Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Gets Personal

Posted by ryuzaki0 on from the only-a-matter-of-time dept.

Vitaly Friedman writes "Two researchers demonstrate how much more effective spam could become if its authors used basic data-mining to personalize their messages. From the article: "North America, though no longer the world leader in spam production, still has serious potted meat problems. A recent research paper out of the University of Calgary suggests that those problems could soon be a lot worse if spam creators adopt a few simple data-mining procedures.""

8 of 141 comments (clear)

  1. don't kid yourselves by Anonymous Coward · · Score: 4, Interesting


    Th US most definately is the world leader in the production of spam

    treat the disease not the symptoms

    1. Re:don't kid yourselves by lbrandy · · Score: 2, Interesting

      Th US most definately is the world leader in the production of spam

      USA! USA! USA!

      More seriously... I believe that list lists the nationalities of the spammers.. not the country where the spam actually orginates. Let's be careful to not confuse Americans with America. For instance, the #1 guy on the list is an American, who hosts most of his spam servers in China.

  2. Duh! by Billosaur · · Score: 4, Interesting

    The reason they don't do this now is that the spammers doing it are not geeks. They're taking pre-built scripts, modifying some parameters, and letting them go. They will keep doing this until those scripts no longer work, and then they will move onto newer ones. The only was this will happen is if some hacker gets bored, reads this article, and desides there's a lot of cash to be made selling just such a thing to the spammers.

    Be real -- no matter how personalized an email gets, I'm still going to know it's not from somebody I know, because I don't make email my primary mode of correspondence and where I do, I can easily figure out that my mother isn't going to be sending me ads for Viagra.

    Now, if they could make a Turing-capable spam generator, I'd be impressed.

    --
    GetOuttaMySpace - The Anti-Social Network
  3. Actually snail mail is just as broken... by Lispy · · Score: 4, Interesting

    Every day I get quite upset by opening my reallife mailbox.
    It's totally unacceptable: Buried below a ton of trash I find two seriously dangerous invoices with 4digit numbers in the red. If I ever miss out one of them I'd probably go to jail, but hey, why not throw another pizza flyer on top of all that, the planet sure can handle this and what else are those trees for?

    Personally if I was going to choose I'd vote for e-mail spam just to get rid of this total waste of ressources.
    There should be a LAW against this, and against buying from spammers, reallife or virtual.

  4. Targetted Spam by overshoot · · Score: 4, Interesting
    Sort of an oxymoron, isn't it?

    The whole point of the spam business model is that it's low-cost. Any filtering would raise costs compared to simply flooding the world with the same payload.

    If spammers were in the slightest interested in addressing their markets, I wouldn't be seeing several thousand Asian-language spam per day addressed to a North American mail server. None of us would be seeing spam with hash-busters, mangled "Subject:" lines, and other filter avoidance hacks.

    This seems like one more attempt to promote the idea of "good spam" for mainsleazers like Kohl's department stores.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  5. When dealing in huge volumes of humans by maynard · · Score: 2, Interesting

    there will always be a relatively small percentage of people who show maladaptive behavior. Just as there is a much larger percentage of people willing to take advantage of those unable to control themselves. It's criminals and their victims vs. everyone else.

    The solution is not to be found in expecting *everyone* to change their behavior, because such an expectation is bound to fail. The solution is to be found in tightening up the mechanism behind data authentication and transport, both with technology and laws. Just like as was one with snail mail in the past. At one point the government realized that mail needed to be stamped, tracked from post office to post office, and then hand delivered by someone responsible. Well, we needn't charge to stamp email - but we certainly need to stamp it with an immutable ID, track its movements from host to host with immutable ID stamps, and then authenticate delivery at a specific host.

    This can only be done with cryptographic hardware installed on every machine, and a new SMTP protocol. Sucks, doesn't it. Bye bye anonymity, but at least it would get rid of spam. Pick your poison.

  6. Re:USian snail mail: return receipt requested by dgatwood · · Score: 2, Interesting

    Sounds familiar. I've been jumping up and down proclaiming the need for end-to-end authenticated SMTP for... many years now.

    • It would basically make it impossible for bots to be their own SMTP server, for one, which would significantly reduce their utility, as it would make return address spoofing (pretending to be at a different ISP) impossible.
    • By mandating SMTP Auth for the initial hop, it would allow ISPs to then cap the rate of messages sent by an individual through their ISP's mail server.
    • This, in turn, would dramatically limit the amount of spam that any single zombie could send (and could lead to better ability to detect abuse).
    • With some enhancements to the protocol, it could also provide a means whereby the end recipient could file a complaint that would be received by the ISP, and upon receiving a number of complaints the user's account could be blocked automagically.

    And so on. It's no silver bullet, but it is a pretty large nail directed into spammers' coffins---maybe not the last nail, but certainly a nail, nonetheless.

    I would note, however, that in order for any of this to work, ISPs MUST allow users to connect to other outgoing mail relays. If the new service ends up with the equivalent of port blocks on port 25, it will make all of this a completely worthless exercise, as the only mail server that can truly validate a source email address is the mail server to whom it belongs, whether this is your IAP, your employer's mail server, etc. Either that or a cross-site auth mechanism must be designed into the protocol, but such a mechanism would provide few real benefits over an unblocked port.

    With regards to your other point, though, delivery guarantees aren't required---indeed, plausible deniability (I never got that email) is something that a lot of people really like, particularly in the world of corporate law....

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  7. Real spam research by gvc · · Score: 3, Interesting
    Why does Slashdot not report on real spam research? They report puff pieces like this and the phishing talk from the MIT Spam Conference, but not the results of TREC 2005 Spam Track (Hint: an outsider using compression techniques was very strong; open source filters like crm114, dbacl, bogofilter and spamassasin were close behind; DSPAM was middle of the pack.) No filter came close to demonstrating those widely-claimed 99.9-whatever% accuracy figures. I guess "news for nerds -- stuff that matters" includes testimonials but not results.


    The TREC tests involved tests on 350,000 email messages. A 92,000 message public corpus from this effort is available for free download.


    John Graham-Cumming (no relation to TREC) has created SpamOrHam -- a community-based effort to adjudicate the judgements in the TREC corpus. This'll let us test in a big way Yerazunis' contention that spam filters are better than humans.


    Any filter writer can participtate in TREC 2006 by submitting a letter of intent now and a filter in due course.


    There's also an upcoming scientific spam conference this summer - CEAS.