I kinda regret doing it now but it paid the rent at the time...
This is a possible antidote to unchecked capitalism which has lead to greed and inflation which led this programmer to write a questionable piece of software in order to keep a roof over his head.
Perhaps if he were in a financially better position at the time, he would have passed this project by.
When money is more important than people you get all sorts of societal ills. I haven't seen any real lasting good come of the unchecked preoccupation with wealth--there is always a downside no matter how small or insignificant.
Nice to see these Monty Python bits get 'updated' to use the new spim term.
Hormel should count their blessings over all the free advertising they get for their 'meatspace' SPAM product because of the popularity of the original SPAM skit the Python troupe did which became synonymous with massive ammounts of unwanted email and thus dubbed spam.
At least that is a lot more than you can do to some spammer working out of their trailer in central Arkansas and relaying their spam through a Korean proxy.
The only conclusion I can draw is that you prefer to keep your head in the sand and post PR statements rather than increase your knowledge of the solutions you are competing with and address the real shortcomings of your program, so that you can blame your lack of fame and success on conspiracy theories. That's a workable solution only if your goal is to continue not to be taken seriously.
Right now I am using my program on my public, unhidden, unobsfucated email address where first time correspondents can contact me. If, via that point of contact, they need to send me a file attachment, HTML, or whatever, I can give them a private email address I use. There was a recent Slashdot story about the Secret Service breaking up a 'phisher'/carding ring to much fanfare. Not long after that, I checked my email at this private address and got a eBay 'phish'. I was expecting to hear from someone I haven't contacted in awhile, not an attempt at fraud and identity theft. Anyway I figured out how I could filter the 'phish' emails out for good. I just went to the ecommerce sites I do business with and verified I get only plain text email. Now all I have to do is configure my program to filter out all emails bearing file attachments or HTML on my private email address. It'll just take me a minute or two to do this. I do have another (semi)private address where such content could be sent to me if needed.
Anyway, I wrote the software because I was genuinely tired of all the spam I got and did something constructive about it. This is after dealing with piles of unwanted email sent by 'manual spammers' at a web-based email account I still have. Why do I call them 'manual spammers'? Because they (must have) read my email address off an image file at an old website of mine and manually added my email address to their lists or quite possibly used a 'dictionary attack' to spam me. This is why I never gave out a POP3 email address until a few months ago because I didn't wan't Outlook downloading and saving spam and malware--so I have my software deal with it instead.
However, to get back to your response above, I could add statistical support to the 8 criteria I am using. But doing that would make my software no different from the others that have this support in them.
So then what is so unique about my email filtering programs over the others?
My program puts the user in 100% complete control of the email they retrieve from their inbox.
With the statistical approach, admirable as it may be, has a chance for error (false positives) be it a small chance.
With my rule-based approach, there is (unfortunately) no middle ground, degrees of freedom, or complex mathematical calculations needed: either the incoming email is acceptable to the rules or not.
The user has the option with my program to save these unacceptable messages so there is no chance of having important email deleted--it is identified (mistakenly) as spam after being 'sanitized' for possible review and use.
My programs are a complete email client and mailserver both with built-in email filtering. All the other solutions I came accross on the internet need a mailserver or email client in order to work.
In closing, I want to say that 'bowing to market forces' and adding in statistical modeling, or lots and lots of custom rulesets would make my programs no different than the likes of CRM114, DSPAM, or SpamAssassin: statistical modeling or complicated rulesets can use lots of space and bog the CPU down with lots of calculations. If you are in a hurry, you'd probably have to dedicate a PC to do nothing but check email in such an environment. I wanted to make a simple, efective mail filter and was partly inspired to do so by this quote:
"Things should be made as simple as possible, but not any simpler." -- Albert Einstein
He kept the cost down (by necessity) by pricipally doing all the camerawork, direction, and behind-the-scenes production work himself among other things.
The key is to read the SMTP headers and the underlying HTML (if any).
The phishers/extortionists are counting on people not being savvy enough to do that--thus, they 'win'.
LostCluster wants to scrap SMTP.
What other scheme with the reliability of SMTP is around now to take its place?
Then there is all the time, effort, and infrastructure invested in SMTP--no one is going to throw all that away if there isn't something better to take it's place.
All SMTP is is a transport medium--neither good nor evil.
The simple (but time consuming and resource draining) quick fix would be for all email to be publicly encrypted with public key cryptology [the Feds'll love that! >:) ]. Business sites publish their public key out in the open and use their private key to encrypt their email before sending it out. Authenticity problem solved except for two problems:
1) The bad guys correctly guess or generate the private key of bigsite.example.com This is laughably unlikely but possible which leads to the more likely possibility:
2) Someone at bigsite.example.com accidentally or deliberately divulges (under duress?) the secret key to the bad guys.
If 1 or 2 happens, the bad guys can now send email appearing to come from bigsite.example.com even though the email is transmitted from elbonia.example.com If TCP/IP spoofing or a compromised mailserver at bigsite.example.com is used, the desception apparently becomes perfect. Of course, should bigsite.example.com disavow their compromised key and issue a new one, everybody who does business with them have to change their keys and otherwise muck around with public key encryption which will be a stumbling block to the non-crypto savvy.
In the end I say, using crypto or replacing SMTP is not the answer. Just use a bit of detective work on the underlying SMTP headers and any imbeded HTML A HREF links to expose the fraud with the help of a whois service. If it still looks legitimate, you can:
1) Stop doing business with them. 2) Alert them to the situation so they can do something about it. 3) Contact the authorities and let them handle it.
