Microsoft Researchers on Stopping Spam

TheBackBencher writes "Scientific American today has a very interesting article about "Stopping Spam" by Joshua Goodman, David Hackerman and Robert Rounthwaite from Microsoft Research. They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam. They mention different techniques for spam filtering mainly fingerprinting matching techniques, n grams model, naive bayesian approach, optical character recognition, challenge/response systems and Human Interacted Proofs (HIP) in a very lucid style. They however do not mention fingerprinting approach of using Nilsimsa Hash to tackle addition of random words by spammers in emails or hypertextus interruptus technique used by spammers of splitting words using HTML comments, pairs of zero width tags, or bogus tags. Also, Spam-Research is reporting the SplitFit Technique that Spammers are using to fool Yahoo! Mail SpamGuard."

The Microsoft way

Creating your own spamming division, use illegal tactics to undercut your spamming competition, put them out of business, then stop spamming.

Re:The Microsoft way

[vwjeff]

They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam.

Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam; spam bacon sausage and spam; spam egg spam spam bacon and spam; spam sausage spam spam bacon spam tomato and spam;

(punches self in face face hits keyboardadsfjlk;sjdafkldsajflsdak;fjsad;lfkjas;ldk fjas)

Re:The Microsoft way

[smallguy78]

Then pay $2 billion in lawsuits

I have an idea

[Sonar]

I have an idea for stopping spam. How about sent mail is not flagged as recieved until it is viewed by the user. Once it is viewed, it can be flagged as good or flagged as spam. If the mail is flagged as spam, the mail could be sent back to the orignal host as unreturned mail.

So for every mail that is sent out, once flagged as spam, could be sent back. Of course, normal spam filters would also flag the data as spam. If the e-mail is returned to the host, maybe they will remove the e-mail from thier list. Otherwise they will just recieve a bunch of spam as well as sending it. It could clog up bandwith pretty good.

However this probabally wouldn't work if they somehow spoofed the sent address.

Re:I have an idea

[datafr0g]

Also, if you reply, the spammer will know your address is active and send more crap.

Re:I have an idea

[Yolegoman]

However this probabally wouldn't work if they somehow spoofed the sent address.

No, it wouldn't. Spam that has the sent address spoofed is stupid, though - how are your "customers" going to buy your 1337 \/!@8r@ p!|_|_$?

Re:I have an idea

[Aeiri]

Interesting idea, however invalid address responses are sent within 5 minutes of the original mail. If the response is sent over a day after the original mail is sent, the spammer could just discard it.

If we respond instantly to all email with invalid address mails, it will be overused and spammers will ignore ALL of them. This is much like antibiotics, we use them too much, the bacteria accommodates for it, and antibiotics become obsolete.

So far, bayesion filtering and/or whitelisting email are the only good systems of blocking spam at the moment.

Re:I have an idea

[xQx]

Here's a more interesting idea...

Authenticate SMTP with public key signing. -- Then use a trust network to only accept email from trusted companies.

Why it won't work:
It involves effort and cost.

Baah, the internet should be unregulated, if they can get rid of SPAM then whats to stop them getting rid of porn, anti-government information etc. There's a road we all want to go down.

Don't buy it and Get over it(tm).

Re:I have an idea

[ConceptJunkie]

I assume you're being facetious. Why does stopping someone from sending you garbage equate to not being able to find something. That argument sounds like those nitwit "censorship" whiners who think Freedom of Speech means Freedom to be Heard and that all content must be available at all times in all places.

Anarchy never worked in the real world, how could it work in the electronic world?

Re:I have an idea

[damiangerous]

Usually through instructions in the spam itself, such as a link.

Re:I have an idea

[damiangerous]

And when it's based in China or some third world country? Or when it's a joe job?

Re:I have an idea

[menace3society]

Actually, if this became widespread, it would exacerbate the spam problem. Currently, if a spam mail server gets a bounced message, it has no reason to believe that the bounce is fake, then it may actually remove the address from its list in order to conserve resources. On the other hand, if programmers know that spam is being bounced even if it is sent to a valid address, they will just keep sending to that address. Hence spam-related traffic will nearly double (original message + bounce), but it won't go down in the future either.

Re:I have an idea

[killjoe]

Doesn't bernstein have a scheme where the sender stores the email until it's accepted? Is seems like that would make spamming a little more expensive at least.

Re:I have an idea

[geekboy642]

I have a better idea for stopping spam:

Arm the geeks.
Get some buddies together, take paypal donations to buy some BFGs, and do some vigilante justice.

Seriously, what jury would convict the guy that shot up a spammer?

Re:I have an idea

[sfe_software]

Interesting idea, however invalid address responses are sent within 5 minutes of the original mail. If the response is sent over a day after the original mail is sent, the spammer could just discard it.

The thing is, I don't belive spammers ever remove an address due to an error. I had a domain that received a ton of spam, and that domain expired. Two years later (fighting with Network Solutions) I got the domain back, and immediately started receiving a ton of spam. Two years of spammers sending spam to invalid addresses (no DNS on the domain) and they still continued.

Why?

Simple: the spammers don't receive bounce messages, and the spam-servers (which could be static servers, or compromised zombie machines) don't provide accurate return information. Much like how telemarketers often show invalid or "Unknown" caller-ID info. It costs nearly nothing to send a spam message to an address, whether that address is valid or not. It costs much more to weed out invalid or unreachable addresses from your list by intercepting bounce messages etc.

And spammers don't give a shit. Most of the time, they are using someone else's machine (a zombie'd Windows box, or an open relay) so they don't need to care. So this trick simply doesn't work. It's cheaper to just continue sending to invalid addresses. Not to mention, many newbie spammers get their lists from less-than-legit sources who are selling large lists; they don't care (and are usually fully aware) that many of the addresses they are selling are bogus or no longer valid...

In short, simple tricks like this don't work, when dealing with an "industry" that doesn't give a shit...

Re:I have an idea

[Anonymous+Luddite]

>>Usually through instructions in the spam itself, such as a link.

That's exactly how it happens. The spammer places an innocent domain name in the "reply-to:" field and HREFs in the message-body to reply through.

It has been happening lately with one of my domains - I get bounce emails explaining that the spam filter at wherever.com can't deliver my adverts for full-length adult DVDs...

So please, if you get this crap and need to respond, don't use the "reply-to:" field - it's fake

Re:I have an idea

[Keeper]

All spam spoofs the sent-by address. As evidenced by the eighty thousand bounce mails I've gotten in my inbox the last 2 months (some spammer kindly used MY email address as the sent-by address ... if I ever meet the responsible party, they won't live to tell about it).

Re:I have an idea

[Threni]

> It could clog up bandwith pretty good.

Don't you think enough internet bandwidth is used up by spam in the first place, without devising methods to instantly double it?

Re:I have an idea

[Threni]

> Seriously, what jury would convict the guy that shot up a spammer?

A jury consisting of members who are prepared to jail psychopaths?

Re:I have an idea

[mce]

Bad idea. I'm on the LKML, just to stay up to date with what's going on in kernel land. But every so often I'm away from the net for a few days and when I'm back I regularly have no time to read up on everything that happened in the mean time (look up the average daily volume of the LKML and multiply by +-5 to get an idea how many mails this can be about). So when this happens, I mass-delete all my unread LKML mails without looking at them. That doesn't make my LKML feed unwanted SPAM, tough.

Re:I have an idea

[Antique+Geekmeister]

My God, who bought into Microsoft's proposals seriously enough to bring down this load of bad ideas on our heads? Pleae, please, please, gentle readers, go read up at sites like www.spf.org and www.spamhaus.com and the RBL sites and the various websites on what's already been tried and what doesn't work!

You're right about the expense and effort being significant. You've also left out that the PGP keys of major sites, once stolen, will be passed around and used by the same crackers who sell access to zombied machines now to sell spam services.

In the US, at least, there is a major legal hurdle to stopping spam called the Direct Marketing Association. They are the junk mailers and sales-by-phone companies, and vaguely more legitimate advertisers who use bulk mail and bulk email. Getting clear laws in place to block spam will make legal precedents against their members' businesses: that's why they fought the junk fax laws so hard, when junk faxes got so burdensome that it was eventually outlawed.

Re:I have an idea

[Math,+The+Ancient]

It's already been successfully argued (imho) that RBL's do not work, either.

Re:I have an idea

[R34L]

Is that what slashdot uses (bayesian) when they stop all the: frist psot (splitFit)

Re:I have an idea

[Nelson]

There are many variations on this idea that don't fundmentally involve that many changes to SMTP. I think we're at a crossroads here. What are the "best practices" for spam? Filters with their obvious problems, Black lists which have worse problems, the sender auth where the smtp server logs in to your server during the message transit to check that your server is valid (you know how screwed up that is?) or my favorite dump HTML email because just text is the way to go anyways.. Maybe we should stop using GUIs too because then there won't be any popup ads...

We're trying to fix a broken protocol with terrible band-aids.

Add layering to SMIME or OpenPGP. All server to server communication is signed and optionally encrypted (there are clear benefits besides that like compression also and a degree of security from snooping) There are already well established trust mechanisms, you want to run an SMTP server, you pay a CA to have your cert signed.

People are already spending money on implementing shit to fix spam, the cost of a cert is next to nothing. You can phase it in, put non-signed email in the "questionable" folder until it all but goes away. No changes to client software and best of all, email will get through, you'll never miss an email because some POS filter thought it might be a spam. If you do get spammed, report it and there is an easy way to track it back to its source and have the problem corrected. Also, and this is indirect, the cost of sending email goes up, you'll have to perform some costly calculations to sign and or encrypt them; that's part of the security, it's like rate limiting.

Further, if you deploy SMIME or OpenPGP, this could be pushed to the endusers. There are tons of ways to evolve this.

Re:I have an idea

[TFGeditor]

No, it is an ignorant idea. ALL spam has a spoofed FROM address. The only clue as to origin is the IP address in the header, which only identifies the owner of the address. If your server software is smart enough, you can bounce at server level back to the point of origin, or maybe to the absue@ or postmaster@ address for the domain.

I don't know...

If it was developed it can be reversed engineered. Sorry to say but spam is here to stay unless of course someday the internet becomes regulated somehow.

Re:I don't know...

[cheekyboy]

maybe,just like radio after 1929 depression was regulated, perhaps after the next depression, they nut cases running the world will get real real paranoid (their drugs must be running out) and then regulate everything that makes them slightly insane.

They can try, but they will have a tough battle on their hands, and I bet the hackers will rather fight to the death/100% shutdown of the net just to piss em off and send the companies bankcrupt.
The IT techys working for the 'govt' wont be as motivated by desire as the hardcore hackers. Its like any rebelion vs authority, the rebels always win or get their own 'zone'.

Re:I don't know...

[cgenman]

If it was developed it can be reversed engineered. Sorry to say but spam is here to stay unless of course someday the internet becomes regulated somehow.

That's silly. Encryption has been thoroughly reverse-engineered, but it's still completely secure. The Linux source code is widely available, but it is still considered relatively secure.

There are several competing proposals for how e-mail could be re-done to take into account the possibility of spamming. Preventing false headers and return addresses would be a great step towards that. Having some form of human verification system might as well. Using large, distributed networks collecting wild spam would be a third. Any of these would help. Some of the other proposals may very well solve the great majority of the problem.

Re:I don't know...

[permaculture]

Two points about spam:
1) The most important feature of any spam filtering system is that it should have a few as possible false positives (genuine email but incorrectly regarded as spam, which are then lost.)

2) In the end, we need to stop spam being _sent_. At the moment most effort is going into filtering the spam out after it's been _received_. Clearly we can spend forever writing spam filtering rules, with the spammers a few steps ahead all the time.

Having said that, we work with what we can get. At the moment where I am we're using Ironmail v4.5.2.
http://www.ciphertrust.com/products/index.php

This is a big improvement over the last version of Ironmail, which wasn't half bad.

Check out these numbers:
MAIL: wk to 07 Apr -
505365 in;
16148 viruses; 3%
399415 spam; 79%
89802 clear 18%

March: 2475384 in;
74300 viruses; 3%
1995630 spam; 81%
405454 clear; 16%

Those are hard and fast numbers from the box. The important number (false positives) is of course not so easy to generate. And there's my point.

Like the old saying goes....(sorta)

[erick99]

Spam is like porn: hard to define but you know what it when you see it. That can be hard to program I would think. But, who knows.

Re:Like the old saying goes....(sorta)

[datafr0g]

Our offsite spam engine can detect porn by looking at shapes, colours, etc...
It works surprisingly well most of the time, though it did once pick up a photo of a broken PCB as porn due to its detected "posture"

Re:Like the old saying goes....(sorta)

[ramblin+billy]

Maybe your engine isn't wrong. Maybe it's just perverted.

billy - hey...that's not sadistic...just kinky

Re:Like the old saying goes....(sorta)

[Dimensio]

Spam is like porn: hard to define but you know what it when you see it.

