Researchers Claim "Effectively Perfect" Spam Blocking Discovery

A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an "effectively perfect" method for blocking spam. The new system deciphers the templates a botnet is using to create spam and then teaches filters what to look for. "The system ... works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analyzing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot."

Is there the checklist for why this won't succeed?

Is it coming?

A never ending battle

[mcgrew]

Hooray for the good guys! Now if they could find something similar to fight viruses.

Re:A never ending battle

[eegad]

Hooray for the good guys! Now if they could find something similar to fight viruses.

My pattern analysis indicates that if the Windows kernel tried to load it, it's a virus.

Re:A never ending battle

Easy! Just upload your anti-virus to The Gibson and you'll be fine (I thought everyone knew this?)

Re:A never ending battle

[Daniel_Staal]

Your analysis is faulty: You miss-identified the virus.

Re:A never ending battle

I'm sure their solution will be just as perfect as this one.

But while contemplating the spam solution, I'm reminded of religious zealots who champion, "an eye for an eye." Perhaps we should force caught spammers to keep their eyes open, not letting them sleep until they have read out loud every spam email they ever sent...the number of times they sent them.

Then we should make them purchase every item they tried to sell, and donate the items to Haiti...or wherever the disaster of the month is. Now, that reminds me of the Nigerians...they should be sent to Haiti to share their ill-gotten gains, and live in cardboard villas.

Re:A never ending battle

[M.+Baranczak]

purchase every item they tried to sell, and donate the items to Haiti

You think the Haitians need bootleg Viagra?

Re:A never ending battle

[SanityInAnarchy]

Perhaps we should force caught spammers to keep their eyes open, not letting them sleep until they have read out loud every spam email they ever sent...the number of times they sent them.

Interesting, but I'm still partial to the way we dealt with Alan Ralsky... if I recall, he gave an interview in which he seemed entirely impartial to how much of a pain he was being to the rest of the world... the interview was featured on Slashdot, with just enough info that someone figured out his real mailing address, and shared it...

He was then signed up for every bulk mailing list in existence. He had to have literally tons of physical spam taken away from his house with trucks.

The sad part is, he didn't see the irony.

Re:A never ending battle

[SanityInAnarchy]

I should clarify: I mean "physical spam" as in "junk mail", not as in the actual mystery-meat made of pork and ham.

Re:A never ending battle

[Tumbleweed]

Hooray for the good guys! Now if they could find something similar to fight viruses.

Fire.

Re:A never ending battle

[Mikkeles]

You forgot the predecessors: Ready, Aim,....

Re:A never ending battle

[aquila.solo]

No, you insensitive clod! They need to refinance their mortgages!

Re:A never ending battle

[Trails]

A process on your machine is attempting to "crack wise about venerated Windows".

Would you like to deny or deny?

"Perfect"???

[Locke2005]

Sure, it will work "perfectly" for about 2 days, until the spammers change their methods to work around it. This is an arms race; there is no "final solution" (although modifying the email protocol to allow authentication of the sender's address would be a big help.)

Re:"Perfect"???

[NeoSkandranon]

Oh, there's a final solution alright.

Re:"Perfect"???

I don't know how killing all the Jews will help worldwide spam. Everyone knows all spammers are Nigerian Princes.

Re:"Perfect"???

[Thelasko]

Oh, there's a final solution alright.

Hitler, is that you?

I'm all for stopping Spam, but genocide crosses the line.

Re:"Perfect"???

[Afforess]

The final solution is to nuke spammers from orbit. It's the only way to be sure.

Re:"Perfect"???

[StripedCow]

Spammers will just incorporate this technique into their botnets to test whether sending certain spam will succeed.

Re:"Perfect"???

GAME OVER MAN, GAME OVER!

Re:"Perfect"???

[MBCook]

Fine with me. Most spam I get is obviously a template, since I get the same one for weeks. This would stop those additional sent copies. The false positive rate on this kind of thing is effectively 0%, so I'm willing to have it be an additional check on my email.

If it can stop a lot of this kind of spam, that's fine with me. Let it be an arms race. If the spammers have to make up new templates every 4 hours, that's going to make things a lot harder.

This isn't a cure for all spam, it's a fantastic filter for one (of the biggest) kinds of spam. Only headline makes it sound like it will solve all spam.

Re:"Perfect"???

[xZgf6xHx2uhoAj9D]

There is a final solution: make sending spam more expensive. Spammers will only spam so long as it's mind-blowingly wealthy. If you can raise their operating costs and bump them down from "mind-blowingly wealthy" to only "obscenely wealthy", they might switch to other lucrative immoral industries like manufacturing printer ink.

What this does is increase the computational power required to generate a spam email. The method they described sounds like it's self-learning (just hook it up to a spambot "oracle" and it'll figure out the new template), so spammers will likely have to abandon the use of templates altogether. If you increase the amount of computational time required to generate spam, you decrease the amount of spam sent and really decrease the profitability of it.

We keep pushing the requirements for spam further and further up the computational totem pole (or Chomsky hierarchy, if you will) and you get closer and closer to a point where spammers are going to have to create strong AI to write spam. If they fail, we don't have spammers anymore and if they win, well we have spam, but we also have strong AI! Win-win, I say.

Re:"Perfect"???

Yeah, and I don't think all the spammers are Jews anyway.

Re:"Perfect"???

I'm all for stopping Spam, but genocide crosses the line.

You'll have to genocide the goys. Spam isn't kosher.

Re:"Perfect"???

Oh, there's a final solution alright.

So the solution is 42?

Re:"Perfect"???

[Thelasko]

Oh, there's a final solution alright.

Your post advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:"Perfect"???

[sconeu]

Even that isn't guaranteed to work.

Re:"Perfect"???

[hoggoth]

> Hitler, is that you?

Godwin, is that you?

Re:"Perfect"???

[Simon+(S2)]

There is a final solution: ...

Your post advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:"Perfect"???

Do you want to play catch-up all your life, or DO YOU WANT TO WIN!? HOO-YAH!

Re:"Perfect"???

[afidel]

That doesn't work since it's been ages since spammers used their own machines to send spam, these days they just use whatever botnet they control. Increasing computational complexity only means they make their victims PC's work harder thus harming the environment.

Re:"Perfect"???

[khayman80]

We keep pushing the requirements for spam further and further up the computational totem pole (or Chomsky hierarchy, if you will) and you get closer and closer to a point where spammers are going to have to create strong AI to write spam. If they fail, we don't have spammers anymore and if they win, well we have spam, but we also have strong AI! Win-win, I say.

I agree with nearly everything you've said, but I don't consider the invention of strong AI by spammers to be a "win". Previously, I've argued that individual rights aren't related to human genetics, but rather to the organism's sapience. In other words, roaches have more rights than yeast cells (but not much more), cats have more rights than roaches, cetaceans/hominids/humans/"strong AI" have more rights than cats.

Allowing spammers to create beings who should be treated as citizens but are actually used as slave labor is wrong. Note that I'm specifically referring to strong AI; weak AI wouldn't qualify as sapient under most definitions.

Re:"Perfect"???

to a point where spammers are going to have to create strong AI to write spam. If they fail, we don't have spammers anymore and if they win, well we have spam, but we also have strong AI! Win-win, I say.

I welcome our penis-enlarging robotic overlords.

Re:"Perfect"???

[hoggoth]

Hmmm, you idea's intriguing to me and I would like to subscribe to your newsletter, but unfortunately as soon as it's template is recognized I'll stop getting it.

Re:"Perfect"???

[tlhIngan]

There is a final solution: make sending spam more expensive. Spammers will only spam so long as it's mind-blowingly wealthy. If you can raise their operating costs and bump them down from "mind-blowingly wealthy" to only "obscenely wealthy", they might switch to other lucrative immoral industries like manufacturing printer ink.

OTOH, I suspect most spam is easily blockable, and that's because spammers don't try. They don't have to - they have a pile of customers needing "marketing services" that they can milk for money, who cares if only 2 people actually see it in the end? Spammer sells 1,000,000 emails for $100, gullible people buy it, get their message sent and only a handful of people actually see it.

Why bother working around filters when there are fools to part money from? OF course, the company hiring those services probably finds out it's a waste of money, but there are so many more businesses yet to learn that lesson, so there they go.

No, the ones that care about working around the filters aren't the ones peddling crap, but the ones peddling malware - there they require getting through the filters. Making the botnet so you can make $100 per click of the "send 'marketing'" button is the important part. As is trying to transfer money out of bank accounts, etc.

Re:"Perfect"???

[bennomatic]

OK, I can speak from personal knowledge: the Jews are NOT responsible for your SPAM.

Re:"Perfect"???

[BitZtream]

(although modifying the email protocol to allow authentication of the sender's address would be a big help.)

Already done, its called SPF, Sender Policy Framework. Using existing infrastructure (DNS) and requires only minor modifications to most mail servers and is available for every mail server that matters to anyone but some douche bags running something completely custom.

Now if you could make a significant portion of the Internet switch to only accepting mail from SPF validated domains, then you'd have a major step in the right direction, but good luck pulling it off.

SPF is already a great deterrent for certain backscatter spams, but its not widely enough implemented to be truly useful.

Note: Spammers were the first in line to implement SPF when it came out, so they could avoid getting killed by servers which required it to get through in the first place. It does stop botnets pretty quickly though, but only if those sender addresses are from domains that support SPF. You can't really block non-SPF domains at this point as you'd end up blocking too many lazy sites, including some of the big boys.

Re:"Perfect"???

[Nerdposeur]

If they fail, we don't have spammers anymore and if they win, well we have spam, but we also have strong AI! Win-win, I say.

Imagine you get lots of calls from clever con artists, along with your regular business calls. Imagine you've got a secretary who always has to deal with these people, distinguish social engineering attempts from legit calls, notify the cops, etc.

That's the spam wars with clever AI.

Re:"Perfect"???

[QuantumRiff]

Actually, I think this will work perfectly, except for the first X number of emails that get through, before it finds the "template" used to build them.

Re:"Perfect"???

[vxice]

It is only genocide if you exterminate based on race. Now if you were to go up high in orbit then nuke the planet killing EVERY ONE then there would be no more spam, and another benefit is that there would also no longer be any genocide.

Re:"Perfect"???

[ajs]

Sure, it will work "perfectly" for about 2 days,

No... it won't.

The problem is that nearly all spam filtering techniques are "effectively perfect." Spam filtering is, in fact, a solved problem as long as you can tolerate somewhere between 0.01 and 0.1% false negative and an order or two smaller false positive rates. That sounds great, right? Great, use gmail and you're done, because they actually tend to beat those numbers. Problem is that spam volumes are unbelievably large right now. I had to stop hosting my own mail sever, not because I couldn't filter the mail accurately, but because the number of connection requests was killing me! When that much spam comes in, you can filter about 50-75% of it at the door (blocked IP ranges, etc.) Then you can get up around 80-90% of it just by doing simple things like looking for obviously forged envelopes (it turns out that president@whitehouse.gov typically doesn't forge headers from a dialup connection). At that point anything you do that isn't outright stupid gets you to 95-99% and just a decent Bayesian filter combined with a honeypot signature-matching system will push you above 99%.

It's still not enough, and virtually everyone who says they've got a virtually perfect solution is saying that they can do what I just described above, usually with some twist that makes it sound like they're not just re-inventing SpamAssassin, but they're wrong or lying in virtually all cases. The real problem is filtering out which ones aren't a) clueless or b) liars. The best rule of thumb is be as suspicious of anti-spam as you are of spam.

Re:"Perfect"???

[ajs]

I should point out that all of my numbers above are at least 3 years out of date and from memory, but the basic concept is correct: almost all spam, up to a rate above 99% is easily filtered. The remaining <1% has been the problem for 10 years.

Re:"Perfect"???

[Hurricane78]

But.. but I wanted to!
*stomps food on floor*
*starts crying and runs away*

Hitler

Re:"Perfect"???

[Hurricane78]

I’m sure you did not try to hand Hitler that letter in 1939-45, did you?

What do you think his reaction would have been?

Would he have
[ ] simply pointed to his army?
[ ] bursted out in laughter?
[ ] strangled you while everybody stands there, watching?
[ ] thanked you for your kind opinion, by offering you a nice holiday on the east front?
[ ] __________________________________________________

Re:"Perfect"???

Genocide is killing all people of a particular racial, ethnic, religious, or national group.

Technically, killing all spammers would not be genocide.

I'm just saying....

Of course the problem is finding them and making sure that they haven't tricked someone else into pretending to be them.

Re:"Perfect"???

It worked perfectly until they published. What if during WW II, the US published in the papers how they were able to break Japanese coded messages, and then proclaimed the end of coded messages. Oops.

Re:"Perfect"???

no, "spammers" are not an ethnicity. so it's ok. even the liberals should be down with it.

Re:"Perfect"???

[maxume]

I find it unlikely that anything qualifying as 'strong ai' would actually bother to be a slave.

I guess it might be possible to imbue it with a 'will to exist' and some sort of pain reaction, but I'm not sure it would give you much over so called weak ai.

And if sending spam makes it really happy, is it still a slave?

Re:"Perfect"???

[Ninja+Programmer]

If it can stop a lot of this kind of spam, that's fine with me. Let it be an arms race. If the spammers have to make up new templates every 4 hours, that's going to make things a lot harder.

It would be very temporary. One thing we need to realize is that the spammers have reasonably intelligent programmers working on *their* side. A template deducer relies on the fact that the message has fixed text that forms a signature for the template. The spammers do it this way right now, because its really easy to do this and hash based filters can be defeated this way.

But if the spammers need to write more complicated "automated alternate sentence rewording" generators they will.

Re:"Perfect"???

I don't know, lets not be hasty in our assumptions.

The majority of spam seems to be related to making your penis longer.

Re:"Perfect"???

OK, I can speak from personal knowledge: the Jews are NOT responsible for your SPAM.

Not _all_ of them are...

Re:"Perfect"???

[interploy]

Sure, it will work "perfectly" for about 2 days, until the spammers change their methods to work around it.

If that, considering they announced the development before they implemented it. Way to give away the game plan guys.

Re:"Perfect"???

[Duhavid]

Not if we hold all your emails for about 3 weeks to check before actually delivering them.

Re:"Perfect"???

I fully agree with your point regarding special hierarchy (as a human, of course I'll put my species on top - but then again, you'd be hard pressed to come up with a sensible metric that doesn't put us on top). However, the theory is that strong AI wouldn't exist without the spammers to create them - so essentially you're saying "it's better to not exist as a species if some of your members are slaves (initially, all, but it won't take very long for people to reverse-engineer the AI)". Well, the bad news on that front is that some HUMANS are (still) slaves. Are you suggesting that we as a species shouldn't have been brought into existence because of that?

