Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Researchers on Stopping Spam

Posted by timothy on from the slow-treacle dept.

TheBackBencher writes "Scientific American today has a very interesting article about "Stopping Spam" by Joshua Goodman, David Hackerman and Robert Rounthwaite from Microsoft Research. They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam. They mention different techniques for spam filtering mainly fingerprinting matching techniques, n grams model, naive bayesian approach, optical character recognition, challenge/response systems and Human Interacted Proofs (HIP) in a very lucid style. They however do not mention fingerprinting approach of using Nilsimsa Hash to tackle addition of random words by spammers in emails or hypertextus interruptus technique used by spammers of splitting words using HTML comments, pairs of zero width tags, or bogus tags. Also, Spam-Research is reporting the SplitFit Technique that Spammers are using to fool Yahoo! Mail SpamGuard."

14 of 294 comments (clear)

  1. The Microsoft way by Anonymous Coward · · Score: 4, Funny

    Creating your own spamming division, use illegal tactics to undercut your spamming competition, put them out of business, then stop spamming.

    1. Re:The Microsoft way by vwjeff · · Score: 4, Funny

      They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam.

      Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam; spam bacon sausage and spam; spam egg spam spam bacon and spam; spam sausage spam spam bacon spam tomato and spam;

      (punches self in face face hits keyboardadsfjlk;sjdafkldsajflsdak;fjsad;lfkjas;ldk fjas)

  2. I don't know... by Anonymous Coward · · Score: 4, Insightful

    If it was developed it can be reversed engineered. Sorry to say but spam is here to stay unless of course someday the internet becomes regulated somehow.

  3. Like the old saying goes....(sorta) by erick99 · · Score: 5, Funny

    Spam is like porn: hard to define but you know what it when you see it. That can be hard to program I would think. But, who knows.

    --
    http://www.busyweather.com/
    1. Re:Like the old saying goes....(sorta) by datafr0g · · Score: 5, Funny

      Our offsite spam engine can detect porn by looking at shapes, colours, etc...
      It works surprisingly well most of the time, though it did once pick up a photo of a broken PCB as porn due to its detected "posture"

      --
      "Who says nothing is impossible? Some people do it every day!" - Alfred E. Neuman
  4. The Arms Race Goes On by DumbSwede · · Score: 5, Informative
    Just today I saw a new method in a ebay.com phishing scheme.

    The ebay.com link showed up at the bottom of the browser, but was replaced with some kind of javascript mouseon event. This is probably not new.

    Instead of random text to fool Bayesian filters, it had hidden recent news article summaries (bracketed by html comment tags) that would be similar to what you might post to a friend.

    Spam filters will probably be upgraded to catch this soon, but it was the first time I had seen it. And of course as mentioned in the article, the ebay specifics where obfuscated by html tags between letters.

    --
    Letter To Iran
  5. Re:The way to stop spam... by Sonar · · Score: 5, Insightful

    Of course, one 200MB update from Microsoft would kill this idea. Or how about a 500MB game demo download? Thats legitimately free. Or better yet, what if I need to download a linux distro or a television episode?

    I would hate to have to explain all my actions to my ISP. Espically with the way media is driving the internet nowadays. 200MB is way too small of a limit.

    Now, you can monitor how many e-mails are sent by a host. That would be a better way. At least there could be a filter on the "to:" line. If that list includes over say, 1000+ users, consistantly, then at least there could be some flags raised.

  6. to stop spam, by havaloc · · Score: 5, Insightful

    give spammers a 9 year prison sentence.

  7. Re:Take a lesson by AndroidCat · · Score: 4, Insightful

    I shudder to think on what you mean by a "bounce" feature. Most likely sending a "bounce" reply to the forged sender address? That's part of the problem, not the solution.