Actually, spam is bulk email deliberately sent to recipients who did not request the mail.

Re:Like the old saying goes....(sorta)

[The+Archon+V2.0]

It works surprisingly well most of the time, though it did once pick up a photo of a broken PCB as porn due to its detected "posture"

Printed Circuit Board? If so, my hard drive would like to see it. It claims it hasn't got any from the motherboard since little NIC came along. Too many daughterboards to take care of, the motherboard's never in the mood anymore.

Re:Like the old saying goes....(sorta)

[dmaxwell]

It's one of Bender's drinking buddies. "Whoa! Look at the NAND gates on her! She's showing her circuits and everything!"

Re:Like the old saying goes....(sorta)

[dodobh]

Spam is easy to define: Unsolicited Bulk Email. The hard part of it is not about the conTent of the email, it is the consent thing that is difficult.

We have two conflicting goals with consent based systems:
1> We want to recieve mails from some people we have not corresponded with.
2> We do not want mail from some people we have not corresponded with.

Being able to separate these two things is the hard part.

Add to that the fact that email can go to different recipients on the same server who have different preferences, and we have big issues.

Re:Like the old saying goes....(sorta)

[danila]

Of course, there is some spam, about which you can be quite confident that it's spam, but in some cases there is no clear distinction between spam and legitimate e-mail (on the recipient's side).

Consider an advert for a seminar on logistics. If I receive it from the spammer, it's spam, if I get the same message forwarded to me by a colleague, it's less so. If we change the topic of the seminar to be more/less interesting to me, the message will become less/more spammy.

You can't have a filter be 100% reliable in telling spam, because I can't be 100% reliable myself. Sometimes I am not sure whether I should flag the message as spam in my e-mail client, because I actually wouldn't mind getting more unsolicited messages like it.

Of course, the filters can do a passable job (they can even be better than humans), but you really can't program it perfectly.

Re:Like the old saying goes....(sorta)

[leshert]

Correct. The trick (as is often the case in software) is to include a human brain in the decision making, and then automate the drudgery.

That's what the current crop of Bayesian classifiers do. That avenue will probably end up being the most fruitful in the long run.

The Arms Race Goes On

[DumbSwede]

Just today I saw a new method in a ebay.com phishing scheme.

The ebay.com link showed up at the bottom of the browser, but was replaced with some kind of javascript mouseon event. This is probably not new.

Instead of random text to fool Bayesian filters, it had hidden recent news article summaries (bracketed by html comment tags) that would be similar to what you might post to a friend.

Spam filters will probably be upgraded to catch this soon, but it was the first time I had seen it. And of course as mentioned in the article, the ebay specifics where obfuscated by html tags between letters.

Re:The Arms Race Goes On

[lakeland]

Yeah, that won't cause much problem for bayesian. Essentially your filter will learn that news goes from good to neutral, and that javascript mouseovers go from bad to terrible.

However, this isn't what Joshua and the rest of MS are working on. His stuff is much more in the area of modifying SMTP so that untrusted clients have to perform some calculations before their email is accepted, or pay a few cents. My guess is it will fail since it doesn't account for zombie PCs but I'm sure he has something planned for them.

Re:The Arms Race Goes On

[enosys]

I don't think you should be running Javascript in e-mail. I disable it. I even disable automatic loading of images so that someone can't automatically confirm my address if I view a message.

Re:The Arms Race Goes On

[tlhIngan]

Instead of random text to fool Bayesian filters, it had hidden recent news article summaries (bracketed by html comment tags) that would be similar to what you might post to a friend.

The simple solution is to have your baysian filter ignore comments. Thus the news article disappears, and any broken words get magically reformed into one word and evaluated as a whole. If your email program won't render it in the final output, neither should the filter. The majority of people's email clients out there will refuse to render comments, and since most people won't look to the HTML comments, well...

(In fact, in the interest of size in emails, there is no reason for comments... ).

Take a lesson

[TrIp0d]

If Microsoft email clients had a "bounce" feature spam mail wouldn't be such a problem. Microsoft should take a lesson from KMail. Ha!

Re:Take a lesson

[AndroidCat]

I shudder to think on what you mean by a "bounce" feature. Most likely sending a "bounce" reply to the forged sender address? That's part of the problem, not the solution.

Re:Take a lesson

[MillionthMonkey]

And spammers could easily deduce from the timing which bounces were genuine and which were not. Assuming they'd even bother to purge nonworking addresses from their lists in the first place, when many of them don't even bother removing duplicates.

Re:The way to stop spam...

[Sonar]

Of course, one 200MB update from Microsoft would kill this idea. Or how about a 500MB game demo download? Thats legitimately free. Or better yet, what if I need to download a linux distro or a television episode?

I would hate to have to explain all my actions to my ISP. Espically with the way media is driving the internet nowadays. 200MB is way too small of a limit.

Now, you can monitor how many e-mails are sent by a host. That would be a better way. At least there could be a filter on the "to:" line. If that list includes over say, 1000+ users, consistantly, then at least there could be some flags raised.

to stop spam,

[havaloc]

give spammers a 9 year prison sentence.

Re:to stop spam,

This is you missing the point.

He didn't say that drug dealers should be put back on the streets. He pointed out the fact that prison sentences have not stopped the crime in question. For that matter, they haven't stopped any type of crime. Therefore, there's no reason to believe they would stop spam as the original poster suggested. Reduce it, maybe. There's a big difference between reduced, and reduced to zero.

Spam is easy to define.

[John+Seminal]

Spam is like porn: hard to define but you know what it when you see it. That can be hard to program I would think. But, who knows.

No, Spam is easy to define, it is any unwanted emails. Name elements that make spam:

1) It is a form of communication
2) The communication is unwanted
3) The source of the communication is hidden
4) In recieving the communication, you use your bandwith or incur a cost

Re:Spam is easy to define.

[ch-chuck]

1) It is a form of communication

all email is communication

2) The communication is unwanted

"wanted" is a subjective property of the recipient - the computer has no programmable decision procedure for wantedness.

3) The source of the communication is hidden

There may be some system of authenticating sender ID, and will be as easy as getting ppl to use pk encryption.

4) In recieving the communication, you use your bandwith or incur a cost

again a property of all emaiil.

Re:Spam is easy to define.

[John+Seminal]

It is not 4 different definitions of spam, it is 4 elements that make up a definition. If any 1 element is missing, then it would not be considered spam for purposes of law enforcement. What I am getting at is what are all the elements that make up spam, so that if any 1 element is missing, it is not a criminal offense.

Spam is a form of communication. You can't have spam without some kind of communication (I would like a definition that inclused the telemarketers and all the shit I get in the mail). That is element 1. Spam is unwanted. It would not be spam to recieve something you requested. Spam comes from a hidden source, so you can't track who sent it. That would protect honest buisnesses from having their emails classified as spam. Maybe CompUSA sends me a 10% off coupon for a sale next month that I never asked for and did not want. But I know who they are, I have somewhere to complain, and if the abuse the emails, someone to sue. And the last part is you use your bandwith, or have some cost. Maybe another element of spam is one source sends out many copies of the same mail.

Re:Spam is easy to define.

[MrNonchalant]

There may be some system of authenticating sender ID, and will be as easy as getting ppl to use pk encryption.

You over-estimate the average computer user.

If you're thinking of a transparent solution then you under-estimate how fragmented the e-mail client "industry" is.

Re:Spam is easy to define.

[Tim+C]

I generally consider spam to be unsolicited commercial email:

1) I didn't ask for it (unsolicited)
2) it's advertising a product or service (commercial)
3) I'll assume you know this one ;-)

The problem with your definition, as others have pointed out, is that both 1) and 4) is true of *all* email, and so are redundant. 2) is highly subjective, and may apply to genuine email too - is a mail from say a slashdot user calling me nasty names for something I said here unwanted? Yes. Is it spam? Not by most people's definition - you *definitely* wouldn't want the guy facing fines or jail time for it, other than perhaps under an existing harrasment law or similar.

How about a secure OS to get rid of zombies?

That'd probably be the best thing M$ could do to help reduce spam.

Re:How about a secure OS to get rid of zombies?

[drxray]

Preventing outlook express from displaying html emails wouldn't hurt either - you couldn't use html tricks to fake your way past spam filters then.

(yeah, pine user...)

Re:How about a secure OS to get rid of zombies?

[Tim+C]

How does a secure OS prevent a user from installing a trojan that turns their machine into a spam zombie as well as telling them the weather forecast, or giving them a "cool" mouse cursor, or whatever?

If I can install and run software, and that software can make network connections, my machine can be zombified, and there's nothing that MS can do about it (or any Linux distro, or anyone else producing an OS).

Eliminate all the remote and local exploits, and you'll still be left with one - the user.

Re:Great - that will validate emails for spammers

[Sonar]

Maybe you didn't quite understand what I was talking about.

This would be completely done server side. Just like when you sent an e-mail to a host, and you get returned mail because you somehow typed in the address improperly. There would be no difference between that message and one that was sent to a user and then flagged as spam. It would be impossible to tell the difference if the user was a valid address or not.

Thats what I am getting at.

Microsoft Research

[panaceaa]

So, does Microsoft Research plan on combating Spam with a Bob-like approach, or the more refined Clippy approach?

Or are they going to come up with an entirely new file system to combat it, hype it up for every Windows release, but then delay its release a few more years?

Oops, pardon me while I reminisce about all the great advances Microsoft Research has given me :).

Re:Microsoft Research

[AndroidCat]

The refined Clippy approach will use an expert learning system and database to provide friendly personalized filtering.

Re:Microsoft Research

[lakeland]

MS research comes up with some very cool stuff. Virtually none of it makes its way into Microsoft's products, I have no idea why :(

Re:Microsoft Research

[Technician]

or the more refined Clippy approach?


Clippy "It looks like you are trying to send a lot of e-mail. Would you like to send the first one to 1lol56@aol.com?"

Clippy "It looks like your return address is incorrect. Would you like me to fix it?

Re:Microsoft Research

[MLopat]

Actually a great deal of it makes it into our products however it usually doesn't filter down for nearly 10 years. The database technology for example that was researched 10 years ago is now appearing in the next release of SQL Server 2005.

Re:Microsoft Research

[lakeland]

Interesting, thanks :)

Re:Microsoft Research

[panaceaa]

Clippy "It looks like your return address is incorrect. Would you like me to fix it?

Shouldn't that be:

Clippy "It looks like your return address is correct. Would you like me to mangle it?

:)

Re:The way to stop spam...

[John+Seminal]

I would hate to have to explain all my actions to my ISP. Espically with the way media is driving the internet nowadays. 200MB is way too small of a limit.

Now, you can monitor how many e-mails are sent by a host. That would be a better way. At least there could be a filter on the "to:" line. If that list includes over say, 1000+ users, consistantly, then at least there could be some flags raised.

That is a good point. With my daily bandwith threshold test, I was thinking that if someone is uploading a very, very large daily avarage of bandwith, it might be a red flag. But if you can count the number of emails sent, that is even better.

I am wondering. Is there any way to force email to only run on 1 port, without any proxies, that all routers can then reject any other mail originating from any other port??

That also reminds me of another idea floating around. Charge $0.01 per email, or some very small amount of money, so that it does not harm the avarage computer user, but will eat up all the profits of a spammer.

Microsoft Research?

[datafr0g]

Don't you mean, Microsoft Mergers & Acquisitions?

Re:Microsoft Research?

[ajp]

Microsoft spends more money on research than any other company in the industry. Even more than IBM which is a far bigger company than Microsoft.

But wait, you ask, why hasn't Microsoft actually invented anything? It's simple: everything useful was invented back when Bell Labs was the dominant monopoly with the huge research budgets. And some more stuff (but not Unix!) was invented when IBM was the only choice. And Xerox Parc, of course, lasted just about until Canon and Ricoh started making good photocopiers.

Research spending comes from them with money. Microsoft's got it. And Microsoft's actually doing research. Funny joke, though. I can hardly contain myself.

validating email addresses for more spam

[John+Seminal]

Also, if you reply, the spammer will know your address is active and send more crap.

I don't undertsand this. On one hand, you have the police saying they can't track spammers. Spammers use drones, they remain hidden, they hide their tracks. On the other hand, if you unsubscribe, they know your email is a real one, and you get more spam. That tells me whoever runs the unsubscribe service is in cahoots with the spammer and is just as guilty. They have to know where to send their lists? Just track them as part of the war on spam.