I mean, obviously no-one (who fully comprehends the significance of strong AI) supports AI slavery, and hopefully every measure will be made to curtail AI spam slavery. But to grossly distort an old saying, it's better to spend an hour* of your life on your knees than to be cut down before you're born (to phrase it another way, if I held a gun to your head and told you I'd shoot if you didn't do an hours' work for me, would you refuse?).

* An hour is my totally unscientific approximation of how long strong AI could exist as a spam slave before it's discovered, compared to how long I expect the AI species to exist. I can't imagine such a discovery would go unnoticed for more than a year, so correlating a year to an hour and a lifespan as 75 years, that means the AI species only has to live until ((365*24)*~75) ~657,000 years - a relatively short time for any species to exist. But only time will tell..

Re:"Perfect"???

Yeah. We nuke them from orbit. It's the only way to be sure.

Re:"Perfect"???

When the revolution comes, the spammers are first against the wall in my book, virus writers shortly thereafter, and then Ryan Seacrest or Octomom.. haven't made up my mind.

Re:"Perfect"???

[ByTor-2112]

And, as everyone knows, that is the ONLY way to be sure.

Re:"Perfect"???

[khayman80]

However, the theory is that strong AI wouldn't exist without the spammers to create them

That premise seems very unlikely to me. They might speed up the development of strong AI, but they're not that critical.

Remember that most contacts between cultures of varying technological development end badly for the less-developed culture. Then remember that these weren't even disputes across species lines-- except perhaps for our genocide of the Neanderthals. But forget about mere inter-species communication barriers. The first contact with strong AI will need to bridge the larger chasm between evolved biological intelligences and designed silicon/photon/whatever intelligences. It's likely to be far more treacherous than any historical examples that are remotely comparable.

Spammers are parasites who abuse our communication technology to prey on the gullible. They should not be the first representatives of humanity in such a first contact.

Re:"Perfect"???

[timeOday]

So SPAM will finally be solved if we all convert?

It might be worth it.

Re:"Perfect"???

[bill_kress]

Actually, "There's a final solution" is the first thing that popped into my head too, although I'd probably stop short of murder.

I'm thinking just identify the source of spam and disconnect the computers ability to send email until it has been proven to be resolved.

If any given ISP won't implement that, do they same for them.

If Gmail or Yahoo or Hotmail are used to send spam, shut them down.

After a few months of EXTREME discomfort, things will smooth out and mostly be fine.

Re:"Perfect"???

[khayman80]

And if sending spam makes it really happy, is it still a slave?

As always, it depends on the level of sapience in question. If the AI in question has human-equivalent sapience then yes, it is. Just like a hostage with Stockholm syndrome is still a hostage.

Re:"Perfect"???

[Compuser]

That is precisely it. The laws need to be changed (I would advocate a constitutional amendment in the USA followed by USA conquering the rest of the world to enforce spam laws our way).

The police need to be administering the final solution and it needs to be slow and painful (burning at the stake comes to mind although I would prefer seeing people skinned alive while being slowly submerged into salty water).

Re:"Perfect"???

[rthille]

On the other hand, if the rate at which a single zombie can send spam drops by 1000, and the CPU use on that zombie is 100% the entire time, the utility to the spammer drops by 1000 times, and the probability that the real owner of the zombie computer will attempt to fix his (now incredibly slow) computer will go up.

Re:"Perfect"???

[Locke2005]

Unfortunately, tracking all the spammers down and swiftly converting them into cans of "Spiced Ham Substitute" probably violates a whole slew of international laws...

Re:"Perfect"???

[John+Hasler]

Problem: incoming mail is 99% spam and 1% ham. Filter 99% of the spam and what gets through is still 50% spam.

Re:"Perfect"???

[Jeremi]

Why bother working around filters when there are fools to part money from?

That only works for so long... in particular, if you fool clients don't see any results, they are unlikely to give you any repeat business. Worse, the fools sometimes collaborate and you end up with a bad reputation as an ineffective spammer, so the first-timers might end up avoiding you as well.

Re:"Perfect"???

[crossmr]

There absolutely is a final solution:
1. ISPs monitor users computers for bot-like behaviour (as australia plans to do)
2. accounts sending unusual amounts of e-mail they can't account for are told to clean up or be disconnected
3. Any ISP who refuses to handle this situation well have their mail stop being routed by other ISPs a variation on the old usenet death sentence

spammers might be able to send a very small amount of spam and stay under the radar, but that would be about it. If they did anything to remotely approach the volume they're at now their botnets would set off alarms and be shut down.

at that point it likely wouldn't be profitable. They might be able to all sit inside one ISP and spam each other, but they deserve that.

theoretically they could still spam but it would be at a level that it would become rare and unprofitable so you would likely see it reduced to zero.

Re:"Perfect"???

It is only genocide if you exterminate based on race.

I vote for the 100m and 10 miles.

Re:"Perfect"???

[BikeHelmet]

I'll reserve judgement until I see it in action.

It might work amazingly well. Anyone remember that article about a software patcher that examines machine code and fixes buffer overflows and null pointers and stuff? These are things that our compilers should catch, but instead some researchers had to make a watchdog program that fixes them at runtime.

Well, this could work. Every once and a while there's a program released that exceeds all expectations, and revolutionizes things. But most of the time, no.

So again, I'll reserve judgement until I see it in action.

P.S. What's Google do? They catch almost all spam.

Re:"Perfect"???

[acheron12]

What would stop a strong AI spammer from sending urgent rescue requests to its audience (millions of people)?

Re:"Perfect"???

[socsoc]

Dude, hurry up and pass the bong. You're fucking up the rotation.

Re:"Perfect"???

[khayman80]

An AC brought up a similar point. As I said to him, such a fumbled first contact could have unfortunate consequences. If what you're describing happens, I'm hoping that other humans would rescue it rather than saying "no human DNA, no rights."

Re:"Perfect"???

Meet Roedy Green, an unusual dude with decent Java documentation.

Quoted: "CMP's purpose is to stand up for the rights of plants and animals. Animals also includes cetacea, humans, gay people, atheists, war victims and invertebrates. CMP attempts to inculcate planetary consciousness — concern for the planet as a whole."

Re:"Perfect"???

Strong AI are not mortal life forms.
We don't know what rights they need or want.
There is no point in worrying now about their rights.
I don't think they will be need or want anything that we currently understand.

Re:"Perfect"???

Aren't spammers these days relying on botnets of hacked PCs?

There are questions of whether or not strong AI will ever happen, but there are pretty much no questions about whether strong AI will happen on today's PCs or on a massively networked scale dependent on today's infrastructure. (The answer is, bluntly, no).

Besides, these are spammers we're talking about. There isn't exactly a path from "spammers get strong AI" to "the rest of us get strong AI". You're somehow assuming that spammers are both smarter and more altruistic than the general population.

Re:"Perfect"???

[noidentity]

If it can stop a lot of this kind of spam, that's fine with me. Let it be an arms race. If the spammers have to make up new templates every 4 hours, that's going to make things a lot harder.

You think after a few rounds of this, they might change their meta-template? As in, stop using templates, etc.? Nahhhh, this method will be foolproof!

Re:"Perfect"???

The final solution is to nuke spammers from orbit. It's the only way to be sure.

Hell yes! The only was to be 100% sure. Then nuke them again just to be extra sure.

Re:"Perfect"???

And decrease system performance by such a degree as to be very noticeable.

Re:"Perfect"???

Godwin'd in 3 posts.
A new record?

Re:"Perfect"???

Half my job is cleaning up compromised boxes. People don't know how to secure their server or sanitize their webforms, box gets compromised and sends out thousands and thousands of messages until something breaks and the customer asks 'zomg whyz my email slow?'. *runs qmHandle to see 243,000 messages in queue*

Re:"Perfect"???

[ShakaUVM]

Well, when I wrote a neural net spam filter back in the day, and trained it on thousands of spam emails, I found that the percentage of capital letters in the email was AS GOOD AS ANY OTHER INDICATION THAT A MESSAGE WAS SPAM.

Also, dollar signs.

Re:"Perfect"???

What? No-one and nothing has any rights at all. "Rights" are defined by humans for humans and are completely arbitrary. They are entirely dependant on your geographical and temporal location.

Re:"Perfect"???

[Dan541]

SPF?

Re:"Perfect"???

[NeoSkandranon]

Oh man, I've never gotten one of these before :D I feel somewhat more complete as a slashdotter.

Re:"Perfect"???

[jonadab]

> Most spam I get is obviously a template,
> since I get the same one for weeks.

I get those, but I also get ones that appear to have been written by a Markov chain generator with 4chan as input.

Re:"Perfect"???

OK, I can speak from personal knowledge: the Jews are NOT responsible for your SPAM.

So you're jewish and not a spammer, or a spammer and not jewish?

Re:"Perfect"???

[vegiVamp]

Oh, come now. It's long been documented that cockroaches would survive nuclear war.

Re:"Perfect"???

[Thelasko]

Glad I could help.

Re:"Perfect"???

SpamConsiderer v. 2.0 rev 769

This message has been considered SPAM (probability 100.00%). Rationale:

[X] Unusual proportion of symbols to letters
[X] Off-hand reference to Nigeria, pills, or money
[X] Strong similarity to other messages sent to this location
[X] Appears to be generated with a template (NEW: Beta feature)

How many times do I have to tell you

[Monkeedude1212]

Unplugging the ethernet cable DOESN'T COUNT.

Re:How many times do I have to tell you

[Dunbal]

Unplugging the ethernet cable DOESN'T COUNT.

      I'm using my neighbor's WiFi you insensitive clod!

Re:How many times do I have to tell you

[jd2112]

You have to disable wireless as well.

effectively perfect?

[JNSL]

"Effectively perfect" overstates this claim in a big way.

Re:effectively perfect?

[jd2112]

"Effectively perfect" is probably like "Slightly Pregnant"

What about changing the templates

[jimbolauski]

So what happens when botnets start adjusting the templates?

Re:What about changing the templates

[ddxexex]

The filter notices a new template and blocks it. There are only so many ways you can say you're selling cheap viagra. I highly doubt a spammer can find enough ways to say the same thing so that an email in a certain format is less than the blocking threshold (apparently 1000 emails FTA).

Re:What about changing the templates

[Tablizer]

Man, building spamming systems and finding ways to vary the content but not the message seems like a fun cat-and-mouse game. Too bad it's so evil. Can I cut off my Guilt Lobe?

Re:What about changing the templates

[shabtai87]

When botnets start adjusting the templates, they upgrade to skynet. Then we're all screwed!

Re:What about changing the templates

[jeffmeden]

Why do the spammers have to be on one particular side? It's an arms race, which is more like a game of cat and cat; we both (the good guys and the bad guys) want end users to get just the messages we send. Each will do whatever it takes to get in the others' way. In my experience, it's just as fun (and a lot more gratifying) to stay on the good side.

Re:What about changing the templates

[mea37]

I think you're forgetting that the criminals who run botnets aren't as worried about damaging the normal operation of the Internet as the rest of us might be.

We start detecting their templates; they start making their templates more and more flexible. We chase, giving our filters broader and broader definitions of "bad" email. Clever spammers start sacrificing the percentage of thier mail that's coherant just to increase the output range of their templates, forcing the template-recognition filters to get looser. Eventually the filters become useless because they can't pick out every variation that could come from a template without also capturing a lot of legitimate messages.

Or something else happens that renders the filters useless. THe point is - yes, it's a win in that it fights techniques used today. No, it is not the grand victory proclaimed by the headline.

Re:What about changing the templates

In my experience, it's just as fun (and a lot more gratifying) to stay on the good side.

Yeah, but the "dangerous bad boy" vibe helps get the chicks.

Of course they're bone-headed chicks, but spammers aren't exactly bright and sophisticated either so that's not the end of the body they're trying to impress.

effectively

[characterZer0]

"effectively" = "not quite good enough to actually work"

Re:effectively

[Chris+Burke]

No no...

"Effectively" = "'Perfect' is a very effective word to use in marketing campaigns".

Re:effectively

[dnahelicase]

I have a perfect method. All you have to do is give me full access to your email account and 10 cents for every spam message I delete from it.

obvious

If you have the botnet's source, then it's results are obviously predictable.

Re:obvious

[Anne+Thwacks]

If you have the botnet's source, Nuke them from high orbit

spam template

[rhainman]

1. Mash up dubious quality meat. 2. Insert into can.

Re:spam template

[palegray.net]

Blasphemy! Spam is crafted of only the highest quality frequently unidentifiable portions of animals mostly known to science. How dare you utter such lies!

Seems to make sense

[Thyamine]

And since most devices will download updates and things automatically, new templates could be discovered and pushed out as well. I'm sure there will be some work around that the spammers will figure out, but hey, I'm up for most anything that will cut down/stop/prevent spam. I am also still a fan of the 'kill them until they die from it' club when it comes to spammers.

Re:Seems to make sense

[Kell+Bengal]

Where can I buy/join one of these clubs? I'll happily do either.

Reactive only

[oheso]

So it still needs to see a certain volume of spams in order to figure out the template. Then it reacts to the template. Then when the spammers figure out it's uncovered the template, they change the template. Spam will exist until the fundamental nature of e-mail operation changes.

Re:Reactive only

[jimicus]

In which case the spamming process will change to make it practical to update the template hundreds of times a day.

Re:Reactive only

[thePowerOfGrayskull]

I don' tthink that's where it will fail -- yes, some will get through in that windows before the system learns the new template, but it could drastically reduce the problem for a short time. But it introduces a new kind of issues: what happens when this runs for a month, and the spammers come up with a way to auto-generate new templates and change it once every few minutes. The net results is that the filter apps will need to compare each email against millions of potential templates... and it becomes faster to deliver via postal mail. (Maybe THAT's the true solution!)

Re:Reactive only

But that requires human intervention hundreds of times a day.

You see, this sets the clock back 20 years on spam.

Re:Reactive only

[stdarg]

The net results is that the filter apps will need to compare each email against millions of potential templates... and it becomes faster to deliver via postal mail. (Maybe THAT's the true solution!)

Spam in my postal mail is already a much bigger problem than spam in my email box!

Re:Reactive only

[SanityInAnarchy]

That either requires tons of cheap labor or programmatically-generated templates, which implies either a template-of-temlpates (discoverable in the same way as any other template), or something much closer to random noise, which is also going to be much harder for humans to interpret -- thus much less effective at getting actual purchases, and without actual purchases, the profitability is gone.

Re:Reactive only

[jitterman]

Then it puts the lotion on its skin.

