I've been reading about this over on the OP's site. He's a one man campaign on this one. Here's the post I just made on that site:
Jeff writes:
I've just been writing about the fact that they don't seem to be enforcing their own policies and the impact this has on their brand and business partners.
That's pretty disingenuous. You're pursuing Facebook, via the advertisers, yourself and drumming up publicity for your pursuit as a campaign tactic, as the admins who deleted your post to Metafilter recognised (and the admins of Slashdot haven't recognised, but they never were the sharpest tools in the box). Neither are you interested in the details of Facebook's TOS. I'd be more impressed if you'd been up-front about what this is about, namely that you don't like the way Variablast has expressed his dislike of Islam.
So, what of Variablast? I agree that what he's done is crude, but here's the thing: the propensity of some Muslims to be offended is their problem, not his. He may be a troll who knows exactly the effect his words are going to have, but sane people, even religious ones, know when they're being trolled and don't start riots or issue death threats as a result.
Islam is not a race and non-Islamic Arabs and Pakistanis in the UK are a bit fed up of the authorities' bumbling attempts to be multi-cultural by asking the imams what "the community" thinks. So the group cannot be racist, any more than the "Fuck Christianity" group is. Do you also object to that group? What is it about "Fuck Islam" that has you so riled?
I'm with Newnet. Far from the cheapest, but they gave a static IP and seem pretty competent. I've never seen any evidence that they're throttling BitTorrent. Other geek friends recommend Zen.
TMDA and the like are spammers themselves: they send lots of identical messages to people who haven't asked for them, namely the people whose addresses are used fraudulently in the From lines of spam emails.
Legitimate newsletters also have identical message bodies, so you can't merely look for those on their own to catch spam. That said, you can whitelist people who send you solicited bulk email, and then you've got something like the DCC, which is in use today. If we're talking specifically about dictionary attacks, recall that the recipients are specified before the message body is transmitted, and it's usual to reject unknown users at that early stage, as once you've been sent the body, there's then no way of saying "I accepted your message to A@example.com but not B@example.com".
Bayesian filtering is about learning what is interesting to you. If you average it over everyone's email, you'll actually get less effective at positively identifying the sort of ham (non-spam) mail that you get.
Every time there's a discussion here about spam, people talk about doing away with SMTP and replacing it with something enforcing certificates and signatures, the great white hope for email. Apparently, nobody's considered how this applies to one useful feature of email, namely the ability for people who've never contacted you before to send you email. Spammers can get themselves certificates just as easily as anyone else.
Paypal's idea is interesting. A quick look at news.admin.net-abuse.sightings shows a lot of Paypal phishing does purport to be from paypal.com, but as someone's already said, common mis-spellings are the obvious next step, at which point your certificates are useless (bonus points to the spammer who gets SPF, DKIM and whatnot up the whazoo for their paypa1.com domain).
Something that might be worth looking at is a format for out-of-band information to instruct mail clients to trust certain mail and distrust other mail which looks like it (the latter being where something Bayesian could come in). That way, when you sign up to Paypal on the web you get a blob of data which your mail client understands to mean that Paypal.com using this signing key may legitimately send you bulk email, and that mails which score highly for looking like Paypal mails but aren't should get flagged and filtered.
In any case, spam is a solved problem. Use DCC and Spamhaus Zen and then greylist (or just reject) connections from clients with no RDNS or with generic RDNS (4.3.2.1.isp.example.com for IP 1.2.3.4, say), and you're down to so little spam that it's not worth complaining about.
Slashdot Mirror
What's to stop the OpenID people writing something which uses a Facebook app as an OpenID server? Best of both worlds, I'd've thought.
I've been reading about this over on the OP's site. He's a one man campaign on this one. Here's the post I just made on that site:
Jeff writes:
I've just been writing about the fact that they don't seem to be enforcing their own policies and the impact this has on their brand and business partners.
That's pretty disingenuous. You're pursuing Facebook, via the advertisers, yourself and drumming up publicity for your pursuit as a campaign tactic, as the admins who deleted your post to Metafilter recognised (and the admins of Slashdot haven't recognised, but they never were the sharpest tools in the box). Neither are you interested in the details of Facebook's TOS. I'd be more impressed if you'd been up-front about what this is about, namely that you don't like the way Variablast has expressed his dislike of Islam.
So, what of Variablast? I agree that what he's done is crude, but here's the thing: the propensity of some Muslims to be offended is their problem, not his. He may be a troll who knows exactly the effect his words are going to have, but sane people, even religious ones, know when they're being trolled and don't start riots or issue death threats as a result.
Islam is not a race and non-Islamic Arabs and Pakistanis in the UK are a bit fed up of the authorities' bumbling attempts to be multi-cultural by asking the imams what "the community" thinks. So the group cannot be racist, any more than the "Fuck Christianity" group is. Do you also object to that group? What is it about "Fuck Islam" that has you so riled?
I'm with Newnet. Far from the cheapest, but they gave a static IP and seem pretty competent. I've never seen any evidence that they're throttling BitTorrent. Other geek friends recommend Zen.
TMDA and the like are spammers themselves: they send lots of identical messages to people who haven't asked for them, namely the people whose addresses are used fraudulently in the From lines of spam emails.
Bayesian filtering is about learning what is interesting to you. If you average it over everyone's email, you'll actually get less effective at positively identifying the sort of ham (non-spam) mail that you get.
Every time there's a discussion here about spam, people talk about doing away with SMTP and replacing it with something enforcing certificates and signatures, the great white hope for email. Apparently, nobody's considered how this applies to one useful feature of email, namely the ability for people who've never contacted you before to send you email. Spammers can get themselves certificates just as easily as anyone else.
Paypal's idea is interesting. A quick look at news.admin.net-abuse.sightings shows a lot of Paypal phishing does purport to be from paypal.com, but as someone's already said, common mis-spellings are the obvious next step, at which point your certificates are useless (bonus points to the spammer who gets SPF, DKIM and whatnot up the whazoo for their paypa1.com domain).
Something that might be worth looking at is a format for out-of-band information to instruct mail clients to trust certain mail and distrust other mail which looks like it (the latter being where something Bayesian could come in). That way, when you sign up to Paypal on the web you get a blob of data which your mail client understands to mean that Paypal.com using this signing key may legitimately send you bulk email, and that mails which score highly for looking like Paypal mails but aren't should get flagged and filtered.
In any case, spam is a solved problem. Use DCC and Spamhaus Zen and then greylist (or just reject) connections from clients with no RDNS or with generic RDNS (4.3.2.1.isp.example.com for IP 1.2.3.4, say), and you're down to so little spam that it's not worth complaining about.