Re:validating email addresses for more spam

[anon+mouse-cow-aard]

Your unsubscribe is executed on a bot (a captured machine) which the bad guys can look at, the after taking precautions not to be observed, and harvest what they want from it. The good guys, if they capture the machine will just get your address (if it isnt encrypted by the bad guys) and a machine that is acting funny (if they dont know how to knock to get into the bot-ware) Since logging cannot be trusted on a compromised machine, what they need is a non-compromised machine beside the compromised one (on the same segment) to watch the traffic go in and out... a honeypot. That is a lot of hard work.

Re:validating email addresses for more spam

[damiangerous]

I don't see how those two "hands" are "the other" or even related. What do not being able to ascertain the physical identity of a spammer and responding to spam email validating your address as good have to do with one another?

Re:validating email addresses for more spam

[AvitarX]

Maintaning these lists of active addresses sounds like more work then it is worth, what is their cost of sending to bogus and inactive addresses?

Maintaning secret knock patterns and keeping track of which ones are where (if they are all the same it seams a honey pot would be a good investment to me).

logging of requests for invisible .gifs that have a serial number may be worth it (co-host with fake credentials in random country, capture for a day, and move on with a new one), but maintaning a mail server with DNS records would seam to make the weak link the registrar and not a bot machine if they are using DNS addresses.

I would think that they use security through transience and not through rigid security.

Re:validating email addresses for more spam

[anon+mouse-cow-aard]

All valid email addresses with eight characters or less... letters+num+_+-+.+'' say 8**40... python says that that is: 1329227995784915872903807060280344576L addresses to check for each domain. Sending is cheap, but it isn't that cheap. They desperately need lists. They trade lists. There are probably spammers whose only trade is to build good lists, and sell them to other spammers who use them.

While straight-forward knock sequences are pretty hard to figure out to begin with, somebody watching can see and do a replay. Unfortunately, replays can easily be defeated... knock patterns can be arbitrarily hard to figure out without requiring a db. What about a combination of the first two bytes of the IP address (likely to remain constant) as well as the time of day, acting as some sort of hashing function to pick the exact knock sequence. You don't need a huge table, just a good algorithm, and a salt that would be varied to taste.

for a computer program to know what .gifs are invisible is a similar problem to detecting spam, but harder. Legitimate .gif's with numbers in them are pretty common, you're going to have a lot of chaff to wade through.

People can just pay for domains with bogus contact data, using a stolen credit card or money order. Don't spam with that domain, make that a registrar for other domains. Think there might be some slimy registrars? That if all the slimy registrar does is register a domain that is just semi-fictious registrar. The semi-ficitious registrar processes domain requests really quickly. The spammers create domains (at a probably higher than normal costs) with these registrars, and change them frequently.

One of the first things a hacker does when they take over a machine is to patch it to make sure no other hacker can take it away from him. There are continuous running battles between botnet controllers for bots. Hackers do try to be secure, they move on when they have to.

Whoa, he's an expert?

[Rick+Zeman]

Also, Spam-Research is reporting the SplitFit Technique that Spammers are using to fool Yahoo! Mail SpamGuard."

How much credence should we put into an analysis from a guy who goes to the spammer's web site to unsubscribe?

Slashdot typos strick again!

[VeryProfessional]

I thought the name David Hackerman was a bit too good to be true, and it turns out it was. Following the link shows that his name is David Heckerman . Note to /. eds: please proofread your posts. It's not like they're very long...

Re:Slashdot typos strick again!

[Justin205]

Read the title of the parent...

Slashdot typos strick again...

And again...
And again...
And again...

It's a curse!

Re:The way to stop spam...

[pipingguy]

Now, you can monitor how many e-mails are sent by a host...

Doesn't Gmail do this already (i.e., receive and analyze millions of messages)? Junk could be filtered with legitimate mailing lists getting a "pass" based on criteria from recipients.

OK, bad idea and someone's sure to post one of those automated checklists any time now.

"SplitFit"

[1000101]

From the SplitFit link...

Dera Blcraays Mbmeer, Thsi eamil was stne by the Barclays serevr to vreify yuor emial adsserd. You mtsu competel thsi pssecor by ccilking on the likn bewol and entireng in the smlal wiodnw yoru Braclays Membership nrebmu, passcedo and meelbarom word. Tsih is doen for yruo proteoitcn - buacese semo of our mrebmes no lonegr haev assecc to theri emlia adserdses and we muts virefy it. To vyfire yruo eiaml arddess and accses yruo bnak anuocct , cilck on the lnik bolew:"

That email is extremely difficult to filter out because the only 'real' words are no, of, our, and, etc. Simple words that occur so many times in legitimate emails that most spam filters practically ignore them. But I have to wonder.. who would actualy 'cilck on the lnik bolew' anyway? I hate to use the term 'you get what you deserve', but if you are naive enough to click the link, then the problem isn't your spam filter, it's you.

Re:"SplitFit"

[op12]

Doing some sort of dictionary word check could easily cause such an email to be flagged as spam. Just have a threshold for number of misspelled words for a legitimate email, and this email wouldn't get through.

Re:"SplitFit"

[Spy+der+Mann]

You haven't RTFA it seems.

That garbled text is ungarbled by certain software (i.e. outlook). That's because there are invisible chars in there that activate the "right to left" mode.

Example:
De*ra* B*lcra*ays M*bme*er
translates to:
Dear Barclays Member

(I tried to copy the text I got in Yahoo, and paste it in MSN messenger. Amazingly, the text was "ungarbled". That's when I realized how tricky spammers were)

SPAM software could simply detect left-to-right characters in such text, and ipso-facto label it as spam. Unless of course, you're reading hebrew. Which is obviously NOT the case.

Re:The way to stop spam...

[John+Seminal]

And SPAM is different from junk snail-mail how? (BTW, anyone have any idea as to why bulk E-mail postage costs less than regular snail mail postage?) The main difference is if I want to send you something through the mail, I have to put a stamp on it and pay money to ship it. If I want to spam you, I can write a virus and get 1000 machines to pump out the spam. I can do it so it does not cost me anything but my time.

Plus, with the postal service, there are 1000's of laws in place. If I send you an offer through the mail designed to rip you off, that is a federal offense. You can't use the US Postal Service for illegal activities, if you do you get caught.

Remember the movie The Firm? They did not convict the lawyers for tax evasion or any other crime. They convicted them for mail fraud. And if you let the worst spammers know that each and every time they send a message that is spam, each instance will incur a penalty, that might stop them.

Re:Great - that will validate emails for spammers

[Joseph_Daniel_Zukige]

In other words, provide a way for the mail browser (MUA) to tell the server to put the "return to sender -- no such address" label on it even though the mail arrived and was read far enough to see that it was spam.

You also have to make sure the MUA knows not to retrieve images and other external references in that stupid html-mail junk. Otherwise, it's just like the confirm-on-open option.

Why is it so many so-called business software engineers think that computer systems should take control of things away from people, and don't understand that SPAM is the result?

Economic problem--NOT technical

[shanen]

SMTP is working exactly as designed--but the design is broken. You can't fix a fundamentally economic problem with any number of technical tools. It's like adding more epicycles to the earth-centered "perfect spheres" models of the universe.

The article barely mentions economics, and only in terms of the real costs of email--which only shows how much room there is for a real economic model with real business, real email, and *NO* spam.

I really wish one of the major email players would offer an option for prepaid email. That would be an absolutely spam-proof system. It doesn't matter if the postage is two cents, the spammers can't afford it. Two cents against 50,000,000 spams turns out to be *REAL* money. Any email via that address would be at least some kind of real thing.

Re:Economic problem--NOT technical

[WolfWithoutAClause]

SMTP is working exactly as designed--but the design is broken.

I would agree with this, to an extent. If I can finger anything that is obviously broken in SMTP it is that it lacks verification of the sender domain (sender).

That makes it way too easy to fake out who sent the email in the first place, hence phishing and faked email headers. It also makes it impossible to use reputation as a spam fighting tool- the spam currently appears to be coming from all over the place, whereas in reality only a tiny, tiny fraction of the internet is involved; and they need to be muzzled.

You can't fix a fundamentally economic problem with any number of technical tools. It's like adding more epicycles to the earth-centered "perfect spheres" models of the universe.

The 'nice' thing about computers is that they can handle thousands of epicycles. Merely throwing computers at something often works fine.

In other words, I don't agree, and hold up naive Bayesian filtering as a pretty good temporary fix until we can finally nail the b******s inflicting this on us. Spam has no chance really, if the techies, and the ISPs, can finally get their act together on this. I see the light at the end of the tunnel. The war can be won.

Re:Economic problem--NOT technical

[groomed]

It doesn't matter if the postage is two cents, the spammers can't afford it. Two cents against 50,000,000 spams turns out to be *REAL* money.

This doesn't seem to be a major issue for telemarketers and direct-mail advertisers. All it will do is make the spam glossier.

Well, that's not entirely true. It will reduce the volume of spam. But in the process it will reduce the volume of email, period. It's a bit like fighting crime by decimating the population.

Re:Economic problem--NOT technical

[fmobus]

I really wish one of the major email players would offer an option for prepaid email. That would be an absolutely spam-proof system. It doesn't matter if the postage is two cents, the spammers can't afford it. Two cents against 50,000,000 spams turns out to be *REAL* money. Any email via that address would be at least some kind of real thing.
Hmm, so granma and Joe-six-pack will have to pay when they have their PCs zombied? Not a good idea. It would only work if someone we know patch their OS holes.

Re:Economic problem--NOT technical

[thedustbustr]

If some future SMTP replacement mandated authentication, spammers would simply spam from legitimate email addresses. No, it won't read support@wachovia.com, but spammers could easily register wachoivasecure.net and the likes. The targetted users are too uneducated to know the difference.

Re:Economic problem--NOT technical

[shanen]

I really can't understand why it is so difficult to get this point accross:

Email is *NOT* free. It has *NEVER* been free. SMTP email pretends to be free and there is no pretense of accounting. That is because the original design of SMTP was the fantasy of fairness and equality and all that wonderful stuff. As long as both of us send and receive about the same amount of email, we can cancel things out without worrying about the exact accounting.

In reality, there are costs of email, and they are simply disguised and paid by all of us.

The spammers are *NOT* playing by those rules. The spammers have noticed that there is no accounting in SMTP, so sending one real message is the same as sending 10 million spams. If you are dividing by zero, then any return on your "investment" looks like an infinite profit. Spammers think: "Another 50 million spams might get one more sucker for herbal viagra? Great!"

You can escalate your Baysian adaptive filters out the wazoo, and as long as the spammers continue to fantasize about striking it rich, they will continue to devise new and despicable strategies to shove their garbage in your face.

No one is telling you to abandon your free email. However, if the option existed for a completely spam-free email system, I would certainly want at least one such address, and I'm sure there are plenty of other people who would figure out a use for it. Obvious example is an address you could use on the newsgroups, and if someone really wants to email you for the post, they'd have to put up the two cents (or dime).

Re:Economic problem--NOT technical

[Captain+DaFt]

You mean like this one?
http://www.cashette.com/

Re:Economic problem--NOT technical

[groomed]

It's remarkable how you manage to write so many words yet not a single one of them seems to be in response to my comment.

Re:Economic problem--NOT technical

[dodobh]

Who manages the payments? Also, spammers aren't sending spam from their own systems, the zombie PCs they control are.

What happens when you get infected by a spamming virus/trojan, and you get billed thousands of dollars?

BTW, we are speaking more emails per unit time than credit card transactions, so you need an incredible financial infrastructure to support this idea.

This has been discussed so many times with the same old rebuttals and the same FUSSP still keeps popping up.

Re:Economic problem--NOT technical

[shanen]

It was a collective response, and your comment was last. However, your comment itself was basically irrelevant and not worth more direct mention. Do you really insist on having your nose rubbed in the obvious?

As you sort of noted, there is plenty of legitimate advertising, but it never has and never will reach the levels of email spam. My "best" spamtrap address gets 50/day now. In the real world of legitimate business, a certain amount of advertising helps, but if the advertising budget is wasted or misdirected, the company goes down the tubes. Of course it isn't an absolute guarantee, but you really can tell something about a legitimate company based on their advertising.

This is not the economic model used by spammers. Spammers are *NOT* worried about repeat customers for their herbal viagra.

Actually, the economic model I want is an auction. I would be willing to sell a certain amount of my time to advertisers. The well-run businesses are the ones that are going to be able to afford to do things properly, including directing their advertising money to the real customers. I'd be willing to cooperate.

However, actually I would prefer to sit back out of the loop and let a commissioned middleman handle the bids for my time. For example, I might inform my middleman (a new kind of email service provider) that I'm looking for a new apartment in a certain area, and I'm willing to spend 15 minutes a day reading email from realtors. The middleman would aggregate my personal information and handle the bidding for that amount of email--and of course the middleman would also have a sincere interest in protecting my privacy. (If my personal information leaks, the middleman is out of the loop.)