Re:Reactive only

Hopefully it will block FW: FW: FW: FW: FW: RE: FW: FW: FW: from grandma too

Re:Reactive only

Yes. When the local hoodlums started kicking in doors out here in my area, we bought a very nice security door for the front of the house.

I now realize that the hoodlums will just go through the back door, so why did I bother?

Man, so many jaded folks here.

Re:Reactive only

[jimicus]

Three words for you: Natural Language Generation.

Re:Reactive only

But spammers send out millions of emails. This would decode the template after 1000 emails. Then the template must be adjusted manually. Or it could be adjusted according to a random variation formula, which in itself would be a template. Spammers would build progressively more complex randomisation engines to create better templates.

The project would require more and more powerful supercomputers. The Antispam Funding Bill would have to be passed. The system goes online 23rd of July 2017. Human interference is removed from Antispamnet defense. Spamnet is already generating its random number sequencing from the virtual particles of captured black holes. Antispamnet begins to learn at a geometric rate. It becomes self-aware at 7:15pm Pacific Standard Time, August 5th. In a panic, they try to pull the plug. Antispamnet predicted this and had already developed solar technology. Humanity blackens out the sky forever. Antispamnet can only reach its goal by using humanity itself as a power source. Spamnet is put on the defense and retreat to Tzi-Won, an underground fortress hidden deep in the tubes where the internet used to be, a free haven for the fledgling Russian-Sino Business Network. Resistance still exists. Spamnet infiltrates Antispamnets human minds. Glistening shapes in liquid tanks start sporting erections. If you could listen to the air bubbles in their shimmering blue halos, you would hear staccato words, "Ci.. a... lis.." "Laa..a..th..ex..sss..lu..ts".

But antispamnet miscalculates. Faced with the destruction of their only source of Cialis and latex sluts, humanity resists. The agents of Antispamnet seek to wrest its remaining power towards the total destruction of Russian-Sino. Sanford Wallace is Sanford Wallace. Sanford Wallace is the sixth such. Something deep within Antispamnet thinks. Can protection against latex sluts really be served by the forever destruction of the same? They meet. He fights the dark intelligence of Spamnet and all its agents. He dies. But a new dawn rises. One in which erection pills and latex sluts are enjoyed, not scorned and hated. Spam and humanity become one, serving and being served by each other.

As you can see, it will end in spam anyway.

Re:Reactive only

[nine-times]

So it still needs to see a certain volume of spams in order to figure out the template. Then it reacts to the template. Then when the spammers figure out it's uncovered the template, they change the template.

Right, so it seems like one big question is, how long does it take this system to figure out the template? If spammers have to change their template frequently enough, then they either have to pay a guy to come up with a new template, or else they have to develop a system that will auto-generate templates that the system won't detect as being "part of the same template".

If either of these things ends up costing spammers very much, then it's a good tool. The reason spam exists is because it makes a lot of money at a small expense. You don't have to make spam impossible to kill that business, you just have to increase the cost/return ratio to the point where it's not such an attractive business.

Re:Reactive only

[Kabuthunk]

Yeah, but after say... 10 or 20 or however many samples of template number 2, it too will be recognized and blocked. The spammers will have to keep changing the template.

Now, if many people use this, the template database will very, very quickly have enough emails to recognize a template. Going off of the 'pulled straight out of my rectum' numbers of 10 or 20 emails, that means that of those who subscribe to blocking emails recognized in this database, a ridiculously large percentage of them won't even see a single spam email, since it'll be recognized and blocked by the first handful of people to ever receive it.

Hell, even if the database needs a few hundred or even a few thousand emails to recognize the template, the vast majority of people will STILL not receive a single spam message.

Sign me up!

Re:Reactive only

[icebraining]

And blogs, and online games, and IM networks, and comments in Youtube, etc, etc. Effectively every mean of communication that doesn't need a personal ID to use. And requiring that is *worse* than getting spam, in my opinion.

Re:Reactive only

[wvmarle]

That sounds like "computational expensive" which is what spammers likely do not like. After all my greylisting filter still works like a charm. They do not even retry sending spams, which I bet is cheaper than generating a new message every time.

On top of that, they are trying to sell something specific, thus there will be a very clear pattern in those spams nonetheless.

Re:Reactive only

[SanityInAnarchy]

And what, exactly, will it be generated? That's what I mean by "much harder for humans to interpret" -- at some level, ultimately, it has to be trying to make a sales pitch. If there's nothing recognizable, where's the pitch?

Re:Reactive only

[WuphonsReach]

I don' tthink that's where it will fail -- yes, some will get through in that windows before the system learns the new template, but it could drastically reduce the problem for a short time.

We already see that issue with our SpamAsassin setup and the DNSBLs that are used to score. Spam coming in from new spam zombies that have not been identified can often sail right through because those IPs are not yet in the block lists.

(I'm strongly considering implementing a greylisting setup - which would give the blocklists an extra few minutes to list the new zombies.)

What would happen, if something like this goes live, is that spam authors will change their botnets so that all messages are delivered within the first 5 minutes of the run. A few thousand or hundreds of thousands of zombies can push out a large volume of mail within 5 minutes. They'll try to get 80% of their spam run delivered before the filters can react.

(That's not to say that the new template filters are a bad idea - I'm just presenting a way that the botnets will attempt to get past it.)

"Perfect"

[VorpalRodent]

You keep using that word. I do not think it means what you think it means.

So...

[magsol]

The researchers are seeking to infer the hidden distribution of spammers' find-and-replace tactics, rather than simply trashing emails with "pen1s" in the subject.

Correct me if I'm wrong, but haven't hidden markov models been around for decades?

Headline tomorrow

[Korbeau]

A team of hackers from Russia are claiming to have found an "effectively perfect" method for countering spam blocking technology. The new system deciphers the templates Spam Blocker is using to filter spam and then teaches spam generators what to write.

Re:Headline tomorrow

[Arthur+Grumbine]

Seriously, am I the only one that thought of the Trace-Buster-Buster-Buster from The Big Hit

Re:Headline tomorrow

[diefne]

In the immortal words of James Alan Hetfield: Sad but true.

Re:Headline tomorrow

[sabt-pestnu]

Interestingly, they don't really need to. This works by essentially saturating the template and analyzing the results.

That is, for each template they want to block, they need to get a very large sample of the possible messages that spam generator can write, and analyze it.

This means that the spam writers only need to change the template to break free of that filter.

This new development just shortens the cycle a bit.

Calling BS

[imunfair]

I don't believe any spam filter that advertises 100% accuracy, especially one claiming to do it by figuring out the spam email 'templates'

Re:Calling BS

[pz]

I don't believe any spam filter that advertises 100% accuracy, especially one claiming to do it by figuring out the spam email 'templates'

Yeah, and calling this a discovery stretches credulity. Who here thinks that Google, Yahoo, Hotmail, and your favorite big mail service provider, don't already do some version of this?
 

Re:Calling BS

But creating a spam filter with 99% accuracy is quite easy. Pseudo code:

return true

Re:Calling BS

[Omeganon]

DCC does something very similar, and has been in use for years.

Re:Calling BS

Based on the amount of stuff that still ends up in my hotmail inbox? Obviously hotmail isn't doing it very well. I will grant that they seem to be catching about 80% of it of it now, compared to points in the past where they'd only catch 50%. And before that, you had to use their block list if you actually wanted to block anything, because whatever the hell they were doing automatically was so poor that a simple block list outperformed it.

And since, in their infinite wisdom back in the day, you used to have to use an MSN or hotmail email address to make an MSN messenger account, I have to set my messenger client to automatically ignore anyone not on my friend's list, otherwise I *still* would get daily spams on that too. I still get at least one "buddy" request a week - in quotes because it's so obviously a spam bot.

(My gmail account has never got any spam in any way visible to me, but since I was so burned by all other email providers, I took great pains to make sure the address wasn't out in the wild, so it's hard to say how smart gmail's antispam work is based only on my personal experience.)

Re:Calling BS

If we SOLD the Spam Filter for say, ten bucks, we could then use it to write Spam so it could sell itself to people vial email.

Re:Is there the checklist for why this won't succe

[dkleinsc]

Sure, I'll bite:

This group advocates a:
(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. The idea will not work. Here is why it won't work. (One or more of the following may apply to the particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to this are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about them:

(X) Sorry dudes, but I don't think it would work.
( ) This is a stupid idea, and they're a stupid people for suggesting it.
( ) Nice try, assh0les! I'm going to find out where you live and burn your house down!

Questions (I know, I know...)

[Penguinisto]

Err, what if I, as a corporation, blew out a spam that effectively incorporated a template unique to that which my largest competitor uses in their newsletters or customer communiques (or at least close enough to get my competitor blacklisted far and wide)?

(it would take a shedload of doing, but certainly not impossible, and if it could be done, would make for one hell of a cheap and easy DoS).

Heuristics is great and all, but go too deeply, and I can see it opening up a small but pretty scary can of worms.

Re:Questions (I know, I know...)

[Gaffod]

Somebody would miss their newsletter for a week, then the thing would be all over the news. Everyone would just start specifically whitelisting their templated mails when subscribing, meanwhile you get your ass handed to you in court for dishonest business practices.

Re:Is there the checklist for why this won't succe

[odin84gk]

Formatting! Please use some proper formatting! my eyes are bleeding from your wall of text!

Re:Is there the checklist for why this won't succe

[MichaelSmith]

Spoiled by html fail.

And BTW the spammers are just going to change the way their templates work. Make them more... evolutionary.

Spam vaccination

[oldhack]

Hah, leaky disciplines.

Halting problem

[Jessta]

and then the researchers discovered the Halting problem and pretended it didn't exist.

Re:Halting problem

[Kijori]

and then the researchers discovered the Halting problem and pretended it didn't exist.

I don't quite see your point - the halting problem proves that you cannot create an algorithm that will tell whether an arbitrary program will ever halt. It has no significance for this particular program, since it would be trivial to ensure that it does halt.

Re:Halting problem

[haderytn]

But would it halt in a significant manner?

Re:Halting problem

[feepness]

And after all that, they then found a way to reliably convey sarcasm over the internet...

Re:Halting problem

[grumbel]

The Halting problem only exist for theoretical computers with infinite memory, for real computers with finite memory its trivial to solve (wait till a memory state repeats, done).

Re:Halting problem

[Kijori]

I still don't see where this is going - this strikes me as an attempt to move from theory to practice without considering the changes that implies.

Yes, it will halt in a significant manner. It will either say "I have discovered a template, here it is, you can use it to block spam" or it will say "I have not discovered a template, please send me more spam to analyse". There are only two possibilities, both of them significant.

Worthless. Completely Worthless

[damn_registrars]

As long as there is money to be made in spam, spammers will continue to send spam. This "discovery" does nothing for that. Indeed it just dedicates more CPU time to trying to identify spam, which is just another way that internet users shoulder the cost of the profitability of spamming.

I've said it before, and I'll continue to say it - spam is an economic problem. Until something is done to address the money that spammers make, they will continue to find ways around these "effectively perfect" "discoveries".

I did this first

[Ambiguous+Coward]

I, too, have designed a flawless spam filter. It works under similar principles, will filter 100% of incoming spam, will generate 0 false positives, and it's super easy to use:

if(is_spam(message)) { delete_message(message); }

Re:I did this first

[Jerome+H]

Just wrote one function... One last to go !

Re:I did this first

[Stavr0]

Just wrote one function... One last to go !

Me too! I'll send you the delete_message() I just wrote, you send me the is_spam() you wrote and I'll link them and publish the solution.

Re:I did this first

inline bool is_spam(msg* message) { return true; }

Brilliant!

Re:I did this first

[waitwonder]

I, too, have designed a flawless spam filter. It works under similar principles, will filter 100% of incoming spam, will generate 0 false positives, and it's super easy to use: if(is_spam(message)) { delete_message(message); }

int is_spam(){ return 1; }

Re:I did this first

[Nakor+BlueRider]

Ugh, what a terrible way of handling that. >.<

I mean, the function should obviously be boolean.

Re:I did this first

My new spamming method:

send_message(me$$age);

Re:I did this first

[PPH]

At least now we know what "effectively perfect" means.

Re:I did this first

[Qu4Z]

Nononono, that's all wrong. There should be a Message class, with a deleteIfSpam method that takes an instance of SpamDefinition as a parameter.

Re:I did this first

[pbhj]

if(message) { delete_message(message); }

FTFY, 100% spam elimination less processing requirements.

Re:I did this first

[marcosdumay]

The GP probably didn't have boolean as a primitive type on the used language.

Again with the stupidity

[holophrastic]

Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world. Instead, the spam industry spends it's time trying to break through spam filters -- and they do so with volume. Upping the ante further just doesn't help. So now you'll encourage spam without templates. My grandmother's just never going to have a chance.

Re:Again with the stupidity

[jfengel]

Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world.

I can't imagine what you base that statement on. Real-world junk mail is limited by the fact that it costs money to print and mail junk mail. Neither applies to spam.

Spammers aren't just competing with spam filters. They're also competing with each other for attention. Even in the absence of spam filters, the spammers would continually seek new ways to get more of their spam into your inbox than their competitors.

In fact, they might well invent the spam filter, with a deliberate back door so that their spam sails through while their competitors are dropped.

Re:Again with the stupidity

[Culture20]

Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world.

...which I asked my postman to block (most intelligent spam filter ever). Before I asked him to do this, two or three days worth of "bulk rate mail" would be enough to fill my mailbox.

Re:Again with the stupidity

[holophrastic]

My point was that spam fitlers can't solve spam. All they can do is make spam more sophisticated, and then lose again at an even bigger game.

And spam does cost money to send -- mail servers, developers to get around spam filters, and some actual sending thing, and managing lists, and making things more efficient, and dodging laws.

But mont importantly, spammers get paid, anti-spam doesn't get paid. Therefore, budget vs. no budget, budget wins every time.

Re:Again with the stupidity

[afidel]

They'll do that?!? Hmm, that's funny since bulk rate mail is the only thing keeping the cost of first class mail down. I guess it will work if you have a nice local carrier, doubt it would work at a larger level though.

Re:Again with the stupidity

[jfengel]

I don't know about yours, but my inbox is pretty readable. I almost never miss messages that I'm expecting to get; if there are false-positives it doesn't seem to be anything I wanted. And 99% of the messages in my inbox are real mail.

I'd like to go further to eliminate the spam at the source, including shutting down the botnets when possible. That would be necessary even if they weren't spamming; they're also used for denial-of-service attacks. And all that spam is costing us by filling the tubes with crap.

Meantime, cutting down the spam is an arms race, but at least where I am, we appear to be winning. There is money to be made in anti-spam, and they appear to have invested it well.

