Slashdot Mirror
Researchers Claim "Effectively Perfect" Spam Blocking Discovery
A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an "effectively perfect" method for blocking spam. The new system deciphers the templates a botnet is using to create spam and then teaches filters what to look for. "The system ... works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analyzing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot."
Err, what if I, as a corporation, blew out a spam that effectively incorporated a template unique to that which my largest competitor uses in their newsletters or customer communiques (or at least close enough to get my competitor blacklisted far and wide)?
(it would take a shedload of doing, but certainly not impossible, and if it could be done, would make for one hell of a cheap and easy DoS).
Heuristics is great and all, but go too deeply, and I can see it opening up a small but pretty scary can of worms.
Quo usque tandem abutere, Nimbus, patientia nostra?
Not in the same level of detail; but, when your business model is spamming, you inevitably end up sending thousands of samples to loads of ill-vetted email addresses, some fraction of which are either being operated as spamtraps, or are in the possession of users annoyed enough to forward samples on.
Your algorithms can, and often do, remain secret(unless one of your black-hat buddies cracks one of your cracked machines); but you'd be a lousy spammer indeed if the results of your technique weren't widely available.