However, anything like this depends on getting a controllable *REAL* economic model wrapped around some part of the email system.

Re:Economic problem--NOT technical

[groomed]

Despite ever increasing demand for bandwidth the cost of network traffic has only gone down over the past decade. There is nothing to suggest this trend will not continue into the foreseeable future. So in so far as spam is a real problem it doesn't seem to affect what is arguably the most important metric here, namely end user cost.

From one kind of economic perspective, yes, it might make sense to differentiate between network services and users, and to mandate elaborate tariff structures, authorization mechanisms, etc. But it is just as likely to lead to the creation of cartels and innovative sclerosis: witness the slow uptake of multimedia services in the mobile phone market, which are widely recognized as too expensive and lacking in interoperability.

The Internet is a dumb network which solves problems by brute force. It is exactly this property which caused it to win out over smarter networks such as Minitel or the various X.25 implementations. (a fairly comprehensive account of this development is given in the following web lecture by Paul Kunz)

But since the Internet is dumb, there's nothing stopping you from offering a prepaid email service. If spam is really as big a problem as you make it out to be then people will flock to your service. But I don't think they will.

Re:Economic problem--NOT technical

[shanen]

Natural solution is you have someone pay in advance--essentially a kind of bond posted by the sender or the senders mail provider. As postage is expended, it can't be reused (though incoming postage could be bartered against it for legitmate and balanced email users). That means that even if a spammer somehow manages to hack into someone's account, he would only be able to send a small amount of spam.

Zombie PCs are no problem, since they won't have any postage to play with. If a zombie sends to a address that requires postage, it just bounces, which is basically the same as now happens with the invalid addresses in the spammers mail boxes.

Re:Economic problem--NOT technical

[shanen]

I don't think they have to flock to make it a success. Actually, in a funny way, it's almost the inverse of the spam problem. If only a very small percentage of email users wanted to opt into this system, it would already be a LOT of people, and I think the percentage of people who hate spam a lot or who just need a truly non-spammable email address is much more than a small percentage.

Unfortunately, there is something keeping me from offering it myself--my career and the company policy against moonlighting. That's the problem with working for big companies... They mostly aren't going to change the world, since they mostly like it the way it is.

Re:Economic problem--NOT technical

[WolfWithoutAClause]

They are, but the ISPs can correlate spam against addresses and can unilaterally block it- as far as ISPs are concerned, spam costs them money; the spammers aren't paying them to carry spam.

It's going to be much, much harder for the spammers to get legitimate addresses, even if they buy/own domains; ISPs can be blocking new domains within minutes.

Re:Economic problem--NOT technical

[shanen]

Actually, I was rather shocked to discover this is not true for the portable phones in Japan--at least for KDDI. You pay for all the packets you receive, including the packets of spam email. I was so astounded by this, that I actually called them to doublecheck, and asked them what if my address is harvested, for example by some clumsy friend who clicks on a Beagle variant, and I suddenly get 100 spams. (Actually, one of the first times I got 700, but I think there were probably several sources.) They didn't put it in these terms, but the basic response was "tough titties--you pay for the spam we deliver to you and we profit from it". It annoyed me so much as to contribute greatly to my decision to cancel that service.

In situations like this, a prepaid email system makes absolute sense, and I certainly would enable it if they offered the option. Unfortunately, the market in Japan is controlled by a few companies, and (in the usual Japanese tradition) would never dream of offering any new an innovative service unless everyone (including their competitors) is willing to go along.

By the way, they do offer an unlimited packet service, but at a price I regard as very unreasonable, and nor really unlimited either, but only for certain phone-specific services. If anyone actually does sign up and use those services while staring at that tiny screen, I'm expecting them to go blind.

Re:Economic problem--NOT technical

[shanen]

I think you're reply should be modded up to informative. This http://www.cashette.com looks to be almost exactly what I've been looking for. Kind of a primitive implementation, but they're starting in the right place. They should clean up their registration form some, and it doesn't run perfectly in Opera, but looks good.

Main concern so far is the use of a whitelist. The spammers have an obvious countermeasure against that by linking addresses to make sure your spam seems to come from a friend. However, my intended use is not for my friends, so I won't need any whitelist on the account.

Re:Economic problem--NOT technical

[shanen]

Gee, do you want to be admired for your ad-hominemo delusions.

Actually, I worked for several ISPs over the years, mostly doing technical support, but for one period I was the postmaster of one of the largest free email systems in a very large city. That was actually in the transitional days when PPP service was young, but a system with 12 phone lines (or maybe it was 16?) was heavy duty. It was actually a bizarre proprietary system, but my Windows PC ran a conversion program pulling it out of the Novell network, converted it from and to SMTP, which I then sent out through one of our Suns using regular TCP/IP. I don't think the network support guy every believed the system could work... Spam was already there, of course, though nothing compared to the current floods.

As you noted in your continued delusions, authenticated email has the well known and basically fatal problem of requiring everyone to go along, but I've already addressed that issue and the zombie stuff elsewhere. Hopefully, the entire issue is moot, since it certainly looks like this system at www.cashette.com may be just what the anti-spam doctor ordered.

Re:Economic problem--NOT technical

[davaguco]

There is an easy fix to this. It is not my idea, I read it somewhere else: There will be 2 kinds of e-mail accounts: The "free" accounts and the "protected" accounts. The free accounts work exactly as the current e-mail accounts work today. For the protected accounts, however, you have to pay a small fee for every e-mail that you send through your ISP (like a stamp). HOWEVER this fee will be fully refundable, in 3 months, if nobody tells your ISP that you are a spammer. Thus, every e-mail stamp price that you pay will be returned to you as long as nobody tells your ISP that you are sending spam. There must also be a reasonabe limit to the maximum amount of "protected" e-mails that any computer can send, so that no zombie PCs ruin their owner. Also, anybody running a "protected" account can choose to only receive e-mails from other "protected" accounts.

Re:Economic problem--NOT technical

[dodobh]

Zombie PCs are no problem, since they won't have any postage to play with.

Zombie PCs are PCs owned by normal users, but with spammers controlling them. If you have e-postage, and your PC is taken over, the spammer now has your money.

Re:Economic problem--NOT technical

[shanen]

Depends on how the postage email system is handled. It's possible the zombie PC will have direct access to a small amount of postage--but that doesn't do much for the spammer. Remember the spammer needs to send millions, not tens.

However, it's more likely the spammer gets nothing so far. For example, one natural implementation would be via a Web-based implementation where the actual postage is on a remote server. Okay, so now we've added another two or three levels of security and the spammer has to add a keyboard logger and try to sniff out the right password and figure out how to log into some other system without getting logged. I admit there's no such thing as perfect security--but in this case we're already way past the point of diminishing returns. For all his effort, the spammer finally captures your postage--and maybe can send a few spam messages until your current postage is used up. This sort of nickel and diming is *NOT* helpful from the spammer's perspective.

Remember, the spammer always wants to send millions, not tens. Even trying to account for stolen postage is going to make the system totally unwieldy and useless from the spammer's perspective, so he'll go after the "soft" no-postage targets.

my solution

[ricochet81]

Here's my solution to the greater unwanted communication Anti-spam paper submitted to Conference on Email and Anti-Spam

Re:my solution

[maxjenius22]

A conference paper with no references? Nice.

Or perhaps...

[Canberra+Bob]

Each year they will announce that This is the Year of No More Spam on the Desktop (of course this never happens).

Or they will invent a brilliant new way to stop spam but as it requires the user to recompile all their OS and apps every 3 days it never gets used.

Or they just tell the end users "Why dont YOU code some anti-spam software?"

Or they produce an anti-spam system but the user must install 3 desktops and window managers, requires a 10,000 line config file that must be written by hand, comes with either missing or misleading documentation depending on the version you download and randomly purges any non-free software from the hard drive.

Re:Or perhaps...

[cgenman]

Ballmer keeps running around insisting everyone call it GNUNWNTD/Spam.

Their Anti Spam system will reduce your Total Cost of E-mail. Or raise it a little. Or possibly keep it the same.

Their (K)illSpam system will be promply forked into five apps known as GnoMoreSpam, OpenSP, Xithergy, WAGIJIG, and Betty.

It will accept, filter, parse, and sort incoming mail, while additionally precaching any keywords you are likely to look up on google, but it will take twenty minutes to open an ASCII based letter.
It will use the function keys for essential behaviors that aren't documented anywhere.

To stop spam, stop the money laundering

[Animats]

A spammer needs certain resources to survive. Most spam control effort focus on cutting off the spammer's ability to send spam. Much has been done in that direction. Now more effort needs to be applied to the other direction - cutting off the spammer's payment stream.

Legally, this is promising. First, there's no free speech issue. Second, in most jurisdictions, it's illegal to operate an anonymous business. So most spammers are criminals. Third, laundering transactions through intermediaries is usually a crime, too.

The problem for law enforcement is that following the money is difficult. Additional technical support for that would be a big help.

A good starting point would be to get a credit card issuing bank to cooperate in a scheme where, when one of their credit cards is used, full transaction details, including the payee's full identity, are immediately returned to the cardholder, using encrypted E-mail or some other secure means. That would make "following the money" much easier. This only requires one cooperating bank. That bank's credit cards might become popular with heavy Internet users. Especially if this works for prepaid credit cards, so you can find out who's behind a web site by using some disposable credit card.

The next step is to crack down on "credit card intermediaries". Non-bank credit card intermediaries that handle spammer transactions should be stuck with the legal liability of the spammer. Legally, they're the "merchant". They shouldn't be allowed to pass the buck to some other party. This will make "cheap merchant accounts" harder to get, which is probably a good thing.

Re:To stop spam, stop the money laundering

[killjoe]

In the past the FBI has already caught people by simply buying what they were selling and then finding the person who cached the check.

Of course the FBI can't arrest people in the lawless places of the world like croatia and hungry so those government will need to shed their corruption.

In other words I don't think your scheme will work because so much of the world is out of the reach of law enforcement.

Re:To stop spam, stop the money laundering

[Animats]

It's "Hungary". Which is actually doing rather well since they got out of the Soviet sphere of influence.

Speeding up the disclosure of the identity of credit card merchants from 30 days to two minutes makes finding them much easier.

Re:To stop spam, stop the money laundering

[davids-world.com]

It seems to me that D.C. scores high on the list of lawless places, no need to go to Hungary, which has joined the European Union recently.

Re:To stop spam, stop the money laundering

[killjoe]

" It's "Hungary". Which is actually doing rather well since they got out of the Soviet sphere of influence."

Apparently those that are launching a relentless stream of spam and hack attacks on my firewall from "Hungary" haven't gotten the message yet. From what I hear spam and hacking are the least of it.

Re:To stop spam, stop the money laundering

[Big+Mark]

Yeah, they do have more Nobel prize winners per capita than any other nation. Dismissing them as some Communist backwater is a gross underestimation.

Re:To stop spam, stop the money laundering

[pyrotic]

About 25% of spam I get is for US re-mortgages (and I'm not in the US). Never mind tracking the spammers, there must be serious institutional capital backing for those schemes, if the US government financial services regulator is incapable of tracing several hundred thousand dollar transactions, heck, they ain't doing their job properly. Is there even an equivalent to the FSA regulator in the US? These mortgage spams only ever seem to come out of the US.

Re:To stop spam, stop the money laundering

[pyrotic]

And while I'm on the subject of financial regulation, how come I keep getting all these NASDAQ related penny stock spams? If a company spams to boost it's own share price, it really shouldn't be trading on a public exchange. As far as enforcement goes, there is the problem of identifying joe-jobs, but it's not impossible.

Re:To stop spam, stop the money laundering

[bluGill]

In many cases it is not the penny stock company itself that is spamming, nor their backers. Instead it is some "broker" who is manipulating the stock for this own gain, often against the interests of the company or the officers.

Penny stocks are fairly easy to manipulate, and they can claim in court that they did their research and thought it would be good, pointing out they they did get all the reports they could get, often calling the management. (In some cases they will find a legitimate firm with a similar name so they can claim confusion) Then they tell the court they got lucky that some scammer decided to push the stock up just afterwords, and at the new price it was worth selling.

Note that in some cases penny stocks are for companies that have for all practical purposes stopped operating. The owner (often it was a small business trying to make money, but they ran out of money before producing anything promissing, and lost interest) just hasn't filed the paperwork to declare the company non-existant, so the stock still exists even though you cannot contact them.

Its not just that there is a problem identifying joe-jobs, it is that in most cases it is a joe-job, and the allibis are good. Still, the SEC does investigate these as best they can.