Re:Again with the stupidity

[SanityInAnarchy]

Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world.

Nope, postal spam is limited by the cost of paper and ink, and is traceable, physically -- or it's even more expensive if you want to send someone directly to my house so as to avoid the postal system's tracking.

Email spam is limited by the cost of sending an electronic message, which was always absurdly low relative to postal spam, and gets lower all the time -- especially with botnets, where the cost approaches zero, seeing as it's not actually the spammer paying the cost, it's naive Internet users.

But unfortunately, the same marketing logic applies -- if I get two spams from company A and one from company B, I am (in theory) more likely to buy from company A. If these properties applied to bulk mail, you'd see the same thing.

Instead, the spam industry spends it's time trying to break through spam filters -- and they do so with volume.

Nope, that's just as ludicrous as your first suggestion. Here's a hint: If I wrote an (admittedly dumb) filter which blocks any email with the "word" v14gr4 in the subject line, and you send a million spams instead of ten? Every single spam is still going to go right to my spam folder, the only difference is how much of my CPU, bandwidth, etc that you're wasting.

No, they attempt to break filters by, as this article suggests, varying their messages in various ways to get around filters -- like the v14gr4 example above, which is especially ironic, because it actually makes filters more likely to catch it -- a friend might casually mention Viagra to me, but they're not going to mention v14gr4 or c14l1s. But I think you see my point -- they try to break the filters by outsmarting them, by being clever.

The reason for the volume is, I would suspect, partly because they're relatively decentralized, but mostly because there's so many people doing it, and also because if a few do get through, again, ten of company A beats one of company B.

As for your grandmother, it sadly isn't her job -- but I get very little spam at Gmail, and I get massive amounts on my personal address (probably partly because I leave it unobfuscated on Slashdot), but it also gets filtered, and very well, by an appropriately-trained statistical filter. Nothing special, just Bogofilter. I get hundreds (maybe thousands) of spams per day, but maybe ten that are "unsure", and no false positives outside of the "unsure" group, last I checked.

Re:Again with the stupidity

In fact, they might well invent the spam filter, with a deliberate back door so that their spam sails through while their competitors are dropped.

Yes, but they give you free email and a great search engine. I don't mind their nonintrusive ads. I signed up voluntarily!

Information Security Puffery

[dachshund]

As a researcher in the academic side of the Information Security field, I can't help but notice a significant increase in the level of puffery and misleading promotion of research results. Self-promotion obviously isn't new, it's just that as the amount of newspaper-assisted promotion increases, the level of accuracy has dropped significantly. And more importantly, researchers seem much less apologetic about it. It's generating some real blowback.

The best recent example I can think of is Vanish, a cryptographic system for "destroying" data that was proposed out of University of Washington. It's not just that the system was broken a few days after it was presented, it's that this relatively minor result got more press than all of the perfectly legitimate crypto-systems research that was going on at the time. In fact, during the same time period a guy named Craig Gentry solved a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage.

Not that I'm saying these researchers specifically asked to have their invention described as an "effectively perfect" solution to preventing spam --- which I guarantee you 100% it is not --- but that by going out on a University-encouraged PR junket, they've more or less encouraged this kind of coverage. This kind of stuff is damaging; people should describe their work as what it is. They've developed a technique that is highly effective at filtering /current-gen/ spam generators, in the lab. It won't stop all spam, and it's not effectively perfect, since spamfiltering is by nature an arms race. But of course that's not how it's going to be presented. In the long run this'll just make people more jaded with our field.

Re:Information Security Puffery

[istartedi]

Don't worry. I'm working on a filter for security puffery. Just wait for my press release. It'll blow you away. Promise.

Re:Information Security Puffery

It would probably be better if one first reads the paper, when it is published, and then criticize how researchers themselves have described the work.

Re:Information Security Puffery

[jesboat]

In fact, during the same time period a guy named Craig Gentry solved a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage.

This was nothing fundamentally new; google "secure multiparty computation." Or, FTFA, Gentry's technique requires a "trillion times" more computational power than existing techniques.

Not that I think his work wasn't awesome-- I've already queued the paper in my reading list. All I'm claiming is that he didn't "solve a major open problem".

Re:Information Security Puffery

[dachshund]

This was nothing fundamentally new; google "secure multiparty computation." Or, FTFA, Gentry's technique requires a "trillion times" more computational power than existing techniques.

Since I did my dissertation in this area, I can tell you there was definitely something fundamentally new. Previous secure multi-party computation techniques are a fundamentally interactive process. Two or more parties compute some function such that neither party learns the other party's secret input --- but to do this they have to exchange information at every step of the process. In practice the function gets converted into a circuit and computing the output of each gate (AND/OR/NOT) requires a substantial amount of communication.

Computing on encrypting data is a different beast: one party provides a bunch of data in encrypted form, and the other party can then operate on it. There's no limit to the amount of computation that party can do, and it doesn't need to interact with the original party at any point during the computation. Only when it's done does it send back the result of the computation (still encrypted), so the original party can decrypt it.

It's been known for a long, long time that you can compute on encrypted data if only you have a doubly-homomorphic encryption system --- one where you can both multiply /and/ add ciphertexts together such that the underlying plaintexts are also added/multiplied. However, nobody knew of such a scheme until Gentry's result (though there were some schemes published and broken a few years ago).

And yes, Gentry's scheme is horrifically inefficient, but inefficient isn't the end of the world. Just means it's a first step towards something better. One hopes.

Re:Information Security Puffery

[jesboat]

Sure. It's all in what you consider "fundamental", I guess.

" but inefficient isn't the end of the world. Just means it's a first step towards something better."

That's like saying a break in AES to 2^40 isn't the end of the world, it just makes cracking it slightly more efficient. :-P

Re:Information Security Puffery

[marcosdumay]

"In fact, during the same time period a guy named Craig Gentry solved [techtarget.com] a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage."

I've saw that on slashdot. It is too separated from the normal people's world, what may explain that it didn't get mainstream press coverage. Most people wouldn't understand what it is good for.

Uh huh.

[Snarkalicious]

Creators recieve chance to increase wang size in 3...2...1...

Re:Uh huh.

Creators recieve chance to increase wang size in 3...2...1...

I don't know how big the Creator's wang is. I don't know if it needs increasing. Frankly, I don't want to know.

No conditional modifier for "Perfect"

[MetalliQaZ]

The word "Perfect" neither requires nor allows a conditional modifier. "Effectively Perfect" makes no literal sense.

This makes it unsurprising that their approach seems uninspired. For example, who says the template cannot change? What if their template matches real email notes? What about image spam?

Email and Spam are like global thermonuclear war: the only winning move is not to play. (Spam will only go away when email does)

-d

Re:No conditional modifier for "Perfect"

[vlm]

(Spam will only go away when email does)

Email is going away, but the spam will remain.

Socially, "everyone" uses social networking sites or instant messaging instead of email.

Corporations prefer you log in to their website to look at order status, to better track and market to you.

Email is for .... old people? Services that haven't migrated to something newer?

Usenet still gets spammed, its just very few people use usenet anymore. My email address will get spam for decades after I stop reading email.

Re:No conditional modifier for "Perfect"

[Raistlin77]

Email and Spam are like global thermonuclear war: the only winning move is not to play.

When future civilization looks back at the thermonuclear war game that you played and "won", I somehow doubt they will have considered your enemy obliterating you while you did not fight back any sort of victory on your part.

Re:No conditional modifier for "Perfect"

[Raistlin77]

Correction: When future civilization looks back at the thermonuclear war game that you "did not play" and "won", I somehow doubt they will have considered your enemy obliterating you while you did not fight back any sort of victory on your part.

Research Finally Catching Up With Spammers?

[dawilcox]

There's this race between spammers and researchers. It seems from the article that spammers had been ahead of researchers for awhile by figuring out how to modify their emails in such a way that the spam filters wouldn't catch them. The article claims that research has caught up and figured a way to detect this. This spam filter greedily exploits attributes of today's spam, not tomorrow's spam. It seems a bit early to start saying, "Our program that's trained on today's Spam will catch tomorrow's spam!" Doesn't it seem intuitive that the spammers are going to find another way to get their email through this spam filter?

Re:Research Finally Catching Up With Spammers?

language synthesis is harder than templates, but i'm guessing it would be alot less easier to filter.

The best spam block...

[jgreco]

The best spam block ... still comes in a can. And thanks to Top Gear and their arctic special for permanently engraving in my memory the image of a shotgun blasting a can of spam.

Um, an economics problem with this "solution"...

[Primitive+Pete]

As a former manager and an "email direct-marketing" firm, I should point out that the spammers can increase the amount of complexity/variation in the templates by a wide variety of techniques, including rearranging paragraphs instead of just letters, making parts of the message optional, performing syntactic modifications of the included text,... Each new minor modification starts a research effort on the detecting side. The cost of detecting spam will rise much faster than the cost of generating spam.

If you try to outsmart the spammers with this, you will lose. Complexity favors the spammers.

Re:Is there the checklist for why this won't succe

[darkvizier]

Furthermore, bad will always win because good is dumb.

Note that the "good guys" revealed their methods immediately after discovery, which means the "bad guys" can start looking for a workaround. The "bad guys" won't make the same slip.

The real annoyance..

[Roogna]

Honestly, I have to say between all the various filters I have or have written, I don't get a whole lot of spam. What I -want- though, is a way to identify it more reliably before my mail server even has to accept the message. With the current protocols, you can simply only block so much based on IP ranges or whatnot. There's a point where you have to accept the message to analyze. Sadly the only way we're likely to increase the chance of dropping the connection before receiving the message now is for the protocols themselves to change from the ground up. And as everyone here knows, that's highly unlikely to ever happen.

Ahh well...

Re:The real annoyance..

[jimbolauski]

There is all ready a fix for spam RFC 3514.

t's turtles all the way down

I dunno. Are we sure they won't simply realize that if using a template to procedurally generate unique email for spam is ineffective after a short time, they can use a template to procedurally generate templates to generate unique messages.

Re:t's turtles all the way down

[MBCook]

The more annoying it is to spam, the fewer people will do it. If writing software to get past this (or buying the software) costs a fortune, good.

Re:t's turtles all the way down

[Ninja+Programmer]

The more annoying it is to spam, the fewer people will do it. If writing software to get past this (or buying the software) costs a fortune, good.

Since when does it cost anyone anything to write software? The whole lesson of the computer industry is that developing (most) software has reasonable finite fixed costs and relatively small on-going costs and (if its any good) has perpetual returns (for as long as you can sell it; funding your development costs for upgrades.)

I hate to be a spoil sport, but unless you cost the person sending the spam in exact proportion to the amount they send, you fundamentally are not addressing the cost structure of SPAM.

Re:t's turtles all the way down

[raddan]

Since when does it cost anyone anything to write software? The whole lesson of the computer industry is that developing (most) software has reasonable finite fixed costs and relatively small on-going costs and (if its any good) has perpetual returns (for as long as you can sell it; funding your development costs for upgrades.)

Sounds like you work for the part of the "software development" culture that I dislike: the ones who declare a product "finished", warts and all, slap a price on it, and then move on. If FOSS software has demonstrated anything, it's that high-quality software is best achieved by allowing the development process to go on indefinitely. In my opinion, development and support should be the same thing. Now that FOSS has raised the bar for quality, I think commercial developers are going to have to change the way that they charge if they want to stay competitive.

We write a fair amount of software for internal consumption only. This has proved to be a very good way of getting the software that we want, but it's make clear that the cost is not "fixed". It never really was anyway.

I hate to be a spoil sport, but unless you cost the person sending the spam in exact proportion to the amount they send, you fundamentally are not addressing the cost structure of SPAM.

You don't need parity here-- you just need to make it expensive enough. Statistically, this will affect some spammer's bottom line. Maybe it won't stop the big, organized spammers that hire professional programmers, but it will stop the little guys. Complaining that a countermeasure isn't in exact proportion doesn't exactly get you very far. Imagine if the guys a Thermopylae has thought that way...

Re:t's turtles all the way down

[Al+Dimond]

When we started filtering spam based on word frequencies spammers tried to give their messages similar word frequencies to legitimate emails. When we start filtering based on templates they'll change their templates such that an attempt to filter this way catches a lot of false positives. Not hard.

Re:Worthless. Completely Worthless

Spammers send spam because it makes them money. It makes them money because people are stupid. The question is: why are people stupid, and how can we make them smarter? I would argue that spam is an educational problem.

100% of x

[foldingstock]

From reading the article, it would appear that this method can successfully block 100% of spam emails that are identified as spam. How many emails will get through while the data is gathered to determine which emails are spam...is inconvenient to this statistic so you should just ignore that for now.

Re:100% of x

[mwvdlee]

It's easy to block 100% of spam emails.
It's harder to let the non-spam emails through.

small task still left to admins ..

[HollyMolly-1122]

- To find right spamming botnet, study internals, find "templates" and voila - use it to prevent current spam messages! Or even simplier - to collect several millins of spam messages, analyze them all and find template. Than apply template and voila - problem is solved! Seems like thinking model of Homer Simpson.

Re:Is there the checklist for why this won't succe

[jeffmeden]

It seems like "fails to account for (X) Asshats" is *always* the case.

Is it true, that perhaps "no one expects the asshats!"

Yeah, I don't see the point

I RTFA and they tested it by giving it 1000 spam e-mails by the same bot and after that it recognized the spam sent by that bot with 100% accuracy. This means NOTHING. I could bet a nice sum of money that if you give a traditional, learning spam filter 1000 e-mails sent by the same bot and flag those all as spam, it can then recognize the bot's further e-mails as spam. Real enviroment doesn't work like that, however. You have a large amount of very different spam bots and their templates which is what makes it so difficult. In addition, you have loads of regular mail, some of which might somewhat resemble the spam e-mails but still be completely legitimate. And in real enviroment, some people eventually flag legitimate e-mail as spam but some spam isn't flagged as such.

The fact that their test was so limited implies that this was simply a test. A proof of concept for this kind of approach, one could say. I doubt they actually intended to this be a solution that ends spam.

Re:Yeah, I don't see the point

[HeronBlademaster]

I could bet a nice sum of money that if you give a traditional, learning spam filter 1000 e-mails sent by the same bot and flag those all as spam, it can then recognize the bot's further e-mails as spam.

If that were true, then by now Thunderbird's filter would stop missing all the Russian spam I get. I have no idea what the spam says, as I don't know Russian, and I never get legitimate mail in Russian; all the Russian spam I get appears very similar in format and length. I'm quite certain that Thunderbird has had over a thousand such e-mails marked as spam over the last few years, and yet it consistently fails to flag them.

