a decent solution... use Real Alternative on Windows (contains a simple media player and real codecs!) or the heavenly RealPlayer for Linux.

  9. Spam is on the way out by Animats · · Score: 4, Interesting
    Spam, as an advertising vehicle, is dying out. If it's an obvious ad, it gets filtered out, and if it's a fake, it's a CAN-SPAM act violation. Either way, it's useless to an even vaguely legitimate business. There's still plenty of spam being sent, but the amount being read by anybody is down.

    Spam for fraud schemes is growing. But even there, some kinds of frauds are dying out. We don't see many stock pump-and-dump spams any more. This is partly due to action by the SEC, but it's mostly due to lack of investor ignorance. Spamming about a stock doesn't affect stock prices much any more.

    Fraud schemes are a law enforcement problem, and we're seeing more action there, because the "phishing" thing has grown to be such a big problem.

    Between lawsuits by Microsoft and AOL, enforcement by the SEC, banks watching for phishing schemes, and, finally, some activity by the FBI and FTC, being a spammer is becoming more hazardous. We've seen a few spammers go to jail, which should have some deterrent effect.

  10. Internet Mail 2000 by fossa · · Score: 4, Interesting

    Just today I ran across Internet Mail 2000, a concept apparently initially conceived by Dan Bernstein. I haven't read all or even most of the information on that page, finding it somewhat difficult to wrap my head around. The big difference from it and SMTP is that it is a pull rather than push protocol. For Alice to send a message to Bob, Alice puts the message on an IM2000 server (replaces the originating SMTP server) which sends Bob a note "hey, I've got a message for you". Bob's email client then downloads the message from the server.

    The big advantage here is that the note is small, and Bob need not download the message at all if he believes it is spam, reducing the spam bandwidth usage. Also, the sender must make an effort to have a permanent server so the receiver may even get the message. Not really a burden for legit mails that already need a permanent server somewhere for receiving mails (right?). Forgeries are also prevented, because the note necessarily contains correct information about how to find the message.

    Aside from the usual reply to anti-spam solutions (this one requires mass participation and won't happen, yadda yadda), and the lame name (shouldn't they change that to IM3000 now?), have others looked at this? What are your opinions on it?

    1. Re:Internet Mail 2000 by fossa · · Score: 2, Interesting
      I guess this message sums up a lot of problems with IM2000.

      With a push system (SMTP), sending is simple (just connect to a server and dump the message); receiving is complex (run/rent a server with permanent internet connection). In a pull system, sending is complex (run/rent a server with permanent internet connection); receiving however, still requires a server to receive notes. Once these notes are collected, receiving is simple, with no guarantee of robustness (connect to remote message stores and download message).

      Surely there are many projects to reinvent email? Most discussions here are about modifying SMTP for reasons of its sheer momentum, but I'd also like to see what the ideal system would look like. Links anyone? I suppose I could start by reading the article... but who does that?

      While I'm at it, are there any projects or interesting discussions about distributed trust webs (a la gnupg/pgp)? Some way to quickly determine the trustworthiness/legitimacy of an ID you've never met given that you trust or don't trust a few IDs you have met before.

  11. oops, wrong one. by supernova87a · · Score: 3, Funny

    oops, I thought the article was talking about the 3rd Annual Nigerian Email conference.

  12. No, you do not understand. by khasim · · Score: 2, Informative
    I understand what you said.
    That is demonstratably false. You do not have any clue what I'm talking about. Here's the proof.
    You're being opaque about "content": strings like "bush", "kerry", "election", "vote", "ballot", etc are all content, all political, and all catchable by bayesian filters.
    No. They are strings.

    "Bush" is political when used in political context.

    "Bush" is sexual when used in a sexual context.

    "Bush" refers to plants when used in that context.

    "Bush" can be used in one context to make a comment in a different context in a single message.

    It's all about the CONTEXT because "Bush" is just a string.
    But what about filtering on "fraud", or "cheat" in a message with those other strings?
    Again, ONLY if a message with those STRINGS in it was submitted to YOUR Bayesian database as SPAM.

    If they were NOT, then they will NOT count towards the spam count.

    There is nothing magical about it.

    There isn't a government agency secretly populating your Bayes databases.

    The Bayesian databases reflect exactly what was put in them. Which is why they are so effective at fighting spam.
    That's a way to use bayesian filtering for a political analysis, even if nonpartisan; stopping "bush" and "cheat" more often than "kerry" and "cheat" is partisan.
    And WHO is telling the database to do that?

    Hmmmmmmm?

    Do you believe that someone is pre-loading your Bayesian database?

    Do you believe that someone is intentionally altering the settings on your Bayesian database?
    I'm not guessing the mechanism. I haven't tested the filters. I expect there are different ones, with different patterns.
    Well I'm certainly not surprised. Even though it wouldn't take much effort to look at the headers to see.
    The bottom line, in simple political terms, is that acceptable messages between peers with political "content", even if just individual buzzwords, is stopped by some filters - sometimes invisibly.
    And that's just more evidence that you do NOT understand the situation.

    You're still putting "political" in there.

    It isn't "political".

    If a friend emails me that he's selling his home because he doesn't want to pay the mortgage while his cheating wife has sex there and it gets flagged as spam, I don't worry that there's some RELIGIOUS problem with my filters. I understand what "strings" are and how they are used in these Bayesian databases based filters.

    But to you, it's all about some political catastrophe.
    That's bad for people using this medium for political discussions. Which is bad for people.
    No. The problem is that you don't understand the technology.

    You don't understand how/where spammers get addresses.

    You don't understand how filters (particularly Bayesian based ones) determine whether an email is spam or not.

    You don't understand how spammers try to get around those filters.

    Despite all of that, you're still convinced that there is a problem that YOU see that others who actually understand the issues are blind to.

    Scenario #1:
    A completely blank Bayesian database. Brand new. Your son "Kerry" is emailing you about how funny it was that another kid was caught "cheating" in one of his classes.

    Those strings populate the database with a high "ham" factor.

    Political emails about how "Kerry" was "cheating" in "Vietnam" will come through without any problem (and "Vietnam" will be learned as ham).

    So, where's the political bias there?

    Scenario #2: Same as scenario #1, except your kid's name is "George" and the political email is about how "George" "Bush" was "cheating" during "Vietnam".

    The political crap still gets through.

    It's all about technology and statistics.

    It only looks like magic to those who don't want to spend the time to learn it.
  13. Netsplit by kappa · · Score: 2, Interesting

    One of the problems directly connected to SPAM or better to AntiSPAM measures is that the global email connectivity is severely damaged. Many sysadmins are enabling blind filtering on national IP ranges. And which networks end up in the blacklists most of the time? You name it: chinese, african and eastern european.

    While such measures do really help they also hurt. I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear on the way and I cannot do anything but validate each message via IM or GMail. And what if I address a mailing-list? Or a business partner who neither uses IM nor likes to receive emails from free webmail providers?

    More and more of our hosting companies (they usually provide email services too) suddenly find themselves in different RBLs and you know how HARD is to change a hoster.

    One way is to find a relay outside Russia but those industrious SpamAssassin installations on the Net will check all the relays that the email passed through and figure out that the very first is in Russia. Ahh..