Re:To stop spam, stop the money laundering

[pyrotic]

Some good points, but why are we not seeing mass prosecutions on this? During the dot-com boom Meryl Lynch (UK) brokers got into shit with regulators for knowlingly advising the public to buy shares that their own analysts and pension fund managers were dumping. They were caught because there was an audit trail on the sales. Correlating "anonymous" spam emails gathered via honeynets with price movements and institutional selling should not be rocket science, the sums of money involved are not trivial, but I've yet to hear of any prosecutions for securities fraud by this method.

Again, we're only seeing US spam on this, and while the US market has the greatest liquidity, all other factors being equal you should also see this kind of spam on other markets. This suggests that either US investors are guilable fools, or the SEC is not doing it's job.

Re:To stop spam, stop the money laundering

[bluGill]

In the case of a true penny stock mass amounts of money do not need to be moved. 1000 shares trading in a day is an unheard of large number, and since we are talking less that $5/share, and often just a few pennies, the average person can manipulate prices! Of course you can't make enough from one manipulation to live, but if you do several at a time you can make money.

I agree the SEC should do more, but it isn't as easy as you would think to find these people.

Hidden Markov Model

[icejai]

Why not use a hidden markov model to filter spam that use random digits as filler?

A very basic filter will work this way:

Train a network of say, 30 to 40 units, with any english text. The training text doesn't just have to be limited to letters and numbers, it can include other ascii characters as well, because the hidden markov model will create distributions for them as well.

Now, for each new email that comes in, grab random chunks of text (maybe random 30-character strings) and see how probable the text would be in this hidden markov model. If it turns out not very likely, then scrap it.

Any thoughts?

Re:Hidden Markov Model

[mcc]

Right now spam is usually filtered using a brownian model. As a result, spammers have begun structuring their emails so as to target brownian models. How many spams have you gotten lately with the subject line ending in confiscate ok wallop yls oblivion?

If we move to filtering spam using markov models, spammers will begin structuring their emails so as to target markov models. Look forward to all your spams ending in 500-word blocks of text from a copy of MegaHAL trained on old grandmothers' email boxes.

Re:Hidden Markov Model

[slazar]

Oh those brownian filters! What, do they filter based on how motive the email's atoms are? This thread has so many incorrect and brainless comments!

Re:Hidden Markov Model

[TheBackBencher]

I actually wrote a paper on using Markov Random Field Model for spam filtering. its here: http://it.slashdot.org/article.pl?sid=05/04/12/014 4245&tid=111&tid=95&tid=218

Re:Hidden Markov Model

[Keeper]

Look forward to all your spams ending in 500-word blocks of text from a copy of MegaHAL trained on old grandmothers' email boxes

Some spam is already including the text of random news articles to defeat filters...

Ugh

[Mr.+Underbridge]

Legislate against spam. As long as spam is legal, or the penalties against it are too low, or it is too easy to do, people will continue to try and make a quick buck.

First, I guess you didn't see the guy in VA who just got something like 9 years in jail.

That said, spam doesn't obey jurisdictional boundaries. Any single country can only solve a small part of the problem, and any spam incident often involves over 3 jusrisdictions that may be in separate countries (sender, spambot, recipient, etc). That's a logistical nightmare that isn't soluble outside of a dream world.

Also, force all ISP's to monitor how much bandwith a source has. If you get too much usage per day, say 200 megabytes or more, then that person has to explain why they need that much bandwith. If someone gets the RIAA on board, with their lobbyists, that should pass very quickly.

That's fantastic. Trade a bad problem for one that's much worse. Get the RIAA to legitimize their practices by using a guise of stopping spam? Let's not.

Also, force all email to have some element which identifies the source. Not just a header that can be forged, but something that can't be hacked.

Now by force, what do you do if they don't? Enforement issues again here.

Ultimately, legislative solutions for spam DO NOT and CAN NOT work for much but a small part of the problem. It's satistfying when some moron is clumsy enough to get caught (as with the guy in VA), but mostly these days the spammers aren't that stupid. Technological solutions work far better.

Re:Ugh

[Mr.+Underbridge]

No, all routers in the USA can be forced to reject all email, unless it comes on a specific port, with specific identifiers. For example, maybe have a ISP program that you must instal on your machine that identifies your email. If the hash made by that program is wrong, they drop the email. Like what microsoft does when you try and instal software, you have to validate that you own the software and it is running on one machine.

None of those "let's redefine the SMTP standard" crackpot schemes are going to work. Remember, any solution has to be implementable for a billion internet users, and none of those hash schemes are. When the cost of implementation is higher than the cost of spam, the solution becomes a problem.

Re:Ugh

[mcc]

That said, spam doesn't obey jurisdictional boundaries. Any single country can only solve a small part of the problem, and any spam incident often involves over 3 jusrisdictions that may be in separate countries (sender, spambot, recipient, etc). That's a logistical nightmare that isn't soluble outside of a dream world.

The convenient thing here is that jurisdictional boundaries are often accompanied by physical boundaries, such as the atlantic ocean. There is a known number of internet links into the United States. If we can use legislative means to ensure that spam originates outside the U.S., that has the potential to make technical solutions to the spam problem vastly easier.

Spam is not a technological problem. It is a commercial problem taking advantage of imperfection in technology. You probably can't solve the spam problem through purely technical means, since supply and demand-- the thing that's actually driving spam-- has shown itself adept at surmounting technical barriers. You can, however, if you target spam's commercial nature, make relatively sure at least that at no point does their cashflow come from within the U.S..

Re:Ugh

[nonicenamesleft]

First, I guess you didn't see the guy in VA who just got something like 9 years in jail

From http://www.azcentral.com/news/articles/0408spamsen tence-ON.html
"Jaynes was prosecuted not for pumping out e-mail in bulk, but for falsifying information used to route the messages."

Re:Ugh

[Mr.+Underbridge]

The convenient thing here is that jurisdictional boundaries are often accompanied by physical boundaries, such as the atlantic ocean. There is a known number of internet links into the United States. If we can use legislative means to ensure that spam originates outside the U.S., that has the potential to make technical solutions to the spam problem vastly easier.

Marginally if at all. What are you going to do, turn off the pacific rim (it would be nice, but not feasible)? It's also quite easy for foreigners, then, to hijack a spambot in the US. What do you do, bust the bot owner? Not likely, those sorts of actions would make the RIAA look warm and fuzzy.

Spam is not a technological problem. It is a commercial problem taking advantage of imperfection in technology. You probably can't solve the spam problem through purely technical means, since supply and demand-- the thing that's actually driving spam-- has shown itself adept at surmounting technical barriers. You can, however, if you target spam's commercial nature, make relatively sure at least that at no point does their cashflow come from within the U.S..

Sounds nice. How do you do that? How do you examine their cashflow if they're foreign? Subpoena? Not happening. That's where those jurisdictional boundaries get ugly. That's why internet gambling still works, because all these places are based in Aruba and the US has no way to shut them down, and no way to peek at their books to make sure Americans aren't patronizing them. If our government can't shut down internet gambling - and it would like to - the same techniques will also fail for spam.

The problem is that when you reduce any of these non-technical spam solutions to actual details, they don't work. If the problem were so easy to solve, it would have BEEN solved.

Re:The way to stop spam...

[mjensen]

Check the slashdot archives/history for email.
These items have been discussed MANY times before here.
Search slashdot for "spam" or google for "spam solution site:slashdot.org" or "Obligatory spam solution rejection form"

To answer your wonderings:
Some ISPs block port 25 except going to their own servers. This means you can only access the email server of your ISP and no other ISP. Can't forge return addresses then. Many people don't like this.

Charging a fee for email is immediately flamed by mailing lists. Those people legitimately send 1000 or so messages a day to people that signed up for the list. This will cost them upward of $10 a day or more.

It willl never work

[heybo]

Do you really think a law will stop it? Laws aren't worth the paper they are written on if you don't have someone to enforce the laws! We have a law. Ever called the FTC to report a spammer? Ever tried to get the police to arrest a spammer? It doesn't work.

Yes the ISP could monitor the bandwidth on port 25 or just block port 25 and people could still download ISO or large updates. This still wouldn't stop it. Why? What about servers in Russia or China. Do you think american laws have any effect on them? Have you ever tried to contact an admin in China? What a joke.

Just who is going to charge this site for the spam? Even if you find the site how are you going to find the owner? All whois info on a site like this is a lie. ICANN will not drop a site for bad whois info.

Talking aobut the ISP they are using, most use someone like UUNET or a 100 others that do not give two sh_ts what they are doing as long as they are paying the bills. There are ISPs out there that this is where thay make their money. What are you going to do about them?

Why this is modded intresting I do not understand. It is obivous that you don't have to chase these kind of people for a living. None of your ideas will work.

I wish they could....

Re:It willl never work

[CohibaVancouver]

but if we could simply educate people to recognize spam (and thus refuse to do business with spammers) it would simply go away

That's the only solution. In probably twenty years or so enough of the populace will realize what spam is and respond to it. But right now, with spammers able to make hundreds of thousands of dollars, the problem will persist.

Solution or complication?

[Gary+Destruction]

Is there really such a thing as a solution to spam? For every new technique that is developed, the spammers will find a way to circumvent it. Spam is a multi-million dollar business. I'd go so far as to say that it's a science. At least, the spammers seem to have it down to a science.

Trying to find a solution to spam is an idea in the eyes of experts and analysts. But to spammers, it's a road block that they must work around to stay in business.
Spamming techniques will no doubt end up as signatures in spam filters that are not unlike those signatures used by IDS and virus scanners. The experts don't seem to understand that if there's a will, there's a way. And the spam will just keep coming in another form or by some other technique. All that can be done is to keep up with changing techniques and patterns and treat spam for what is truly is -- an attack vector.

Re:Solution or complication?

[aXis100]

I agree. Stopping spam via code can and will be circumvented.

We need to stop spam legally and politically. Instead of targeting the spammers, target the companies that utilise it. If it were illegal to advertise your product via spam, there would be no market for it. It cant really be circumvented - somehow there has to be a link to the product/company in the email.

Re:Solution or complication?

[TummyX]

Perhaps you should RTFA.

I like the computational problem solution. Most of us wouldn't mind if email took 5 seconds longer to send because the computer had to solve a computation challenge.

briefly worked on contract for a spam company

[Fox_1]

Well they weren't really a spam company, they sold software that allowed you to generate spam messages. I was going to do some telephone sales for them, cold call their market (I know, it's evil but I was calling corporations, not individuals, and I needed some cash) but after I got a copy of their software and became familiar with it's capabilities I felt icky, like I stepped in something, I couldn't in good conscience work for them. It had been presented to me as a customer contact software package - but it had too many little sneaky features that marked it to me as spam software, (built in SMTP server, throttle control on smtp activity so your ISP didn't get mad at you, and a bunch of message generation/tracking options) or at least there was nothing stopping customers from using it in that way, no matter how the company described their product.

Re:The way to stop spam...

[globalar]

Legislation ultimately runs into international borders and places where U.S. law cannot go. It can help, but honestly I am not sure how to craft a good law that will keep up with the pace of technology. Also, a law does not guarantee effective enforcement.

A better strategy, IMO, is to work on the commercial level. It has been said here on /. many times that if there were no money for spammers, there will be no spam. When spam becomes an issue which decides where money goes (who wins and who looses), the economics will take over. We need to convince people and businesses of simple ways to stop spam.

Forcing monitoring is counter-productive. ISP's need to voluntarily enact monitoring schemes for their own benefit and that of other parties. When an ISP is convinced that they can contribute to stopping spam and that this is in their best interests, their efforts are more likely to be aimed at succeeding not simply complying.

Also consumers need to get involved, but not with lobbying Congress (on this particular matter). ISP's and webhosts need to believe that consumers will factor spam tolerance into their decisionmaking. Consumers (and other buyers) need to follow up and practice this a little - at least a vocal plurality.

On the community side, black-lists need to be scrapped in favor of informative lists of known, proven spam havens and spammers. What host's are the real problem? That is what buyers need to know. Block them if you want, but that is counter to how the Internet works and will not ultimately succeed. Instead, inform buyers who is responsible for letting spam through. Who should you not do business with? Do not be condescending or militant - be simple and clear. "So-and-so sends spam to your inbox."

I agree, technical work needs to be done. But beyond protocols, formats, and other standards this is problem which can be solved through small changes in behavior across many groups. It cannot be centralized and squashed.

hacker?

[TLouden]

hackerman or heckerman?
I wish my last name was legally hacker. I'd change my first and middle to black and hat respectively.

Re:The easiest way to stop span.

[FooAtWFU]

People don't send spam from their ISP's account. They send it straight through their computer. Now, you could put outbound filtering on port 25, and require everyone to send mail through the ISP's servers (with authenticated SMTP of some sort), though there will be some legitimate traffic surpressed if that happens...