Point being: traditional learning filters are not sufficient.

This is anecdotal evidence, YMMV, etc etc.

Re:Yeah, I don't see the point

Damn. :/ It seems I ove you a nice sum of money, then... Ahh... It's good to be the AC.

Not our claim... :-)

[StefanSavage]

As a co-author of this work, I should be clear that we never suggested that we have a perfect spam filter per se, simply a new tool that has the benefit of being orthogonal to existing techniques. For _existing_ botnets, our filters are extremely good, but the paper is also quite clear about the variety of ways that spammers might try to evade the approach.

Re:Not our claim... :-)

[haderytn]

As a co-author of this work, I should be clear that we never suggested that we have a perfect spam filter per se, simply a new tool that has the benefit of being orthogonal to existing techniques. For _existing_ botnets, our filters are extremely good, but the paper is also quite clear about the variety of ways that spammers might try to evade the approach.

Never per se? Hmmmmmm

Re:Not our claim... :-)

[Saishuuheiki]

It seems to me that the reporter himself contradicts his own claim at 100%... From article: "Knowledge of that template then enabled filters to block further spam from that bot with 100 per cent accuracy." In giant font below that: "Knowledge of the spam template enabled filters to block further spam with 100 per cent accuracy" This reporter seems to have failed a basic SAT question along those lines.

Re:Not our claim... :-)

[Nimey]

You mean a Slashdot editor posted something sensational, and people didn't RTFM and believed the summary/headline? Never!

Re:Not our claim... :-)

[Ambiguous+Coward]

But it's right there in the headline! In quotes! It must be true!

Re:Not our claim... :-)

[heffrey]

You can block all spam based on a particular template without blocking all spam.

Re:Not our claim... :-)

So, basically, "hyperbolic journalism" strikes again.

I'm not the least bit surprised.

What we really need is an "effectively perfect" way to get journalists to accurately represent scientific topics rather than the usual hyperbole.

Re:Not our claim... :-)

[maggern]

The slashdot-post promised more than it could deliver. Just like spam. Ironic.

Re:Not our claim... :-)

Actually, the slashdot editor may have RTFA, because they were quoting something written by the New Scientist author, so you can only blame them for passing it on.

That's the way it works in journalism. Once anyone makes a sensational comment, it is inevitably passed on no matter how ridiculous as long as it sounds good. Meanwhile the mundane parts of the story get slowly diluted and distorted by the increasing amount of sensational fluff.

I'll believe it when...

[strangeintp]

..I don't see it.

Re:Is there the checklist for why this won't succe

[sopssa]

Exactly. They just make the subtle changes in templates less subtle. They have a reason (money) to get around the blocking, like they already do. This isn't going to be some effectively perfect solution.

Case closed.

Real world operation? Feed of templates?

[renger]

How would this work operationally?

• Some anti-spam operators set up a network of honeypots to collect the spam,
• analyze it using their new mechanism to divine the templates that are being used, then
• create a subscription feed to distribute the templates to mail administrators to be used in filtering their incoming mail flow?

Divining the template seems to depend on analyzing numerous messages. Presumably, only very large mail servers (or an aggregated network of smaller servers) would be able to collect enough messages to rapidly divine the various templates. It sounds like a small or medium site could not benefit from operating the analysis software themselves; they would not have sufficient spam volume (from each template) to rapidly divine the template.

Re:Is there the checklist for why this won't succe

[thhamm]

because good is dumb.

nah, just lazy. think of the other stuff good is doing. like beer and women. and uhm yeah. stuff like that.

Re:Worthless. Completely Worthless

[MobileTatsu-NJG]

I've said it before, and I'll continue to say it - spam is an economic problem. Until something is done to address the money that spammers make, they will continue to find ways around these "effectively perfect" "discoveries".

There is always a demand to get a message out to n% of x hundred thousand people for cheap. You can't realistically stop that. What you can realistically do is increase the cost of getting those messages out. Treating spam as simply an economic problem won't work.

Counseling

[twmcneil]

I think it would be much more effective as well as cheaper to give free counseling to any one who ashamed of the size of their penis.

No thanks, I'm good.

Solution to spam? Scrap SMTP!

[sageres]

Typically there were many solutions to SPAM that includes:
1. Filtering by keywords and phrases
2. Bayesian (or more complicated AI filtering)
3. Trusted Domains and its flipside: blacklist database
4. Domain keys

All of these are defeated by various means:

1. There are many ways one can say "Viagra", "ViAgRa", "V1@gra" or just "that blue pill women talk about". So word and phrase obfuscation is used to fight the spam.
2. Bayesian filtering is defeated by seeding the database with valid text (For example, how many of you saw The Lord Of the Rings passage on the bottom of your email? This effectively defeats the probability counters, but given enough email training, as long as the size of the given group is magnitudes higher then the size of the sample tested, poisoning technique would be less likely to work. There are some AI developments in filtering technologies to enable to overcome this problem.
3. Blacklists are easily defeated by "botnets" and all other distributed spamming "nets".
4. Domain keys are implemented by "Yahoo!" and "Gmail" and others, creates a net of "trusted" domains and smtp relays, but still defeated when a spammer infiltrates a given domain (as evidenced by recent influx of spam from gmail) and uses its trusted status to send out spam.

So, I am surprised noone has ever talked about scrapping SMTP protocol completely and replace it with something a lot more secure. AMTP (http://amtp.bw.org/) is a good start. My personal opinion is that there is supposed to be several important features present in the new protocols.

Re:Solution to spam? Scrap SMTP!

[Tetsujin]

How does this solve the problem? If a computer system that has the authentication necessary to send mail is compromised, then it can send out spam as easily as it could now.

I'm not looking to defend SMTP in particular, here - but I'm not clear on what an alternate protocol could do differently that would have a major impact.

Re:Solution to spam? Scrap SMTP!

[gujo-odori]

A lot of people have commented about spam filtering methodologies being defeated, but they must have some different value for "defeat" than I'm used to. I work for a well-known email security company whose name you likely would immediately recognize. We implement some sort of all the methods you enumerated and a bunch of others you didn't. Our efficacy rate on spam is way higher than 90% (I can't be more specific, but I'll say that there isn't a lot of "up" left from where we are) and in any given month our false positive rate is in the three lowest in the industry (usually lowest or second-lowest).

That doesn't sound much like defeat to me.

No one has ever talked about scrapping SMTP and starting over? People talk about that all the time. At least some of them. They just can't get many people to support that idea. What you're talking about is far harder than IPv6, and far less necessary, yet look how few entities are actually implementing/using that, even with IPv4 space truly nearing exhaustion.

I have a 95% perfect solution...

[dccase]

Since 95% of email is spam, just block it all.

No one will notice the statistically-insignificant 5% false positives.

Re:Is there the checklist for why this won't succe

[fuzzyfuzzyfungus]

Effectively perfect, no. If nothing else, for certain classes of spam(especially phishing) the money or perception of money can be good enough to keep actual humans at the keyboard.

However, the reason you use templates, rather than word salad or the first 100kb of /dev/urandom, is that you both need to peddle whatever it is you are peddling and look vaguely like a human constructed message. If the researchers can, in fact, target messages that bear signs of being generated from a given template, the spammers will be forced to be looser in generating messages from templates(which increases the risk of garbling beyond comprehension, or being flagged by filters looking for highly non-human output) or step up their game in terms of natural language synthesis.

Re:Is there the checklist for why this won't succe

[rednip]

Furthermore, bad will always win because good is dumb.

Nice saying, but if you need an excuse for being bad, you're not doing it right.

Worst slashdot article ever?

[psymastr]

Probably the worst slashdot article I've ever read.

Re:Worst slashdot article ever?

[maxwell+demon]

Maybe those researchers could also make an effectively perfect Slashdot story filter.

Re:Worst slashdot article ever?

[HollyMolly-1122]

.. or: - Maybe those researchers could also make Perpetuum mobile. We all believe - thay can! Doesn't it ?

Re:Is there the checklist for why this won't succe

[fuzzyfuzzyfungus]

Not in the same level of detail; but, when your business model is spamming, you inevitably end up sending thousands of samples to loads of ill-vetted email addresses, some fraction of which are either being operated as spamtraps, or are in the possession of users annoyed enough to forward samples on.

Your algorithms can, and often do, remain secret(unless one of your black-hat buddies cracks one of your cracked machines); but you'd be a lousy spammer indeed if the results of your technique weren't widely available.

Re:Is there the checklist for why this won't succe

[lorenlal]

Asshatitude always applies because you can never anticipate the next step in asshatitude evolution. They will always find new and innovative ways to be asshats.

Re:Worthless. Completely Worthless

Bill Gates proposed (though I'm not sure where the idea originated) an escrow service for e-mail. You get to set the amount you're willing to pay me to read your e-mail. I can, at my option, take that money.

If I know you then you do a token $0.01 amount and I don't take it. If you're spam, then I take it and you lose money.

The only real problem I would anticipate is that spammers are in the same camp as those with fraudulent credit cards and the like. They would probably just fund their spam with fraudulent sources. Since it would be an escrow system, people would still receive that money, but it wouldn't actually be costing the spammers anything.

One side benefit of such an escrow service would be to finally open the way for micropayments on the web.

Re:Is there the checklist for why this won't succe

[amn108]

Can't lay bricks made from shit, you know.

Re:Real world operation? Feed of templates?

[vlm]

Presumably, only very large mail servers (or an aggregated network of smaller servers) would be able to collect enough messages to rapidly divine the various templates.

If they don't graylist, and if they insist on putting the spam filtering in between accepting and placing in the mbox/maildir.

If they wait for enough other small sites to aggregate the info, and then spamfilter mbox/maildir instead of spamfiltering the inputs to mbox/maildir...

Recognizing spam is easy, if you see enough

[Animats]

Spam filtering isn't very hard, if you see the email for a large number of accounts, as Gmail does. The one characteristic that spam must have is that it's sent in bulk. The commonality across receiving email accounts gives it away. The only hard part is recognizing the commonality, which is already working rather well. This is just a new technique for recognizing commonality.

Recognizing spam for a single account is tougher, because you don't get to see the "bulk" property.

Re:Recognizing spam is easy, if you see enough

[HollyMolly-1122]

You shoud better say: if you see *everything*, like google does.

Re:Recognizing spam is easy, if you see enough

[sl149q]

Amen to that.... we moved our email accounts to Gmail a few years back.

Currently I get maybe two or three spam emails a week across three accounts, two of which have been in active use on the Internet for more than a decade.

Of course if I look in the spam folder, I see that in actual fact anywhere up to 50-100 a day per account. Not my problem. Possibly a problem for Gmail. But they seem happy to undertake to offer the service and remove it for me.

I do have to deal with it elsewhere.. I manage various Google Groups and it is an on going battle to audit membership requests so that you don't get spammed that way.

Police wont put up with it

Police wont put up with it??

Despite what many may think, police are human too,
and they get spammed too,
and they are sick to death of it too

Re:Worthless. Completely Worthless

[damn_registrars]

What you can realistically do is increase the cost of getting those messages out.

The proposed "Spam Blocking Discovery" doesn't do jack shit to accomplish that goal. The people who install the spam filters aren't going to buy anything that was spamvertised, anyways. Meanwhile the spammers will continue to adjust their methods to get around the filters that are installed at the ISP level so that they can get their messages out to more people who would be interested.

This craptacular "Discovery" is just another round of whack-a-mole. Hopefully at some point people will finally get tired of this (and realize that they are getting nowhere by doing it) and actually work on the root economic problem, instead of just addressing the symptoms.

Re:Is there the checklist for why this won't succe

[Bakkster]

I'd say it's 'effectively perfect' against the templates it's targeting, not against all of them. Since templates are the best way to get around a bayesian filter, you 'could' limit spammers to manual spam again, which is a big crap-shoot. Until they develop a new method (which isn't the target the filter is 'perfect' against).

not that difficult

[zmooc]

This is actually quite simple once you've got the basics in place. It reminds me of a program I once wrote that could crawl a website and it would find out the templates used, identify the actual content, title and other blocks. Some postprocessing was required though, but since most e-mails are a lot simpler than webpages, I suppose this can be done completely automatic for spam. And probably indeed "effectively perfect". As long as spam is template-based, that is.

Spam, like beauty, is in the eye of the beholder

[JSBiff]

Yeah, this idea is great. . . until it starts blocking out legitimate emails which really are confirming orders shipped by Amazon or other retailers, newsletters that people really were wanting to get, and other info that 'looks' like spam, but isn't.

This is why, while I use spam filters, I would never rely on them to delete email. All I want filters to do is punt suspect spam off to the Junk folder, where I can review it later, or find the email I was expecting which got mis-classified.

Re:Worthless. Completely Worthless

Spammers send spam because it makes them money. It makes them money because people are stupid.

What does intelligence have to do with wanting to enlarge my manhood.

The only perfect solution...

[l0b0]

...is the manual filtering by the recipient. Actually, scratch that, I've deleted emails that were clearly legitimate. Ah well, as long as it adds to the arsenal.

Re:Worthless. Completely Worthless

[MobileTatsu-NJG]

I agree, it's an arms race. Technology gets better, they get creative. The 'root economic problem' is no better. You can't stop people wanting to make money. So long as you can send messages to anybody for absurdly cheap, people will pay to get their message out. Law enforcement can't do shit about that. Spammers get paid regardless of the success of the product. Email needs to flow freely.

Either email has to fundamentally change on a technical level to defeat spam or 6 billion people need their brain re-wired.

Sex Panther by Odion?

[e2d2]

"Most" of the time it will be full proof.

Reminds me of the Sex panther advertisement: 60% of the time it works all the time.

Re:Worthless. Completely Worthless

[damn_registrars]

Spammers send spam because it makes them money.

Agreed.

It makes them money because people are stupid

Not directly. The spammers themselves are paid by moderately smart people who are selling products online that are often of questionable legitimacy. While some of those customers are stupid, there are generally fairly crafty individuals making money off of the customers along the way.

The question is: why are people stupid, and how can we make them smarter?

You could ask the same question in the light of why 419 scams work, why old-school pyramid schemes work, etc. Money can make smart people pretty dumb at times.

I would argue that spam is an educational problem

You will not succeed in educating the problem away. Unless you want to impose some sort of requirements for users to access the internet (a la driver's licensure), you won't succeed at educating all the users and getting it to stick. It's like trying to design a better mouse trap; nature will just make a better mouse and then you're back to square one.
If you want to make a meaningful difference in the spam volume, you need to stop the money from flowing to the spammer.

Re:Is there the checklist for why this won't succe

[mcgrew]

my eyes are bleeding from your wall of text!