    --
    One line blog. I hear that they're called Twitters now.
  8. Re:Spam is easy to define. by ch-chuck · · Score: 5, Insightful

    1) It is a form of communication

    all email is communication

    2) The communication is unwanted

    "wanted" is a subjective property of the recipient - the computer has no programmable decision procedure for wantedness.

    3) The source of the communication is hidden

    There may be some system of authenticating sender ID, and will be as easy as getting ppl to use pk encryption.

    4) In recieving the communication, you use your bandwith or incur a cost

    again a property of all emaiil.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  9. Re:I have an idea by xQx · · Score: 5, Insightful

    Here's a more interesting idea...

    Authenticate SMTP with public key signing. -- Then use a trust network to only accept email from trusted companies.

    Why it won't work:
    It involves effort and cost.

    Baah, the internet should be unregulated, if they can get rid of SPAM then whats to stop them getting rid of porn, anti-government information etc. There's a road we all want to go down.

    Don't buy it and Get over it(tm).

  10. Slashdot typos strick again! by VeryProfessional · · Score: 5, Informative

    I thought the name David Hackerman was a bit too good to be true, and it turns out it was. Following the link shows that his name is David Heckerman . Note to /. eds: please proofread your posts. It's not like they're very long...

  11. To stop spam, stop the money laundering by Animats · · Score: 5, Interesting
    A spammer needs certain resources to survive. Most spam control effort focus on cutting off the spammer's ability to send spam. Much has been done in that direction. Now more effort needs to be applied to the other direction - cutting off the spammer's payment stream.

    Legally, this is promising. First, there's no free speech issue. Second, in most jurisdictions, it's illegal to operate an anonymous business. So most spammers are criminals. Third, laundering transactions through intermediaries is usually a crime, too.

    The problem for law enforcement is that following the money is difficult. Additional technical support for that would be a big help.

    A good starting point would be to get a credit card issuing bank to cooperate in a scheme where, when one of their credit cards is used, full transaction details, including the payee's full identity, are immediately returned to the cardholder, using encrypted E-mail or some other secure means. That would make "following the money" much easier. This only requires one cooperating bank. That bank's credit cards might become popular with heavy Internet users. Especially if this works for prepaid credit cards, so you can find out who's behind a web site by using some disposable credit card.

    The next step is to crack down on "credit card intermediaries". Non-bank credit card intermediaries that handle spammer transactions should be stuck with the legal liability of the spammer. Legally, they're the "merchant". They shouldn't be allowed to pass the buck to some other party. This will make "cheap merchant accounts" harder to get, which is probably a good thing.

  12. Re:I have an idea by sfe_software · · Score: 5, Insightful

    Interesting idea, however invalid address responses are sent within 5 minutes of the original mail. If the response is sent over a day after the original mail is sent, the spammer could just discard it.

    The thing is, I don't belive spammers ever remove an address due to an error. I had a domain that received a ton of spam, and that domain expired. Two years later (fighting with Network Solutions) I got the domain back, and immediately started receiving a ton of spam. Two years of spammers sending spam to invalid addresses (no DNS on the domain) and they still continued.

    Why?

    Simple: the spammers don't receive bounce messages, and the spam-servers (which could be static servers, or compromised zombie machines) don't provide accurate return information. Much like how telemarketers often show invalid or "Unknown" caller-ID info. It costs nearly nothing to send a spam message to an address, whether that address is valid or not. It costs much more to weed out invalid or unreachable addresses from your list by intercepting bounce messages etc.

    And spammers don't give a shit. Most of the time, they are using someone else's machine (a zombie'd Windows box, or an open relay) so they don't need to care. So this trick simply doesn't work. It's cheaper to just continue sending to invalid addresses. Not to mention, many newbie spammers get their lists from less-than-legit sources who are selling large lists; they don't care (and are usually fully aware) that many of the addresses they are selling are bogus or no longer valid...

    In short, simple tricks like this don't work, when dealing with an "industry" that doesn't give a shit...

    --
    NGWave - Fast Sound Editor for Windows