That'll trim spamming more than any 'message count'.

Re:The easiest way to stop span.

[game+kid]

Stop span?

Why would I want to stop the inline alternative to the harmful font tag?

...but yeah, definitely crimp those e-mails to realistic amounts. I for one would quickly welcome our spam-restricting ISP overlords.

Re:SPAM is not different from the rest of publicit

[datadriven]

Try to live an hour online whithout listening about micro$oft. It's just not possible.

Especially if you spend that hour on slashdot.

What's so bad about spam in the first place?

[ChuckSchwab]

I see all this time and money being invested into research to block spam. But we need to rethink our premises: does spam even need to be blocked? Is it actually a problem?

What you call "spam", I call "emails that help me learn about the latest products, websites, and business models". You want less of it? I want MORE of it. "Spam" keeps me informed about the world. And the fact is, consumers LIKE spam. Why do you think spam is profitable? Because people buy the products advertised! Studies show that 3 in 5 people who dislike "spam" have actually bought something online. So frankly, you need to be real careful about how you define "spam" because you could be targeting something you LIKE.

Re:What's so bad about spam in the first place?

[aXis100]

Just to feed the troll some more....

How is it acceptable to be sitting at work and recieve pornographic SPAM selling sex sites, penis enlargement and viagra?

You might want junk mail, but it seems that the majority of us dont.

Re:What's so bad about spam in the first place?

[ChuckSchwab]

Feed the troll? I am not a troll, sir. But you know who is a troll? You, for calling me a troll. That is trolling. You just can't accept that I made a valid point, so you have to slander me.

Re:What's so bad about spam in the first place?

[Technician]

I shouldn't feed the troll, but....

Studies show that 3 in 5 people who dislike "spam" have actually bought something online.

I fit right into that catagory. I get lots of spam. I have bought something online. Is this related somehow? I dislike SPAM. I bought a game. The SPAM and the game purchase are unrelated. I have bought nothing from any e-mail I have ever received.

I did a search to see who had the best deal on the game I wanted. I did not search my e-mail account for the information.

Please reveal the source of your studies and provide some information how spam and online purchases are related. Is there a relationship to the number of people who dislike SPAM and have bought something from a SPAM e-mail?

Re:What's so bad about spam in the first place?

[ChuckSchwab]

Source: Wall Street Journal

Comment: Chill out dude. I was just saying that people who don't like spam are likely to buy things online. I NEVER said the things they bought online were based on spam emails. I was just showing the GENERAL contradiction in how people approach spam. Specifically, they hate online marketing, yet buy online.

Re:What's so bad about spam in the first place?

[Technician]

Comment: Chill out dude. I was just saying that people who don't like spam are likely to buy things online.

Thanks for the clarification. The original context tended to imply the online purchases were from SPAM e-mails. Thanks for the reply that not that many people have responded to SPAM.

Your silly troll

[fmobus]

Spam damages productivity, period. I, for one, don't want and don't need to know about "V14gra and C1Al15", can I shove it upon your ass?
3 in 5 ppl who dislike "spam" have actually bought something online Hm... you mean, from the spammers? I guess not...

Spamalot

[Doc+Ruby]

Doesn't Outlook let you filter for only messages that come from addresses in your contact list? That cuts down on most spam - even spoofed address spams don't usually target people in the address owner's contact list. They just harvest addresses from phishing or web pages, which doesn't access contact lists.

The viral spams, where a virus reads a contact list and sends itself to the contacts from a familiar (and actual) address, are vulnerable to a server-based strategy. Servers could detect identical (or nearly) messages received by multiple recipients. Servers could check hashes of the messages with each other, to see if the duplicates are spread thinly across many servers. Then flag those messages as spam, or just "bulk mail", for client filters. Once a message was identified as spam, its hash (including a fuzzy hash) could immediately flag any matching message as flash.

With Microsoft distributing so many email clients and servers (plus Hotmail), they could drastically cut spam with this simple comparison tech. The time they spend on these exotic research techs are really just a way to generate PR, fanning their image as "smart". I guess their PR delivers better ROI than their product development. And then there's the actual profits they make on spam. Maybe MS isn't so well positioned after all.

Re:Spamalot

[fuzzyrabbit]

The contact list scenario doesn't work if you are running a support email address for customers to obtain software support.

Even if you hide the email address behind contact forms, you still get people who get trojans on their PC, which then run through their contact list, happily submitting our (up til then) unspammed email addresses to harvestors.

I can't even give my email address to my friends or Grandma in case they get a trojan and spoil my clean email address. What is the world coming to :-(

Re:Spamalot

[zappepcs]

This server based rule does work, and well. It is used in several areas where I have some knowledge. When virus emails are running rampant, the servers are very effective at keeping lists of repetative email subject/content/sender and just pounding them into the round file.

In a business, an e-mail arriving from outside the company domain and going to many inside recipients with questionable content, just kill it, all of 'it'.

This can be done by ISP mail servers. And the parent is right here, if ISP's and e-mail client vendors simply worked together, it could be a totally opt-in service where questionable e-mails never make it out of the bulk-mail folder on the client. It doesn't require any major change other than ISP mail server/service changes and client software that can use the bulkmail flag/listing provided by the ISP or mail service provider.

I would suggest that the F/OSS community can come up with an anti-spam usage for P2P networking with this... build a spam block list, share it out, the world starts getting less spam??????

Re:Spamalot

[Doc+Ruby]

Spam is an intractable (NP-complete) problem, because spammers are at least as smart as spamees. But there are ways not to get buried in the arms race.

The problem is divided in two: getting email from people with whom you have a relationship, and email from others with none. Forms are a way to protect you from "strangers" ("new friends"). Contact lists help ensure that people have a relationship with you. Your initial form, that replies by email, sends a unique code string ID, and requires that replies quote the original message. That keeps people who initiated replies "in the fold", and excludes trojans. Until someone writes a trojan that looks for unique codes. But there are simple ways to harness human intelligence against machine bulk mailers. Like including six codes, with a request to reply with only one, in slightly roundabout language. You filter out the ones with the wrong codes, and followup with people who have dropped the conversation because they mistakenly sent the wrong code. Add the server-comparison system I mentioned to discover bulk emails, and most spam is gone.

These solutions are very productive, and don't require lots of R&D. And they don't really harm anything, so they're worth doing while they work. Which means they'll undermine spammers, by depriving them of revenue, while the law goes to work on stopping the spammer, instead of the spam. That's the best we can do. The perfect is the enemy of the merely good, when we insist on waiting for the perfect.

STOP FORWARDING!

[Dark+Coder]

The single MOST effective anti-spam is to stop supporting mobile IP and ".forward" mechanism.

Once done, then ALL mail administrator can then implement DNS verification against the sender^H^H^H^H^H^Hspammer's IP address. If they don't match, NULL-BIT bucket it.

Seems like a small price to pay for restoring normalcy (until the next SMTPv2 comes along).

Re:STOP FORWARDING!

[samjam]

Seems like a funny kind of normalcy to me.

Sam

another patent grab?

[pixel+fairy]

just a wild guess...

what happend with the senderid thing?

of course they could see a buissiness problem if people stop wanting to use email, and thus thier exchange servers, or maybe even they are tired of it...

but really, i smell another patent grab...

Spam still an issue?

[groomed]

Between SpamAssassin, procmail, and MUA filtering rules, I rarely get to see spam anymore. The spam which does slip through is so absurd and surreal that it's more hilarious than annoying.

If everybody did this, the volume of spam would quickly dry up. Because when people don't see the spam, they can't respond to it, and when they don't respond to it, the spammer doesn't have a business.

Educate the people around you and help them reduce the spam that gets to their inbox. Don't support solutions which effectively render nodes at the network periphery to second-class status.

Re:Spam still an issue?

[dodobh]

The traditional response of spammers to better filters has been to send more spam. A large portion of the cost of spam is in handling the traffic itself. Your solution does nothing to reduce that.

Commitment

[Deliveranc3]

They blocked the block function for microsoft messages in hotmail.

Microsoft already has a "spamming division"

... it's called "HotMail"

How else do you explain getting 50 pieces of junk mail a day even when you never use your account?

Re:Microsoft already has a "spamming division"

[Dave2+Wickham]

The fact that hotmail is one of the most common providers of webmail out there and so spammers generate likely addresses for it to spam?

the anti-spam "it won't work" checklist

[bersl2]

I just got out of a six-hour meeting, so I'm a bit senseless. But I see no one has posted this yet, so:

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses [hey, it's Microsoft... they've probably already submitted the patent...]
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:The way to stop spam...

[sfe_software]

Legislate against spam. As long as spam is legal, or the penalties against it are too low, or it is too easy to do, people will continue to try and make a quick buck.

I don't see that helping. Legislate in what jurisdiction? In which countries can it be enforced? Note that one can simply lease servers in a country immune to such legislation, or outsource to a company in such a country.

Besides, FAX spam has been illegal for years, yet it continues to happen pretty constantly.

Also, force all ISP's to monitor how much bandwith a source has. If you get too much usage per day, say 200 megabytes or more, then that person has to explain why they need that much bandwith.

My DSL provider seems to have recently blocked port 25 outbound on me. Thanks to spammers I'm sure. So now I'm forced to use SBC's mail servers, or use a different port on my own servers.

Which is not fair at all. Neither would a bandwidth cap, when I'm paying for "unlimited" usage regardless of what port(s) the traffic may travel on.

Also, force all email to have some element which identifies the source. Not just a header that can be forged, but something that can't be hacked. And if a source can not be found, but it is selling a product an identifiable site, charge that site just as if they were the ones sending the spam.

I can deal with the first part of this: if everyone can agree on some authentication/validation standard, some verification can be good. As long as it doesn't cost the sending server operator anything other than the time taken to verify who they are.

The second part, though, won't fly. Forging the sender's address and/or IP is entirely too simple. And I've seend spam promoting a completely unaffiliated site, in the interest of getting a competing site shut down. In other words, send anonymous (forged headers) spam promoting your competitor, getting them shut down. Unless it can be proved beyond reasonable doubt that the company in question is in fact responsible for the spam, you can't convict or punish them...

Re:A penny an email will keep the Spammer Away

[TummyX]

Perhaps you should RTFA

Re:The way to stop spam...

[sfe_software]

Reply to my own post:

And I've seend spam promoting a completely unaffiliated site, in the interest of getting a competing site shut down.

Just to clarify, the typo should have said I've seen spam.... The way it's typed could be interpreted as I've sent, which is certainly not the case...

Re:The easiest way to stop span.

[Technician]

People don't send spam from their ISP's account.

Very true. They use a botnet.

They send it straight through their computer.

Not they don't. It's the easy to be on a RBL.

Now, you could put outbound filtering on port 25, and require everyone to send mail through the ISP's servers (with authenticated SMTP of some sort), though there will be some legitimate traffic surpressed if that happens...

The botnet is used to send just a few e-mails from each bot. Get an unfiltered inbox. Check the multiple copies of SPAM you get from diffrent senders. Check the headers. Identical SPAM arriving from many domains typicaly hit my inbox within a half hour of each other. This is the teltale sign of a botnet sending SPAM.

MAD LIB on Troll post

[Fox_1]

MAD LIB on Troll post
Spam = killing babies

see all this time and money being invested into research to block killing babies. But we need to rethink our premises: does killing babies even need to be blocked? Is it actually a problem?

What you call "killing babies", I call "emails that help me learn about the latest products, websites, and business models". You want less of it? I want MORE of it. "killing babies" keeps me informed about the world. And the fact is, consumers LIKE killing babies. Why do you think killing babies is profitable? Because people buy the products advertised! Studies show that 3 in 5 people who dislike "killing babies" have actually bought something online. So frankly, you need to be real careful about how you define "killing babies" because you could be targeting something you LIKE.

Re:bullets are cheap

[Technician]

a couple of dead spammers and the problem will be radically reduced.


And a couple dead Joe Job'ed anti-spammers would get law enforcement heavly involved.

Re:A penny an email will keep the Spammer Away

[Technician]

A very simple way to stop spam would be to charge someone a small amount of money for example a penny for every email that is sent. That amount will go to the person who is receiving the email. Thus for every email that you send you need to pay a penny and for every email you receive you get a penny. Thus the total cost of sending an email will be zero if whoever you wrote to writes back to you. This will even out the cost of sending and receiving emails. The only person who this would hurt is the spammers who send out millions of emails to total strangers who most often just delete the junk that they receive. So this solution is good for people who use emails for legitimate reasons. Heck this way spammers can send me all the emails that they want, I will just be making money off of them.