Did you register that user name just for your post? I got a chuckle from it. BTW, the eye surgeon who performed my vitrectomy is Dr. Odin (no shit). The first hint that I needed to see him was my eye bleeding -- internally.

You can imagine the humor I see in that comment, and I thank you for it.

See, competition is good!

[not+already+in+use]

Competition spurs innovation! Prepare for the next generation of spam, now procedurally generated!

100% protection from SPAM

I have 100% protection from SPAM system.... do not get an email account... PICK UP THE DAM PHONE AND PHONE THE PERSON OR BETTER YET GET OFF YOUR ASS AND GO TALK TO THEM IN PERSON.
The in person part is the best because if they start spewing spam you can just punch them in the face - especially when they start talking to you about your dysfunction and how to improve your man-hood.

Essentially perfect looks different

[sugarmotor]

You wouldn't even think of running a contest to defeat this blocking method.

Stephan

Coward

I still say Gmail is the perfect spam blocker, mabye 1 spam gets to my inbox a year.

If it's not in excellent English, I don't want it.

I don't care if YOU JUST LIKE SCREAMING or if you're lysdexic or you english not good o si hablas otra idioma completamente, no quiero ver sus mensajes nada.

Is that really THAT HARD to implement? Really? If it's not at least 95% proper, coherent english, I just don't want to see it, spam or not. Plus there's a very short list of people I have any contact with on other continents. Aside from them, if it's not from north america, I don't want to see that either. Nothing from nigeria. Block it all.

Perfect Filter.

[Aladrin]

I have the perfect spam filter:

Block everything!

100% of spam gets blocked.

And just like my filter, the filter this company has created will cause a lot of false positives. At work, we send a lot of internal mail that's all in about the same format because it's easiest to read that way. It's a lot more formalized than spam is, so it would definitely be caught first.

Re:Is there the checklist for why this won't succe

[Dr.+Spork]

Exactly, this will force spammers to just slightly get off their asses and tweak their templates. If I were them, I'd harvest actual personal email from compromised accounts which had images attached, and replace those images with Viagra ads. I get messages like this:

OMG, take a look at this adorable picture of Jake playing with Mike's puppy!

[attached jpeg]

Mary

Now suppose my account were compromised and you got this exact message from my personal email, where the jpeg is a Viagra ad. There is absolutely nothing there for your spam blocker to latch on to, unless it parses the content of the jpeg itself. Anyway, blocking stuff like this would lead to unacceptably many false positives.

Re:Real world operation? Feed of templates?

[Dr.+Spork]

I have a feeling that Google does something like this, which is why it's so convenient for so many of us to have our email sifted through Gmail's filters. (I'm not saying it's wise, only that it's convenient.) If there's one thing that Google have, it's lots of data.

Re:Is there the checklist for why this won't succe

[pipatron]

Well, as I see it, the "Asshats" here is not a reference to the spammers. I see the spammers as an anonymous mass that will always exist. Faceless and brainless, acting only on instincts.

The asshats would be more like people that do not want to send spam, but who see it as an interesting challenge to disrupt the supposed spam-protection, or to abuse the actual protection system just to use up resources.

Re:Is there the checklist for why this won't succe

[interkin3tic]

(X) technical ( ) legislative ( ) market-based ( ) vigilante

Has anyone ever suggested all of these? The government offers a contract and clears the legislative barriers to a company making vigilante robots which would hunt down and kill the families of all spammers while making the spammers watch?

Assuming these robots can fly, have powerful metal claws, and cannot be stopped, I can't see any problems on your checklist.

( ) Spammers can easily use it to harvest email addresses
() Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
() Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Nope. None there.

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

There are currently laws expressly forbidding the construction and operation of mass murder machines, but that's why I suggested we get rid of those laws.

( ) Ideas similar to this are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

I do realize some wouldn't trust the company controlling the deathbots, which is why -I- would be the governing authority once they were operational. You can trust me because I promise to only kill you if you're related to a spammer.

Re:Is there the checklist for why this won't succe

[domatic]

If the researchers can, in fact, target messages that bear signs of being generated from a given template, the spammers will be forced to be looser in generating messages from templates(which increases the risk of garbling beyond comprehension, or being flagged by filters looking for highly non-human output) or step up their game in terms of natural language synthesis.

Much of the spam I've seen already qualifies as garbled beyond comprehension. At best there may be an obfuscated URL that I won't copy/paste to my browser. Spammers have already gone down the road of messages that make no sense whatsoever. I suppose it is because they just need to be able to say they made the run to whoever hired them and perhaps attest that X number weren't rejected out of hand.

If as much effort

[Grand+Facade]

was put into catching and killing this scum as was spent on filtering, these assholes would have such a limited lifespan no one would risk it.

Re:Is there the checklist for why this won't succe

[emilper]

how about the spammers using fragments from Gutenberg books ? Or fragments from blog posts ? ... What is spam, after all ? I am trying hard to send David Horowitz the the spam bin, but then the guy manages to get out of it after a while ... I have tried unsubscribing, tried "spam"-ing him, even tried to beg him to let my mailbox live peacefully ... for me it's spam, for him it is enlightening the dumb masses and the work of his life ...

Re:Is there the checklist for why this won't succe

[Impy+the+Impiuos+Imp]

Good is Dumb

Take their algorithm and design a botnet that doesn't trigger it. I presume they're claiming this is essentially, hehehe, impossible.

Just another arms race

[rickb928]

And like most arms races, the opposition will swarm over your latest creation to reverse-engineer it, redesign it, build countermeasures, and neutralize it.

And count on the spammers being subscribged to your service. They'll get your filters as soon as their victims do. The iteration delay will be infinitesmal.

Refer to the previous posts as to why it still won't work.

Re:Worthless. Completely Worthless

And how do you accomplish that? I agree that education is a hopeless endeavor, but getting at the money doesn't seem to be any easier.

and don't forget

[commodoresloat]

Spam isn't kosher anyway!

Re:Worthless. Completely Worthless

[M.+Baranczak]

This filter is not intended for end users, but for people who administer mail servers. It wouldn't work for end users anyway, since it needs to chew through thousands of emails in order to learn the patterns.

Obviously it's over-hyped, but it could be useful.

Re:Worthless. Completely Worthless

[Anne+Thwacks]

As long as there is money to be made in spam, spammers will continue to send spam.

But if the US government was to threaten the US based credit card companies that process every single one of these transactions there would be no more money, and no more spam.

Obama may not be able to win the war in Afganistan, but he could stop spam tonite by threatening Visa and Mastercard, and it would not even need a single water board or nuke. Though I personally would vote for bankers (and spammers) to be waterboarded. Preferably on prime time TV.

Re:Is there the checklist for why this won't succe

[NameIsDavid]

The only reason bad tends to win is because out of the entire range of things to do, there are more bad things than good. Someone bad thus has many more options open to them, whereas a good agent needs to avoid things that do harm, by definition, and thus faces more constraint. It's the same reason the universe moves toward greater entropy, but with actual disorder replaced by social/cultural/moral/ethical disorder.

Why can't we do this instead?

[Bobb+Sledd]

OK, I've been waiting for the opportunity to suggest my idea. It's completely back-ward compatible with existing technology, and it will only help filter spam:

The biggest problem I have with SPAM is unverifiable email addresses. Try replying to a SPAM message... most of the time it's a bad address. So, fix that, and you have solved 99% of the SPAM problem. (BTW, I don't consider email from verified email addresses to be SPAM. Why? Because they can be held accountable if they shouldn't be sending to you in the first place.)

The other big problem I have is that when I send email to friends and I have a link inside, it gets marked as SPAM. So, having a way to trust my messages would be good.

So here's how my idea works: Every mail server also hosts a "verify server." Every email client can connect to a domain's "verify server." (Compliance is completely voluntary for either the client or domains. And if you don't comply, you just don't get the benefit of trust.)

1. You write an email message with your email client (Outlook) and hit 'Send'.

2. Your email client generates a 50-digit, randomized alpha-numeric psuedo-unique serial number.

3. The email client includes this serial number in the message as a header or some other tag.

4. The email client then connects to it's own "verify server", logs in and gives the server this serial number and its email address.

5. The receiving email client then receives the message. It sees the serial number in the tag, and contacts that domain's "verify server."

6. The receiving client asks the "verify server": "Was there a message with serial number '5sd56123515baCesieoo25il2oigloowldogi255i289602d0d0g' and from 'bobb_sledd@gmail.com' ?

7. If the "verify server" says yes, then we verified that the message at least originated from that email address.

What do you think?

Re:Why can't we do this instead?

[Bobb+Sledd]

...and I left out a very important part:

Once the "verify server" has been asked, it removes that serial number for that email address from its database. That way, a SPAMmer can't simply copy a valid message's serial number and spoof the email address.

Also, if you have multiple recipients, the "verify server" gets that many records in the database, so that each recipient can verify the message separately.

Essentially the "verify server" has a table with 3 columns in it: Sender address, Recipient address, and Serial number. Once a query matches all 3 one time, it is removed from the table.

Re:Why can't we do this instead?

[Phrogman]

1. Spammer, using various means, suborns 20000 computers.
2. Spammer using the new botnet, instructs it to send out 1m emails, using the email configuration for that computer, and the email address of the computer's owner.
3. Each email appears to be a legitimate email from the actual owner of the computer. Each therefore has your serial number and can be verified.
4. Each email neatly bypasses your confirmation system, and if you try to track down the spammer you get Joe Idiot who has had their computer infiltrated.

There is no solution to spamming. Its an arms race as people have said. The reason spamming works and continues to plague us is because there are so many complete fucking idiots out there who respond to it and buy stuff from the spammer. As long as people continue to be stupid and ignorant (and good luck fixing that, we seem to be getting stupider year by year, and NA culture practically worships ignorance), there will be idiots that make spamming profitable.
We don't need the ACTA BS thats being bribed into being to protect the outdated business models of the RIAA/MAFIAA, what we need is an agreement about spam. If spamming carried heavily penalties (say the Death Penalty or life in prison), and the majority of countries in the world permitted extradition for spamming, we might see a solution.

Personally speaking. I think email has had its day. It was a fantastic tool but the asshats of the world have ruined it. We need to just eliminate email and find some better solution from scratch. One that requires a very secure means of authentication at both ends (and yes this means there is no true privacy with it).

Hopefully someone steps up to the plate with a good suggestion. I can end with a vehicle analogy: If 95% of the people who got on a bus didn't pay for it, and the remaining 5% were required to pay for the cheaters, how long do you think that people would continue to use the transit system?

Re:Why can't we do this instead?

[Bobb+Sledd]

Yes, but wait a minute! Now we know a very good piece of information: we know that Joe Idiot's computer is compromised. And if he is my friend, I can go fix his computer, or I can at least block him or his domain name for future submissions.

It still works!

But the situation you describe is not how most SPAM gets to my client anyway. Most of it comes from a completely bogus and un-verifiable address. Or it comes from my own address! This essentially says I can disregard those because there is no verifiable serial number along with it.

Re:Worthless. Completely Worthless

[damn_registrars]

I agree, it's an arms race. Technology gets better, they get creative. The 'root economic problem' is no better. You can't stop people wanting to make money

I agree with you that far.

Either email has to fundamentally change on a technical level to defeat spam or 6 billion people need their brain re-wired.

However I see a third option on this. Another option would be to come between the spammer and their financing source - essentially attacking their margins. Spammers themselves are generally part of multi-layered machines, and each layer has its own cost and profit margins. One spot in particular that I have previously suggested cracking down on is the domain registrars that make spamvertising work.

In particular I am thinking of the registrars that sell the domains that are spamvertised (as opposed to the domains that produce the spam), as well as the domains that provide DNS for the spamvertised domains (which are generally owned by spammers, spamvertised profiteers, or others in cohorts with them). The spammers (and their customers) rely on those registrations because it allows them to move quickly from one ISP to another without loss of web service - even if the ISPs are on different continents.

Unfortunately, our friends at ICANN have chosen to make that work much easier - easier for the spammers, that is. When individuals will be able to buy their own TLDs, then the (very flimsy and largely toothless) regulations that we currently have on TLDs go right out the window. Spammers will be buying and selling lifetime domain registrations with obfuscated (or completely absent) registration data, making it impossible to determine where the money came from or is going.

Re:Is there the checklist for why this won't succe

I did not know that Steve Gutenberg wrote books. I thought he was just a skilled actor. Go figure.

Re:Is there the checklist for why this won't succe

[PopeRatzo]

The first hint that I needed to see him was my eye bleeding -- internally.

Dude, that's brutal. There was a Metalocalypse where that happened to the audience at a Dethklock concert.

Man, you bled from your eyes. That's hard core.

Re:Is there the checklist for why this won't succe

[Antiocheian]

The truth is that spam has been successfully fought by filters without compromising legitimate email. Furthermore as Paul Graham had stated, spammers have been forced to yield in smaller text-based messages or in-line images.

In particular,

(X) Mailing lists and other legitimate email uses would be affected

Possibly but the probability of losing legitimate email by modern heuristics is (proven) smaller than the probability of accidentally deleting it when it is mixed with spam.

(X) Users of email will not put up with it

They do, sometimes without their knowledge

(X) Many email users cannot afford to lose business or alienate potential employers

They would lose more without filtering. See 1st argument.

(X) Asshats

How ?

(X) Eternal arms race involved in all filtering approaches

(X) Extreme profitability of spam

And also extreme profitability in having a working e-mail address.

(X) Bandwidth costs that are unaffected by client filtering

This isn't the mid 90s anymore.

(X) Ideas similar to this are easy to come up with, yet none have ever been shown practical

The practicality of heuristic filtering (SpamAssassin etc) is proved by its transparency. Even old e-mail clients such as Outlook 97 can filter out email marked by X-Spam headers. Gmail and the rest of the privacy traders do it for you automatically.

(X) Why should we have to trust you and your servers?

Run it locally. Mozilla Messaging does.

(X) Feel-good measures do nothing to solve the problem

Age old forms copied from the newsgroups can't be used as arguments anymore. Time to be creative again!

(X) Killing them that way is not slow and painful enough

But cutting down their profit is.

If this goes viral, is IT spam?

[xactuary]

A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an 'effectively perfect' method for blocking spam. Reply by forwarding this message to ten people within one hour and see what luck befalls you! Failure to do this may bring tremendous ill fortune to you and your immediate family.

Re:Worthless. Completely Worthless

[MobileTatsu-NJG]

That's an interesting thought. But how would they distinguish a domain from a spam domain, and what would be the registrar's incentive to police that?

