Slashdot Mirror
Bot Nets Behind Recent Spam Surge
gsslay writes "Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams. The Register reports that anti-spam companies have seen a 30% increase in the last two months and, more worryingly, more of this spam is getting through to mailboxes due to the spammers' change in tactics. Rather than use unsecured mail relays spammers are using bot nets, making spam harder to identify and eliminate. Bounced spam is also on the up, and some experts reckon it's past time to start worrying. "
But this Bayesian strategy has been overcome by the spammers. They use hilariously strange word ordering trick the spam filter and lower their threshold (see Graham's Lisp code) down to an acceptable range. Here's a piece of text from some spam that made it into my mailbox this morning: And it goes on for about 7 paragraphs with absolutely nothing to do with its pitch. It's because of this nonsense that it makes it into my mailbox in the first place.
How do we eradicate this problem? What strategies do we use next?
Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing. Yes, I know it sounds absurd but I really think that an engine could be written in Prolog using WordNet or another dictionary with some basic English rules in an attempt to parse and analyze incoming text.
Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?
My work here is dung.
I recently saw a surge from about 15 spams a day to well over 200. So, I got a spamcop account, and changed my email to go there, and then from there I forward it to where I read my email. Now I'm back down to about 15 per day. Spamcop catches the rest, and they land in my 'held mail' folder, where it takes about 10 seconds to report as much spam as I want. In the email account where I actually read my email, I pushed up the sensitivity of the spam filters, and now I see maybe two a day in my inbox. I just report the rest to spamcop.
Maybe we need bots to fight the bots. Bot Wars. In a galaxy far, far, away...
"We are all geniuses when we dream"
- E.M. Cioran
No. Bayesian filtering has failed, just like every other filtering method before it. Modifying it will not work. Adding OCR for image text will not work. Creating a new filtering mechanism will not work. The spamming will continue, more and more of it will get in.
Frankly, given that both processing power, disc space, bandwidth etc, are all increasing, I for one foresee the current spam/ant-spam arms race continuing indefinitely, with the amount of spam sent slowly increasing, and the amount caught by the filters being just enough to keep the amount of spam you get into your inbox at in and around a constant level. It's an endless cycle.
I say, turn it all off. All of it. The filters, the blacklists, the whitelists, Spamhaus, the lot. Let every single spam sent reach its destination, if just for one day. Let Joe Sick Pack finally realise the scale of the problem and just how much strain is being placed on mail servers. It will be both terrible and beautilful at the same time.
Then take off and nuke the site from orbit. It's the only way to be sure.
May the Maths Be with you!