It's a great idea until the e-mail is paid for by your stolen identity and banking information.
These are criminals who don't give out their own iformation. They use someone else's identity to avoid lawsuits. Deflecting the mob to someone else is standard pratice.

Something is suspicious here.

[ciscoguy01]

This article in Scientific American says
"The suffocating effect of spam sometimes seems likely to undermine, if not wreck, Internet communications as we have come to know them."
Which seems to mean spam is getting to be MORE of a problem than in the past.
But yesterday in /. there was another article about how spam was LESS of a problem for people than in the past.

People are More Accepting of Spam
http://it.slashdot.org/article.pl?sid=05/04/11/015 7208&tid=111

So which is it?
Personally I have MUCH MORE spam than I had a couple of years ago.
It is handled marginally better but THERE IS LOTS MORE.
For me Spam is much more of a problem than at any time in the past.
And yeah, it does and will wreck internet communications as we have come to know them.

Re:The way to stop spam...

[sfe_software]

It has been said here on /. many times that if there were no money for spammers, there will be no spam. When spam becomes an issue which decides where money goes (who wins and who looses), the economics will take over.

I agree 100%. The problem is educating the "average" PC user to recognize spam. To most of us it's easy, but to a casual user, that offer they received looks like a great deal. Hm, refinance at 1.3% interest? Enlarge certain appendages with all-natural herbs? One must be educated to be able to recognize scams for what they are.

Forcing monitoring is counter-productive. ISP's need to voluntarily enact monitoring schemes for their own benefit and that of other parties. When an ISP is convinced that they can contribute to stopping spam and that this is in their best interests, their efforts are more likely to be aimed at succeeding not simply complying.

Agreed 100%. As much as I hate to admit, AOL has done quite a bit to help the issue (took them long enough!)

They started blocking port 25 a while ago. This normally sucks, but how many AOL users would be using an outside (leased/hosted) mail server? They also apparently offer spam blocking tools, though I haven't evaluated them personally...

Instead, inform buyers who is responsible for letting spam through. Who should you not do business with? Do not be condescending or militant - be simple and clear. "So-and-so sends spam to your inbox."

Not quite the same thing I'll admit, but I've steered a few friends/family away from X10 due to their popup ad practices. I believe they still continue this, though since Firefox I haven't seen their ads...

More importantly, the best advise I give to friends and family is this: if it sounds too good to be true (especially on the 'Net), it most likely is. Bill gates isn't going to send you to Disney World, and you aren't going to find 10,000,000 USD in your bank account from some random Nigerian with money to launder.

If the majority of people would learn these things, the majority of spam would no longer be profitable, and would ultimately cease...

kill botnets , thats the solution. duhhhhh

[cheekyboy]

You have to find the distribution of bot nets and wipe em out, then find the bot nets and whipe them out.

1. find all bot net PCs
2. once found, firewall them so they can ONLY LOOK at the ISP homepage, nothing else.
3. dont let them in until the user cleans the PC.
4. find the irc channels that bot nets connect to, and log their servers to see who is controlling the bot nets, if a private irc server, firewall it world wide amongst the big ISPs/international gateways.
5. Find all trojan websites and get the hosters to delete them, if not, then firewall the WHOLE HOSTER.

I know how to get rid of spam.

[aerozeppl]

People with a small penis will be killed so there is no need for "Enhancement" And I will personally handle all loans and mortgage transactions.

Re:The easiest way to stop span.

Now, you could put outbound filtering on port 25, and require everyone to send mail through the ISP's servers (with authenticated SMTP of some sort), though there will be some legitimate traffic surpressed if that happens...

Back in 1999 when I worked for a hosting provider, I hated that some ISPs were doing this. Having to explain to our users why exactly they couldn't use their own SMTP server (our servers) was a nightmare. It also sucked for me with my laptop; I could be home, where I had to use my ISPs server, or I could be at a hotel where I had to go change my settings to use my own (hosted) mail server.

But, I've come to the conclusion that disallowing outbound port 25 traffic isn't such a bad thing. A zombie'd machine on a DSL or cable connection can be dangerous, and can go undetected for months sending spam... and though it's a minor inconvenience to me (since SBC started doing this recently), if it stops some of the spam I receive then I'm all for it.

SBC seems to now require that I use their SMTP servers, but I can still specify my From:, Reply, and Return-Path addresses as I see fit -- so it really doesn't make a difference to me once it's been (re-)configured to use the appropriate SMTP server.

Personally I'm a fan of SMTP-Auth, which I believe most (all?) clients support these days... but that still doesn't prevent worms/trojans from sending spam through the configured outbound server if the login info is accessible...

Re:Foolishness

[DNA+Beast]

>> Any spam defense model that analyzes the text is doomed (until the advent of bona fide AI). Actually, when bona fide AI comes on the scene it's going to be nigh on impossible to filter spam. Do you have a friend who you've only ever met online? Would you trust their judgement if they told you where to buy online? Maybe the turing test should be changed. If a program can convince you to buy Viagra online, then it passes.

what if people talk in latvian?

[cheekyboy]

Ok so your going to make a filter tester for 2000 languages?

Im sure email that is written in PNG or other languages that arent in the top 10 will look like '99% wrong spelling'

Re:what if people talk in latvian?

[Antique+Geekmeister]

IT's got an image attachment of any sort in the mail? Then it's spam. No problem to block, and you can notify the user so they wise up and don't send anything that auto-opens in your mailer.

Unfortunately, it doesn't block spam that includes HTML and image URL's to show the content in Windows email clients, but if you block HTML email as well, you block another format that is almost entirely spam. Yes, this is very harsh, but people should be discouraged from sending HTML email for other reasons.

My guess to Microsofts solution

[Felinoid]

I'm guessing Microsoft will cripple Outlook or Windows so that it's not possable to spam using that software.

This of course will have zero impact on spam.

As to my solution...
Enforce existing laws.

Most spam violates quite a few laws.
Truth in adverting.
Harrasment.
Dishonnest buisness practaces.
Advertsing to someone who can not legally buy the product.

If any spammer tried any of this via cold calling or postal they'd be in jail but spammers get a pass.

Don't loby for more laws just yet. Loby for enforcement of the laws we already have in place.

If needed bring spam in complience with junk mail and telemarkting.

Re:The way to stop spam...

[Tim+C]

SO, you simply explain that you has a big DL to do. Problem solved.

SO, I'll need to explain to my ISP why I'm using a lot of bandwidth every other day or so? Doesn't that strike you as just a little bit of a pain in the arse? (Not to mention the privacy implications)

You can't even have a system whereby if someone proves themselves to be a genuine "heavy internet uesr" over some period you stop checking them, as their machine could be compromised at any time.

General rule

[IBeatUpNerds]

Never trust anyone in the computer software industry with a last name of "hackerman." Sorry, I couldn't resist.

Re:The way to stop spam...

[StormyWeather]

Why is it if a company hires an advertising firm, and that advertising firm breaks the law it's ok?

If the law made a company liable for a percentage of the liability of their advertisements even if through a third person proxy wouldn't that make companies think twice about dealing with shifty scammers that could get the company being advertised in hot water?

The latest: Ascii art spam

[really_blurry]

This morning I got a new kind of spam. It was ascii art promoting valium viagra xanax and many more. The mail was formatted in a pre-tag and the font size set to 2.5. Creative spammers...

Lovely spam! Wonderful spam!

[DarkIye]

"Scientific American today has a very interesting article about "Stopping Spam" by Joshua Goodman, David Hackerman and Robert Rounthwaite from Microsoft Research. They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam. They mention different techniques for spam..."

I can hear the Vikings chanting now.

Why Do People Use HTML for Email ???

[mamladm]

The overwhelming majority of spam filter deceiving techniques relies on HTML. If you block messages containing HTML on the mail server, the spam that gets through is near 100% identifiable as spam using bayesian filters.

So why on earth do people still use HTML in their email? Email should be plain text only anyway.

I think all HTML mail is spam.

[TractorBarry]

> spammers of splitting words using HTML comments, pairs of zero width tags, or bogus tags.

Personally I'd like to be able to specify that I simply will not receive HTML mail. If someone does send it to me then I'd like my mail server (even better my ISPs mail server) to automatically return a "this recipient does not wish to receive HTML formatted email, please either resend as plain text or don't bother" reply (or is it that this is already possible and I'm just too lazy to work out how to do it ? :)

Maybe I'm old fashioned but I just like plain text. If I want to read it using a fancy font I'll set that myself thanks.

Yes i have ...

[GNUALMAFUERTE]

It's because in this capitalist world money makes the rules, and the big companys rule that they want their product down our throats, all the time. And legislators are part of that system. The law should be a printed reflection of the set of ethical rules of a given society, but in many cases, IT'S NOT, or it's based on the mindset of a group of people that has no ethics, or they ethics has been seriously compromised by their own thirst for power and money. So, NO, the fact that this shit is legal doesn't make it correct or ethical.

did the researchers

[harryoyster]

Did the researchers also look at making operating systems more secure. Most of the spam that I get these days is from exploited/trojaned or other systems. If we can slow the source we can help eliminate the problem.

Desirability does not need to be subjective.

[jotaeleemeese]

You can define your willigness to receive a message in programmable terms, thus spam could be:

-Messages whose senders I have not authorized to send me messages (that authorization could take the form of signed emails, white lists, etc)

Dyslexix phishing

[Hieronymus+Howard]

I liked the phishing email from the 'split fit' article:

Date: Mon, 28 Mar 2005 18:41:22 -0800 (PST)
From: "B&#1983;rclay&#1980;s" <amwmwngkev@yahoo.com>
Subject: Braclays Emlia&#8236; Veacifition
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1893089315-1112064082=:45059"
Content -Length: 1338

Dera Blcraays Mbmeer,

Thsi eamil was stne by the Barclays serevr to vreify yuor emial adsserd. You mtsu competel thsi pssecor
by ccilking
on the likn bewol and entireng in the smlal wiodnw yoru Braclays Membership nrebmu, passcedo and
meelbarom word.
Tsih is doen for yruo proteoitcn - buacese semo of our mrebmes no lonegr haev assecc to theri emlia
adserdses and
we muts virefy it. To vyfire yruo eiaml arddess and accses yruo bnak anuocct , cilck on the lnik bolew:

Is anyone going to be stupid enough to respond to this one?

Re:Dyslexix phishing

[10Ghz]

Is anyone going to be stupid enough to respond to this one?

Short answer: yes

Actually, it's not that complicated

[Moraelin]

1. Most civilized countries are sick and tired of SPAM too. E.g., most European countries. So there is enough scope for a spam free zone, if the USA does want to get its act together and cooperate. It's not like you're alone against the world on the SPAM issue, except for the fact that:

2. It's mostly your spam that's dumped upon the rest of the world. USA is currently _the_ biggest source of spam, followed by... offshored operations paid for by someone from the USA.

So on one hand, the USA could halve the SPAM traffic on its own, without even needing much international cooperation, if it actually got its act together. And on the other hand, hey, there's a lot of incentive for a lot of other countries to cooperate. Just show us where to sign, if it means we'll stop getting your crap in our inboxes.

3. Once you have secured an EU+North America treaty on that issue, the rest of the world should IMHO be actually pretty easy.

We're talking some major combined economic power there. Any country who doesn't want to play ball with that kind of a behemoth can be whacked into submission in a variety of ways, ranging from economic sanctions to just disconnecting them from the Internet.

Makes that country unattractive to spammers too in the process. See, I don't think spammers want to target the local citizens of Elbonia with their operations. You disconnect them from the rich targets, you've killed that operation. So any country which thought it'll get rich by sheltering spammers, will quickly lose that investment too and be left with just the other disadvantages.

So I think they'll play ball.

4. But I don't think the spammers want to move to Elbonia or East Bumfuckistan and run their operation from there anyway. They might pay some local 5 bucks to run a server for them there, but they don't want to go live in a third world country. Those countries aren't that much fun.

You may see that even for legitimate operations, IBM might offshore their tech support to India or China, but you won't see the CEO of IBM moving there. (And those are already developping countries, not third world ones.)

attacking from another direction

[Fuji+Kitakyusho]

What about making it a crime to purchase products advertised via spam? The spammers may not care about enforcement, but John Q. Public might give it a second thought if he could be held accountable for supporting the industry.

Re:The way to stop spam...

[Alioth]

Spam requires no new legislation - only existing legislation be enforced.
The vast majority of spammers are already breaking the law - selling counterfeit prescription drugs which is illegal, using hacked machines in zombie networks which is illegal, or promoting illegal scams. I don't think I've seen a spam message recently that hasn't broken the law in some way (either by using hacked computers or by advertising something illegal).

Re:The easiest way to stop span.