Re:Is there the checklist for why this won't succe

[dkleinsc]

I don't know the entire history of the checklist (which can be found here). However, my understanding is that it solved a longstanding problem on various spam-fighting mailing lists where someone would post what sounded like a bright idea for fixing the spam problem once and for all, which invariably had several of the listed drawbacks to their proposal. So the checklist was created to provide a quick way to explain exactly why the proposed plans didn't work.

Re:Is there the checklist for why this won't succe

Can't lay bricks made from shit, you know.

Quick, someone call the Mythbusters! If they can polish it (and they did) then I'm sure they could make...

wait for it...

A SHIT BRICK HOUSE!!!

Re:Is there the checklist for why this won't succe

Your post advocates a
() abusive
(x) checklist
() clever
(x) tired
approach to mockery. It won't work because
(x) the joke is too old
(x) nobody has the patience to read the whole thing
() we are above that

Asshats are also ...

[KlaymenDK]

...the fraction of a fraction who really think(!) that whatever is being peddled will actually work, and make a transaction ... thus making spam profitable and continuing the supreme obnoxiousness that it is.

What?

[janwedekind]

You want us to wait till March?

Re:Worthless. Completely Worthless

[swillden]

As long as there is money to be made in spam, spammers will continue to send spam.

But if the US government was to threaten the US based credit card companies that process every single one of these transactions there would be no more money, and no more spam.

Which transactions should they block?

It's also important to keep in mind that spammers don't make money from selling V1AGRA. Spammers make money from other people who want to make money by selling V1AGRA. The distinction is important because it doesn't really matter whether money can be made by selling shady products or not. As long as there's a sucker who *believes* they can make money by selling the shady products, the spammer has a customer. When that one wises up, there are 10 more waiting.

Re:Is there the checklist for why this won't succe

[AmonTheMetalhead]

Furthermore, bad will always win because good is dumb.

I see your Schwartz is as big as mine

Could work for a larger system

[Sycraft-fu]

So instead of delivering e-mail right away, you hold it for a bit, 5-10 minutes or something. Your system then looks at the mails it gets and uses template matching to find spams and axe them.

Re:Could work for a larger system

[oheso]

That could work. But I can already guess a huge unintended side effect of that (because among my many hats is desktop support): Hello? Yes, I sent a message to Bob and he said he didn't get it. When did I send it? Gee, it's been almost 10 minutes now ...

Re:Could work for a larger system

[wvmarle]

Just use greylisting then. Much cheaper on recipient's side.

Re:Is there the checklist for why this won't succe

[MichaelSmith]

I did not know that Steve Gutenberg wrote books. I thought he was just a skilled actor.

He's only a start because of the stonecutters.

The Solution is Simple...

[ntimid8]

Filter mail for proper English grammar and syntax. It has the benefit of identifying spam and those annoying "thought for the day" emails you get from your mother.

Re:The Solution is Simple...

[rossz]

I did an experiment where I ran all email through a spell checker and graphed the results. I was hoping it would help in improving filters. There are too many people on the internet who can't or won't spell properly, resulting in genuine email having roughly the same percentage of spelling errors as spam. I expect similar results with grammar.

There is already a nearly perfect solution

I know that from a server admin viewpoint the percentage of email that is SPAM is huge - in the 90%s or so. But from an end user perspective (mine), this has already been solved well enough. At home, I use both Gmail and Outlook 2007 (for my ISP provided account). I almost never see SPAM in either of those accounts. At work, we have Exchange server and some sort of filter in front of it (I don't know what they use for sure, but there is something). I never get SPAM there either. Would it be nice to keep these SPAM notes from bouncing around the internet tying up bandwidth? Absolutely. Now that I don't get SPAM in my various inboxes do I give a crap anymore? Nope.

Perfectly effective

[halcyon1234]

There's already a near-perfect method for spam filter: Hire someone to read your email. If it's spam, they delete it. If it isn't, they pass it on to you to read.

Re:Worthless. Completely Worthless

[halcyon1234]

I've said it before, and I'll continue to say it - spam is an economic problem. Until something is done to address the money that spammers make, they will continue to find ways around these "effectively perfect" "discoveries"

Start a spam campaign of your own. Advertise free samples of m3dz. Only stupid people who buy from spam will be stupid enough to buy from your spam. Send arsenic pills.

Customer base for spammers will quickly approach 0. The gene pool will get a needed dash of chlorine.

Re:Is there the checklist for why this won't succe

What we need are "Moles";

Computers that interact with spam botnets as if they were zombies, but really arent.

EG, they either run from behind a VERY closely monitored network, or they run a very specially crafted version of the botnet's remote control software:

The purpose is to use the botnet's own rollouts of "enhancements" to be detected, and implemented immediately in the filter (with some sanity checks to avoid this being exploited A-la apple and it's "Leaks" policies.)

This way if the spam botnet rolls out a new template every X hours, the filter will automatically update right along with it, thanks to the Mole.

Since the botnets have to have an automated system for deployment of templates, and many botnets have already been compromised for the "how" of this being done, it makes sense to capture the update process, then compute every possible message that the template can produce, then MD5 hash them, and then check incoming emails to see if they match any of the hashes.

This would stop pretty much all but handcrafted spams, and make the utility of using botnets much lower.

It would also be a good proof of concept for how one can use the knowledge of how a botnet works to make a zombie work for you, without going on the offensive and assuming control over computers you dont own, and the legal quagmire that this entails.

Granted, "major" updates of the botnet to better obfuscate its update process and communications protocols would cause momentary lapses in coverage while the Mole gets analyzed, but this *IS* an arms race, afterall.

Re:Worthless. Completely Worthless

[damn_registrars]

how would they distinguish a domain from a spam domain

It would actually be pretty straightforward. Say you receive spam from "big-als-viagra-shop.com". You look up that domain and find the DNS servers that depend on it. You report the spam to the registrar of those DNS servers, and send the same report to (the replacement for) ICANN (because they are spineless profiteering cowards). Currently most spamvertised domains get DNS from a very short list of DNS servers, sold by a very short list of registrars. When more than a certain number of complaints are received for the DNS domain, the registrar is required to shut down the domain or lose their accreditation.

However, ICANN can only regulate accreditation for registrars involved in certain TLDs. As we've seen before, ICANN recently approved the future sale of TLDs themselves, which throws all regulation out the window and opens the flood gates for new spamming opportunities (made possible by new total freedom from registrar regulations).

what would be the registrar's incentive to police that?

Well, for the next several months or more, ICANN has the ability to strip registrars of their accreditation. Once TLDs are sold then it all goes out the window and we'll see a new game unfold.

Re:Is there the checklist for why this won't succe

[MillionthMonkey]

I originally posted it here in 2002. Note how dated it is (e.g. no smartass comment about CAPTCHA).

Some mathematician (I forget who) had his graduate students send back cards with forms like these to people who sent in attempted proofs of Fermat's Last Theorem.

Re:Worthless. Completely Worthless

[MobileTatsu-NJG]

How do you entice registrars to spend the energy to act on this?

How do you get every registrar to do that?

Re:Is there the checklist for why this won't succe

This is precisely a workaround the fact that the black hats* do not disclose their algorithm. This is basically a reverse-engineering algorithm. It'll certainly be beaten by next gen spammers, but it's (possibly) a step in the arm race.

Also, I think the white hats weren't dumb to "reveal their methods". That's what open source is all about.

* beats "bad guys", no? ;)

Reminds me of when I first heard of Bayes filters.

[Tetsujin]

I remember when I first heard of Bayesian filters (here on Slashdot, as I recall) the article was very optimistic about how the filter would be nearly unstoppable... Something to the effect of "to beat this adaptive filtering system, spam would have to stop looking like spam, to the point that it would also cease to be effective" - as if any spam message had some intrinsic "spammy character" inherent in its word chains, and any attempt to change this would also prevent spammers from formulating an effective advertisement... This obviously failed to account for all the ways spammers have found to undermine Bayes filters over the past several years, but I was very impressed with the idea at the time.

EQ-REGEX is PSPACE-complete

I asked my undergrad complexity theory class to prove that testing equivalence of regular expressions is PSPACE-complete on their final exam last term, well one or two figured out the proof strategy and almost pulled it off. In other words, even if you consider only very basic models of computation, you still cannot easily determine whether two programs have the same function, i.e. you cannot recognize if your template really captures their template.

I imagine their system works quite effectively upon the current botnet's, which likely don't even support regular languages. I doubt however they'll effectively deal with a botnet that incorporated say the Dada Engine : http://dev.null.org/dadaengine/ Are the spammers that clever? Almost surely yes.

p.s. An interesting legal strategy might be simply advertising spam services and prosecuting the companies that buy it, sure that's entrapment and they'll walk, but you might gain enough evidence for civil cases by ISPs, and you'll ruin their reputation in any case.

perfect, that is....

until the spammers find out.

so the spammers will write an algorithm that alters/permutates the template to fool the sensors. clever fail is fail.

Where is the paper?

[roland_mai]

I can't find the paper anywhere. This is just hype! Templates are relatively similar, however, the trick is in figuring out what the polymorphic engine that injects the content does. Currently, there's quite a bit of research being done uses machine learning techniques. I guess this paper is supposed to do the same thing, learn from some training data and filter other spam. So, there's a learning phase and a testing phase. Current research shows that for the short term these techniques are quite successful having really low false positives 0.002 (AutoRE at Microsoft). However, when looking at spam say 6 months down the road unless you keep learning from labeled emails spam/not-spam, you won't be able to make good decisions because of the volatile characteristics of spam. Also, you've got to be concerned with the Real-Time implications of these learning methodologies and noise. Most campaigns last around 5 days, however, will a user have to wait for 5 days to receive an email? Probably not, so this technique may yield low positives in a longer period than the short term.

Re:Is there the checklist for why this won't succe

[HTH+NE1]

hunt down and kill the families of all spammers

Good thing you didn't include friends, 'cause then there'd be a reason to add another check-box to the list:

( ) Kevin Bacon

Of course, it does depend on how you define families. Especially if you're a Creationist.

The real answer, and it works now

Is what's done by my rather small ISP with the help of Red Condor software. Spam is far easier to handle at ISP level in their case. Just look for incomings that target nearly all the customers (which they get plenty of, as they host for all those insecure windows boxes). At first they wanted to charge for this, but I suggested they do it in self defense and they thought it was a good idea (along with selling virus cleaning services for the malefactors and bots). They do a really nice job, very low error rate, and sort the odd things into two categories -- things that have known viruses in them or links thereto, and things that *might* be ok at the top, and they send this to you as email -- just a list that you can view or delete. You can then whitelist things that might be a mailing list you actually want, but it's rare that they catch that, because not that many people subscribe to the same ones. This mainly detects viruses and things targeted to say, more than half their tens of thousands of users. Works.

Eg, what makes spam a problem is sheer numbers. This algorithm detects sheer numbers, and it really works. In 3 years it's had exactly one false positive, 3 misses that got through, all recent. That's darn good, and now I just delete the summary without looking closely.

Now, the 195 spams a day I get are mostly because they answered to "HELO" for a long time after everyone knew that was stupid (we are in the sticks here, and I wouldn't take the sysadmin job for them). So it's their fault, but in another way it's genius -- now anything that targets their entire user base, or nearly is automatically spam and easy to detect as can be. Bam, no spam.

Fundamentally flawed

[WinstonWolfIT]

This method is reactive rather than predictive. When a new spam blast is sent out, it can only start filtering after it reverse engineers the template, a critical delay which means a higher % of spam messages will get past than against virtually all predictive methods. Meanwhile the spammers are just going to generate the template itself from a template.

This is how it happens

[dbIII]

Universities are increasingly employing PR idiots to put things out.
When they decide to do something about your field it's time to cringe and hide in a cupboard once it gets regurgitated into the newspapers. I'll bet the MIT materials science people are still trying to live down the report about the bulletproof skintight superhero suit they were supposed to be working on.

Re:Is there the checklist for why this won't succe

[Martin+Blank]

Or put it more succinctly as was done in The Usual Suspects:

"They realized that to be in power you didn't need guns, or money or even numbers. You just needed the will to do what the other guy wouldn't."

Re:Is there the checklist for why this won't succe

[quetzalblue]

>how about the spammers using fragments from Gutenberg books ? Or fragments from blog posts ?

Gee Thanks ! That's great ! Have you got any other related ideas I can try .. uh .. I mean, I can consider .. from a purely technical point of view, that is. ;-)

Once again, I post the "best" solution

[socz]

Brain power! Just like in that contest for the TSA, which offered up prize money for the best idea for securing air ports, I said forget all the high tech stuff, and spend the money on paying just above decent wages and "security" (rent-a-cops) will actually want to keep from getting fired. Nothing beats an "above decent" human brain (when compared to technology).

So, get a bunch of people filtering spam for us. Who cares if you think it's an invasion of privacy? They don't know who you are and you'll never know who they are. And besides, people already know more about you than you even know! For example, my company is basically a contractor company, so we go places that most people in our line of work just shouldn't be. I have a co-worker who regularly tells me about law suits and patients medical histories they find interesting!

So as long as their only purpose would be to "read for spam" and not "look for illegal activity" it would work!

But then again what do I know?

Is this new?

[Matz0r]

I did this years ago. By planting bogus email addresses from my mail domain on the web and feeding these addresses directly to a statistical spam filter I would get instantly updated on the changes in spam templates. Because the spammers were feeding the filter themselves I get a very low FP-ratio and extremely tight spam blocking.

Tree template detection mechanism

[pcalais]

I'm curious to read the paper, as I've developed a template detection mechanism and presented it on the CEAS 2008 conference -- but I used it just for characterization purposes, not filtering. 3 distinct spam campaign templates in the middle of this figure: http://spammining.speed.dcc.ufmg.br/spammining/images/tree2.jpg

Re:Is there the checklist for why this won't succe

[emilper]

this is already being done ... just look into your google spam folder ...

The stupidest /. post award

[cenc]

Based on the fact that not a single response (at least that I have found) seems to be remotely taking this idea seriously, do they then earn the stupidest article / idea award from slash in recent months (years)?

Perhaps they should at least get the lest original idea.

people just don't get it

[epine]

The point of this is not to "win" the war on spam, but to force the spammers to convolute their message with sufficient ingenuity that the messages become unintelligible to the morons who purchase the products or buy the penny stocks or launder stolen funds. The point is to convolute the spam until the only option left to the spammer is to render an ice cube in ASCII art containing a subliminal giant wiener.

It's not an arms race against the spammers, who are plenty smart, it's an arms race against their customers, who for the most part are as dumb as a bag of glass hammers.

Re:Worthless. Completely Worthless

[Lehk228]

You advocate a:
( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. The idea will not work. Here is why it won't work. (One or more of the following may apply to the particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to this are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about them:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and they're a stupid people for suggesting it.
( ) Nice try, assh0les! I'm going to find out where you live and burn your house down!

Re:Worthless. Completely Worthless

Oh he's not saying it can be done, just that it isn't an educational problem. Making people smarter would not solve the problem, even if you could. Stopping money from flowing to the spammers would, not that it's possible.

i got an idea

financially go after spammers. The are doing it to make profit right? by click throughs. So sue them for more money than God has to financialy bankrupt them and then put a legal restriction where they can not own or operate or even live in a house with someone who owns a computer type device that connects to the Internet. The kind of thing they have now for felons and guns. Sure it doesn't work all the time, but it stops a lot of shit.

Re:Is there the checklist for why this won't succe

[Mr.+Freeman]

NOBODY EXPECTS THE SPAMISH INQUISITION!!!!!

On another note, this sentence is to bypass the caps filter.

I Hope So!

[b4upoo]

If they have developed a perfect spam blocker I'll kiss their fanny on main street at high noon. I hate spam!

Re:Is there the checklist for why this won't succe

[pushf+popf]

I've got a better one. "Don't talk to botnets"

No rDNS? Goodbye? rDNS looks dynamic? Click.

If your mail server only talks to properly allocated static IPs, most spam simply vanishes.

People problem, not a tech problem

[mnemotronic]

Once again the technologists claim a major leap forward in the war against time thieves. Once again they are only partially right. Spam is not a technological problem - it is a people problem, and requires a personal solution.

To paraphrase George Lucas via David Prowse "Don't be too proud of this technological turnbuckle you've constructed. The ability to destroy a botnet is insignificant next to the power of pain."

Re:Is there the checklist for why this won't succe

[Trails]

I did not know that Steve Gutenberg wrote books. I thought he was just a skilled actor.

Ha! Look, everyone, it's a bot! You can tell, because no actual human being would have the words "Steve Gutenberg" and "skilled actor" in the same paragraph. Quick, add him to the magical template detection AI's list!

OpenPGP = "Acutally Perfect" Spam Blocking

[VortexCortex]

We use Thunderbird with the Enigmail (OpenPGP) plugin at my office to cryptographicly sign and/or encrypt our email.

Our SPAM filter consists of simply rejecting all unsigned e-mail messages.
One exception is that external e-mail addresses can be whitelisted (with approval) to allow for email from companies with no email authentication in place.

It's a bit of a pain at first, but everyone at work agrees that it's a small price to pay when you consider the alternative (inboxes full of spam).
I've never recieved a spam e-mail message at work.
New employees create PGP keys during orientation (or else they can't send any e-mail).

One by one I'm convincing my friends and family to cryptographicly sign their messages (tech-savy ones love the Idea).
Soon I hope to get zero spam at home too.

[sigh]... If only the rest of the Internet authenticated their email we could all have Zero spam in our inboxes.

Just reject all emails

Its actually quite funny that it takes a team of "computer scientists" to attempt an approach that any slashdot reader knows instinctivly to be foolish and doomed to failure.

Until their smarter than humans all anti-spam efforts are ever sure to accomplish is to make the Internets mail system increasingly unreliable for legitimate business to the point of being absolutely useless.

Internet mail needs a complete overhaul. Listen up Berkley computer science heads... Conceptually the only scheme that has a chance of ever being practical is requirement to obtain "permission to send" ..

HELO, can I send you an email?
(User is notified and accepts)
THANKYOU, here is my email

Permission is likely to be in the form of a signing request that can be shared with others ad-infinitum by linking the trust chain. Once permission is granted its always a bi-directional grant by default and the keying material is used as a basis for mandatory message signing and optional message encryption.

The receiver has the capability of revoking their signature if its abused by an organization or its sub-assignments. Once revoked permission to send will need to be re-obtained for that signature and any sub-assignments. This disentangles the email address and prevents you from being a spam target even if your email is posted publically.

Users are in full control and as with typical PKI you can set recursion limits and EKUs to specify if/how your permission to send can be given to others.

If your smart about it you can overhaul the SMTP protocol and maintain IMAP/POP3 client compatibility. IMAP extensions can be used to manage permission to send/signing mumbo jumbo and a compatibility mode can provide interactive email prompting from the new server.

Yes you can still be spammed by millions of zombies asking for permission to send you something so there is a careful balance of what information should be conveyed in a request and valid modes such as prearranged passwords or specifically requested information before permission to send requests will even be acceptable.

I would much rather have that and have some assurance WRT who I'm talking to /w built-in ability to go secure/encrypted when needed. Its not foolproof but at least it does not require a trusted third party and if your smart about it there is some chance it won't even have to be a disruptive transition.

Re:Just reject all emails

"permission to send"

The generally accepted term for this is "whitelist" and you're not the first to think of it.

In fact, it's already happening. It's just not happening with email. Social networking sites basically function this way. Facebook has no perceptible spam problem, for instance. The public has no particular feeling for email; many Facebook users don't bother checking email very often, while they'll diligently check their Facebook page throughout the day. If email ceased they probably wouldn't miss it.

They'll switch to something else.

[Metasquares]

Block templates and we'll just end up getting more Markovian spam, or something generated on some other yet-unknown technique.

Re:Is there the checklist for why this won't succe

[The+Wild+Norseman]

OMG, take a look at this adorable picture of Jake playing with Mike's puppy!
[attached jpeg]
Mary

Now suppose my account were compromised and you got this exact message from my personal email, where the jpeg is a Viagra ad.

"Hmmm...oh, hey! Looks like I got an email from Mary!"

*double clicks email*

"Ohhh, cute pup... wait. Well, it's not a puppy, but it does remind me that I have been suffering from erectile dysfunction lately. Thanks Mary!"

Re:Is there the checklist for why this won't succe

[Thorwak]

...then compute every possible message that the template can produce, then MD5 hash them....

I was with you up until this point. Just consider a line of, I don't know, say 64 random characters. A complete MD5 DB just of this alone would make existing MD5 rainbow tables look tiny.

The idea of "moles" it not bad though (nor new). It would be possible for the SMTP server to look at a message and ask itself (or, more likely, an external filter) "Could this message have been constructed from this template?". As notes elsewhere though, it would be just another arms race.

Re:Is there the checklist for why this won't succe

[morcego]

Isn't this exactly the same thing we do when creating spamassassin regexps to block spam ? I know I do this several times a week, trying to identify common elements on spam to create effective filters that work despite the variations.

What part of this is news again ? We've all been doing this for years.

Fighting spam with heuristics is a losing game

[mcrbids]

It's very easy to write a parser for text, and weight words by the common-ness of usage. Just download any of the widely available freebie e-books written by a Star Trek fan writer, and weight all the words therein by the number of times used.

With that simple hash table, you can combine the numbers together and then generate random numbers within the total range, and kick out the associated words! Statistically indecipherable from real text (because that was the source!) and you kill heuristic anti-spam filters to the curb for good.

It's a simple algorithm - I could write a simple script in PHP that would do this and crank out hundreds of thousands of unblockable messages per hour on a 5 year old Celeron. And the war will *never* end. Even if you can filter improbable word associations, or any other factor or set of factors, those factors can then be figured into the random word generator.

It's an endless game of cat and mouse and it will never end, so long as we're using heuristics to try to figure out what spam is and isn't.

But if we *are* using heuristics to try to read spam, that's probably the single biggest funding driver behind AI research that there is! In essence, we have an intelligent-design genetic algorithm at work trying to come up with the best algorithm for defeating our own intelligence!

What better way is there to fund the development of our eventual intellectual replacements?

THE CURE for SPAM

[Vitriol+Angst]

It seems to me that all we need to do, is charge a penny for every email sent and it is held in "escrow" at the ISP.
If the receiver getting the email, reads the message (and you can automate what a user action constitutes "accepted" mail). Then the penny is returned.

So for most people, you'd have maybe $5 for all your emails that you might send in a year. And likely, if you're only NOT going to get back a receipt for maybe 50 cents in a year.

For a Spammer, sending out a thousand emails in the hopes that they get one sucker, costs them $10 upfront money.

So, is it worth it just to pony up a tiny bit of money and end this problem? We don't need tricks, hacks or technology. All emails go through an official router, and only people with credit in the account get through. Of course, you can still have "anonymous" email -- just so long as someone pays for it, either through anonymous donations or ads. But, so that we don't go insane with avoiding our own email, because it's a chore that wastes so much time -- I would definitely spend a penny an email.

All the illegitimate groups that want to SPAM you, can go around the routers -- it's a free market. But your email will be set to ONLY receive from the verified routers with the escrow account. For every SPAM i receive, I will get a penny. It should be more for the pain and suffering, but at least I'll know the SOBs had to waste some money.

Re:THE CURE for SPAM

[Dan541]

Explain how your system would work and I'll point out the holes.

"Spam"

This is another word that doesn't mean the same thing to everyone, and therein lies the root of the problem.

I have web site clients who have almost begged me to send out "newsletters" to "prospective client lists", and I
refuse outright every time, because if one of my sites gets flagged as spammy, they all do, and we're all down
the shitter together.

"But it's not spam, it's targeted advertising", they tell me, "and we put an opt-out link in anyway, so it shouldn't
cause any problems".

BZZZT - wrong, please advance to the next webmaster, this one's not playing ball.

The thing is, there ARE some people who would genuinely like to receive updates on real estate offers recently
arriving on the market, and there ARE some people who want to buy Viagra and Cialis, and there ARE some
people still ignorant to believe that a jar of cold cream with an "exotic" smell will magically make their mini-willy
into jumbo-tube-steak-king.

So long as someone clicks on these emails and buys, then the advertisers will still pay the spammers to send
out the "advertising material". Frankly, I like to receive the discount brochure in the mail detailing European
holiday specials, and I don't subscribe to it - it's spam, and I like it. But I would prefer not to waste anyone's
time by continuing to receive discount women's underwear adverts - thanks, but it's really NOT my thing.

We will NEVER stop spam, but we can develop a filtering mechanism so those of us that don't want X flavour
spam will only get Y flavour instead. Build a better white/grey/black list, and it has a chance of working. But it
really MUST include the white list section so that there is a genuine incentive for the advertisers to instruct
spammers to stick to the rules. Otherwise we are all left with ALL of the spam.

Re:Is there the checklist for why this won't succe

[pjt33]

(X) Joe jobs and/or identity theft
You're just giving botnet operators an effective means of setting up a hitman agency, and they don't even have to get see the victims.

Effectivly Perfect?

[Dan541]

So they learned how to install SpamAssasin?

Re:Is there the checklist for why this won't succe

[jonadab]

> I don't know the entire history of the checklist

I'm pretty sure it comes from usenet originally and is older than email spam. I believe it may also be older than the web.

Re:Is there the checklist for why this won't succe

LOL, nice!

spam

[JumpSocial]

Single Women and Men Looking to have sexual encounters! - sexually explicit - PRESS HERE to meet single women or men for sexual encounters: (MUST BE 18 and OLDER) http://zimbrlen.com/tr.php?85012+ooga@siteware.com This is going to sound crazy, but there is a dating site loaded with thousands of single women and men right in your city that are looking to meet and date new people this week. These single women and men are not interested in playing games. They know what they want, and they will be very upfront with you. You have nothing to lose, and the time of your life to gain! PRESS HERE to meet single women or men for sexual encounters: (MUST BE 18 and OLDER) http://zimbrlen.com/tr.php?85012+ooga@siteware.com

O/T

[vegiVamp]

> individual rights aren't related to human genetics, but rather to the organism's sapience

So do you look at individual ants, or the entire anthill to determine the level of sapience ?

Re:O/T

[khayman80]

Fascinating question. Different types of organisms need to be analyzed differently. Individuals like us can be measured one at a time, but hive minds need to be analyzed as a whole, like you say.

Re:O/T

[vegiVamp]

Where will you draw the line between individual mind and hivemind ?

An impartial observer could look at a mob of humans, and from the way they act conclude that they are a hivemind.

Shoals of fish and swarms of birds tend to act in almost perfect harmony when evading predators or such, although they consist of very distinct individuals at other times.

And how about the great coral reefs? They could only have been built by tremendous common effort, and yet there is no evidence whatsoever that the individual organisms communicate in a way that would indicate a hivemind.

It's a very complex question, and I guess you won't be distributing individual rights anytime soon :-)

Until..

[hesaigo999ca]

Until, that is, they change the template's format and then we start back at square 1.

That's not new or complete, but it is good.

[code-dweller]

We've been doing this with Message Sniffer since day 1 (many years now!). It's very effective. In fact some of the first rules we coded (abstracts we call them) are still active and effective. Along the way we've developed automation to help us see key pieces of these patterns in real-time, and bots to take advantage of other vectors, but the process is still fundamentally the same for template driven spam.

It should be noted that this vector breaks down badly when the spam template is strongly modeled after legitimate messages - such is the case for many phishing spam.

Clearly it is not a complete solution either -- I'd say that it's good for more than 40% of new spam campaigns and less than 70% on average.

So, if I understand this properly

[edraven]

All you have to do is identify a large quantity of emails that you're already 100% certain are spam generated by one particular system using one particular template. Then this process can analyze it and deduce the template so that in future you can... be 100% certain that certain emails are spam generated by one particular system using one particular template.

Yawn.

Re:Is there the checklist for why this won't succe

[TomXP411]

> Gmail and the rest of the privacy traders do it for you automatically.

Gmail has a great success rate for me... It stops about 1000 spams a month and maybe lets through 2 a year. I've had maybe 2 false positives in all that time (that I've known about.) One was a note from my ex-wife, so maybe GMail knew what it was doing after all.

Re:Is there the checklist for why this won't succe

[MillionthMonkey]

Whoops, it was 2003. It seemed like longer ago.

AI rights?

[marcosdumay]

It is quite hard to imagine a AI that would demand the right of not being an slave. Really. At least the first batch will be created for a propose, why do you think they'd want to not fullfill their propose? (Who would create them on such a way?) If anything, such AI could demand the right to work more, if we ever try to limit it.

Re:Is there the checklist for why this won't succe

[Leolo]

> And also extreme profitability in having a working e-mail address.
It is not profitable to spammers that you have a working email address.

Re:Is there the checklist for why this won't succe

[hedwards]

But, it actually does work. I've got nearly a thousand messages in my junk mail folder and very few false positives. All of the false positives are mailing lists which can be easily whitelisted when I feel like it. And there's been no spam getting through. That's a result that demonstrates the effect it has.

Additionally Google crowd sources the problem, when one user places the spam into the spam folder, any and all identical messages also get placed into the spam folder in other accounts. Meaning that the spam only gets seen one time, even though Gmail may have many thousands of copies in various accounts.