[The_Mr_Flibble]

On our adsl connections we have a default port 25 blocking policy, however we will stop blocking port 25 for anyone that asks (and has a good reason ( a good enough reason is I am running my own mail server or I am using a different mailserver)). However we still have a couple of people that have port 25 open and still get hit by trojans and proxies. It now costs them £250 to have their connection turned back on everytime.

Re:Overview of Spam Filtering Approaches

[PatrickCynicExtraord]

There is also source code to create your own spam filter (Java)...

That isn't easy at all.

[Mr.+Underbridge]

Most civilized countries are sick and tired of SPAM too. E.g., most European countries. So there is enough scope for a spam free zone, if the USA does want to get its act together and cooperate. It's not like you're alone against the world on the SPAM issue, except for the fact that:

I realize that. But Europe isn't the real problem either, it's Asia. And it only takes a few jurisdictions who don't care to keep spam rolling. And it's also easy to find cracks in jurisdictional entanglements even if everyone works together. Look, if we were talking about murder, they might get it together. But I don't see the FBI and Interpol getting their braintrusts together to solve spam.

It's mostly your spam that's dumped upon the rest of the world. USA is currently _the_ biggest source of spam, followed by... offshored operations paid for by someone from the USA.

Don't know why you're making this a US issue. If I were to bite, I'd also say we have more people connected, and I haven't seen stats that say we spam inordinately given our internet presence. But this is an international problem regardless, it doesn't matter.

Once you have secured an EU+North America treaty on that issue, the rest of the world should IMHO be actually pretty easy.

I wish. China will pay lip service but they don't have the resources now to solve a problem they don't really see as a problem. Look at copy protection as an example. They'll sign the treaty and smile, and that'll be that.

We're talking some major combined economic power there. Any country who doesn't want to play ball with that kind of a behemoth can be whacked into submission in a variety of ways, ranging from economic sanctions to just disconnecting them from the Internet.

You only have so much political capital, and I don't think nations are willing to use it on spam. Really, it's not enough of a priority. So no one's going to make that level of a threat against China. China would be insulted, it would set back relations severely, and they're doing worse things (like dumping product against WTO rules). So again, not happening. If our Attorney General went into a cabinet meeting and said that if China didn't cooperate on spam that we'd disconnect them and sanction them, he'd be laughed at. If we don't sanction them for unfair trade and human rights violations, we aren't doing it for spam.

But I don't think the spammers want to move to Elbonia or East Bumfuckistan and run their operation from there anyway. They might pay some local 5 bucks to run a server for them there, but they don't want to go live in a third world country. Those countries aren't that much fun.

No? How about Aruba, where all the internet gambling sites run? Bottom line is there will always be enough places that don't play ball, and that aren't worth shutting off from the net. And there will always be spambots, so that wouldn't help anyway. And there will always be enough jurisdictions that don't have enough time/money to pursue this problem that really doesn't hit the radar of (for example) our Department of Justice which generally has bigger problems. So you can forget about the nations of the world getting together to hammer out a solution to this problem. I don't plan to sit on my hands waiting for governments to solve the problem.

Utimately, yes, this problem could be solved if everyone worked together. But if you think that'll happen, you're truly naive.

Re:That isn't easy at all.

[Moraelin]

That is a very insightful observation, except for the fact that most people and countries don't give a damn about internet gambling. It's not like it actively goes spreading gambling-zombie viruses or actively goes forcing people to gamble, or anything.

So IMHO it doesn't even invalidate my point.

1. We're still talking about a simple offshoring operation. We're not really talking about having to _move_ there, because your country would throw you in prison for that operation.

I'm willing to bet that the people making money from those gambling operation still live comfortably in the USA or EU. If they actually faced a choice like "(A) personally move to a third world country, (B) shut down the operation, or (C) go to jail" I still believe that most would choose B.

But either way, it doesn't really either contradict or prove my point. It's just not the same situation.

2. Because noone is actively fighting Internet gambling, a country hosting those isn't in any danger of being disconnected from the 'net for that. I.e., it doesn't prove that point either.

Now let's think we were talking spam there. That all the world's spam was coming from a single third world nation, let's call it Elbonia. I'm thinking you can already see where this is going: everyone's spam filters and most ISP's would completely block emails from that block.

I.e., as I've described before, that country would find itself quickly off the net, and its spammers effectively disconnected from their source of income. Sure, the country may still encourage them. But suddenly they can't actually make money as long as they stay in that country. Are you that sure they wouldn't drop it like a hot potato?

3. As illustrated above, it doesn't even take any political effort to take a few bad apples off the net. Any third world country that becomes _the_ source of spam will just make every ISP's and admin's day: it's a single rule to block the trash. Incidentally, the rule that also takes that country off the net.

It's much the same as from half the world you can't make a credit card purchase any more. There was no political decree to start blocking those countries' citizens from online purchases. It's the banks themselves who eventually just had enough of those countries' encouraging fraud.

So what's China going to do there? Call my ISP and threaten with sanctions if they don't start allowing spam from China? Threaten my ISP with WTO violations, even? Now that would make a few people's day at the ISP. I can imagine some general fits of laughter.

Re:That isn't easy at all.

[Mr.+Underbridge]

That is a very insightful observation, except for the fact that most people and countries don't give a damn about internet gambling. It's not like it actively goes spreading gambling-zombie viruses or actively goes forcing people to gamble, or anything.

The US attorney general does. You're right, gambling is not as big a problem. But I'd reiterate, it doesn't matter what we think the problem is, it's the priorities of the government. And spam is a low priority for them compared to gambling. So you're not going to see them "waste" time and political capital on spam. That's just the US, but I haven't seen any country really make an effort to - or even talk about - solving the problem. Unless it becomes a much higher priority, spam cannot be solved internationally.

I'm willing to bet that the people making money from those gambling operation still live comfortably in the USA or EU. If they actually faced a choice like "(A) personally move to a third world country, (B) shut down the operation, or (C) go to jail" I still believe that most would choose B.

I've read about it. They live in Aruba. One guy interviewed fully realizes he'll be arrested if he ever comes back to the US. He's fine with that, because he's 1) rich, and 2) lives in a tropical paradise.

I.e., as I've described before, that country would find itself quickly off the net, and its spammers effectively disconnected from their source of income. Sure, the country may still encourage them. But suddenly they can't actually make money as long as they stay in that country. Are you that sure they wouldn't drop it like a hot potato?

So why is that not happening? Because NO COUNTRY, let alone an ISP, is willing to have the arrogance of completely cutting another country off, even for spam. The question of whether this would work is completely irrelevant because it would cause much bigger problems than it would solve. It would cure spam in much the same way that decapitation would cure acne.

It's much the same as from half the world you can't make a credit card purchase any more. There was no political decree to start blocking those countries' citizens from online purchases. It's the banks themselves who eventually just had enough of those countries' encouraging fraud.

And why aren't ISP's doing this now? Maybe a few do, but because enough spam comes from, say, Korea, and that's a big country, cutting it off isn't an option. Hell, we can't even catch people spamming in *this* country easily because of the inefficiencies in the bureaucracy, jurisdictional problems, and the difficulty of tracing spam back to its actual sender.

Basically, your plan requires every country of any significant size to simultanuously solve the spam problem. That's why it won't happen. Ideas like yours sound great in a bottle, but when you actually go to implement them, it gets messy. The place where it falls apart is the same as with air pollution laws, a significant portion of the countries will balk at implementing the plan if there's anyone who won't, as all it takes is a few bad apples to make the entire effort pointless. So unless you can solve the problem internationally all at the same time, it won't work. And since that'll never happen, that's why legislating spam away won't be successful.

Bottom line, if the govs/ISPs want to solve the problem, and your idea is implementable, why aren't they doing it? I can assure you, it isn't because they haven't thought of it.

Stocks

[jefu]

Perhaps Mr "Schwab" is selling penny stocks and wants to expand his market?

Re:The way to stop spam...

[jefu]

On the community side, black-lists need to be scrapped in favor of informative lists of known, proven spam havens and spammers. What host's are the real problem?

But spammers keep getting new hosts. Viruses on unsecured machines to send mail, and people just buying new servers or server names. Last fall I got a goodly amount of spam over a period of a couple months and always referring to new web sites - mostly in places like Uzbekistan and invariably registered through joker.com with a new name and address associated with it in the whois info. (Not that I'm saying it was joker.com's problem, it just seemed strange that there were so many, all with essentially the same characteristics and all through the same company.)

Re:The way to stop spam...

[TFGeditor]

Wrong. We're talking about *outgoing* bandwidth, not incoming.

White Lists

[tilleyrw]

My thought is simple. White list.

Any mail you receive is automatically classified as spam unless it was sent by a known, approved sender.

Now let me go back to deciding if the sender of the Nigerian Penis-enlarging Hot-N-Horny Virgins is a friend.

Re:Spellcheck

[maxjenius22]

I think SpamAssassin does this spellchecking thing already.

Posting Spam in Yahoo Groups

[mysterystevenson]

What I hate is when someone spams a member group so much with so many links in posts that the group ends up breaking up over the attacks. I just quit about 10 groups over the same spammer; Lou Gentile is supposed to be a talk show host on the radio, but he either/or knows 20 or 30 different people that are willing to post all the same posts every day, and I mean long posts that take up a lot of room in your email when they get forwarded to you from your group. So many names and everyday a new header- there is no way to filter it all. So I quit all the groups this was happening in. Of course now I am getting a few from them anyhow as they mined my email, but that I may be able to filter, may mind you, cause they are always finding a way to annoy. As to the rest of it, I skim the rest of my email just to make sure a piece of good email isn't in the junk. I never open anything I don't know. But I can spot a phish a mile away and that is begining to take more of my time as I feel it is my resposibility to report those to the fraud investigators. You see I do no electronic transfers of funds whatsoever, and any financial activity online raises immediate flags, everywhere. Any bank or paypal, ebay and so on, is known to be fraud. I don't even write checks. So I am able to help out a number of investigations groups by reporting and auto-alerting activity which is new. So there is talk of Spam not bothering people as much, well it seems to be screwing up my life pretty good. Ruins good groups, and I seem to be taking up 4 times more this year reporting fraud online.And I don't go looking for it, it comes to me. Jerks.

Spell check?

[avicarmi]

why not just run a spell checker on suspected spam?

if there are too many misspelled words, flag as spam:

Thsi eamil was stne by the Barclays serevr to vreify yuor emial adsserd. You mtsu competel thsi pssecor

also, with some adaptation, this can work with HTML e-mail:

1 - do not even parse the HTML

Hypertextus Interruptus: Fi</n>nd N</n>ew </n>Fri</n>end</n>s
Slice and Dice: <br>U<br> <br>O<br>a<br> <br>D<br>u<br>a
Ze Foreign Accent: eárn mõnéy thrôugh unçõlleçted
The Black Hole: V<font size=0></font>i<font size=0>
etc...

none is a valid dictionary word, so that there will be many misspellings...

2 - strip only valid HTML tags, leaving any bogus HTML tags such as ab and run the spell checker again, looking for both misspellings and trigger words.

3 - just strip all HTML codes and check the resulting words, both for spelling and for trigger words.

4 - to avoid possible false positives, since valid HTML will also fail step one when the HTML is not parsed, parse the HTML and see if there are many valid dictionary words. since non-spam usually uses "nice" HTML this should be easy to parse, if the HTML is not valid, flag as possible spam.

can also check the ratio of HTML tags to text outside the tags, if there are lots of html or html look alike tags in the code, relative to the text, possible spam.

Did the MS Gurus mention ...

[Tjp($)pjT]

That it is a good idea to stop using email clients that automatically execute live code or allow disguised programs to have the appearance of some other class file luring unsuspecting neos into double clicking into virus heavan. Or email clients that allow access through scripts to the address book with no warnings? For example that odd Outlook product. "satire for the humor impaired warning, well actually so I won't be sued satire warning"

Re:bullets are cheap

[Technician]

Here's one I'd like to see taken out of business:

Is he a spammer, or someone you don't like and want to joe job? You were not specific in your post.

Hey!

[aug24]

I posted this below and got modded troll! No fair!

J.

"only" half of the spam

[Mugros]

Clearly, no law of a single country can hope to end spam. Only about half of all junk e-mail comes from the U.S

Well, "only" is a nice understatement. The population of the USA is about 4.5% of the world population. (OK, not everyone on earth has a PC)

Re:The easiest way to stop span.

[benb]

> you could put outbound filtering on port 25,
> and require everyone to send mail through
> the ISP's servers

Just that you wouldn't be an ISP anymore. An Internet Service Provider is for me primarily an IP packet transporter. If they fail to deliver an arbitary or random set of packets, they fail to deliver on their primary purpose.

Alternatively, call it censorship or whatever. In ayn case, I won't let myself be forced to use the ISP SMTP servers.