Or possibly your approach languishes because people aren't interested in an approach with a staggering potential for false positives in identifying spam?
My software can be configured to allow all sorts of 'spammy' content through. At least such content is 'defanged' to prevent malware via HTML and file attachments from compromising one's PC outright. Can the same be said of the other spam filters? The other ones I know about cut away file attachments with 'runnable' extentions and probably do not 'neutralize' unsafe HTML like my software does. Since it has been posited (established?) that computer crackers are working with spammers to set up 'zombie relays' via infected email file attachments or exploit-laden HTML pages sent by email, why not deny them those avenue of attack while still allowing such email to flow unimpeded but in a benign, inert state? In this manner, the user must consciously compromise their system by making such content hostile again which is easy to do.
You say that other systems have 'complicated rules' like that's a bad thing--they are complicated in an attempt to actually separate spam from ham intelligently.
But how can you do that effectively if the sp4mm3rs 4r3 c0nst4nt1y m1ssp31ling w0rds in an effort to evade word-based pattern matching algorithms? My approach is immune to such chicanery because the content I 'score' on is the only content that really matters when looking for spam or 'spamlike' content--all other content is irrelevant and is used by spammers/crackers to get their content past filters and into your mailbox. The way I see it, someone sending you unsolicited email for the very first time have absolutely no need to send you file attachments, HTML (looking content), quoted printable (looking) content, percent signs, dollar signs, numbers, URLs (or URL-like content), or email addresses (or email address-like content). If they do, the email they sent you is likely spam. In my case, that fact was borne out as when the filtering on my public email address, iamcf13@hotpop.com, was a little less restrictive, I still got spam and the occasional Nigerian '419' advance fee fraud email that didn't use percent signs or dollar signs in their fraudulent content. Fed up with even getting this trickle of spam and fraud, I set my SpamByte code to 0 and filtered out effectively all my spam! Right now, I rarely get an occasional 'Subject line' spam with a zero-content body. I have concluded for the time being that these are sent 'manually' out of spite by the spammers and are not 'standard' spam with it's convenient links to 'spamvertised sites' and whatnot.
It's not like there is some conspiracy to promote other solutions over yours.
Allow the Slashdot story editors to 'speak for themselves'.
Since 2004-07-15, the following antispam software packages/algorithms got a news story about them on Slashdot:
Revolutionary Spam Firewall Developed My shareware mailserver had built-in 'antispam firewall' support at the TCP/IP connection level since Thursday, July 15, 2004, 22:19 Universal Coordinated Time
The above software all use sophisticated numerical and pattern matching algorithms in order to indentify spam from other legitimate email. I say it is unecessar
Unfortunately, 'spreading the message' of the Boulder Pledge via email could be construed as 'mass mailings' even though it is not commercial in nature.
Perhaps it is best to post the Boulder Pledge to your website or as the signature to your emails.
This is why I cannot use unsolicited spam emails to 'spread the word' about my antispam software---the ends wouldn't justify the means.
My approach lets *YOU* decide what kinds of content you want in your email while the other approaches I've seen here use complicated rules to try to flag an email as spam or not.
In an earlier post, I describe the merits of my software in an enthusiastic, factual manner.
For that, this was the result:
[block quoted section below] MOD SPAMMING PARENT DOWN (Score:0) by Anonymous Coward on Saturday October 23, @11:06PM (#10612183) Your solution is to spam slashdot with adds for your overly-restrictive, simplistic mail filter?
Go home.
[ Reply to This | Parent ]
Re:Spam is a social problem--my solution (Score:0) by Anonymous Coward on Saturday October 23, @11:35PM (#10612297) I hope you don't write your emails in the same way as you write your posts, because this one surely looks like spam. [ Reply to This | Parent ] [block quoted section above]
Why then was the following news item posted to Slashdot in the first place?...
Posted by michael on Tue Oct 05, '04 04:25 PM from the something-for-everyone dept. Chris Anderson writes "I'm the editor of Wired Magazine and if you'll forgive the autohornblowing, I think you'll be interested in my piece in our latest issue. It argues, with a lot of new data, that the entertainment industry is shifting from an era of hit-driven economics to one of niche-driven economics. Content that was once relegated to the fringe, beneath the threshold of commercial viability, is now increasingly able to find a market in distributed audiences, marking a shift towards the previously-neglected Long Tail of the demand curve." [block quoted section above]
Why is it all right for Chris Anderson to talk about his ideas for free on Slashdot in the form of a news story and not I?
Some selected posts from that thread that address this issue:
[block quoted section below] Re:autohornblowing (Score:0) by Anonymous Coward on Tuesday October 05, @04:36PM (#10444135) if the Slashdot invoice for this publicity is 0$, then I'm even more impressed by the autohornblowing. [ Parent ]
Why? (Score:0, Flamebait) by jmays (450770) on Tuesday October 05, @04:29PM (#10444034) Why does/. succumb to these blatant types of advertising. If the article was submitted by a non-Wired affiliated person... I might have read it. At least some other Slash-Advertisers post anonymously. pfft.
Re:Why? (Score:3, Insightful) by halfelven (207781) on Tuesday October 05, @04:59PM (#10444377) (http://florin.myip
Nobody reads it. In essence, it's an end-run around the legal system.
Indeed. EULAs that are truly on the up and up boil down to these simple clauses:
1) Do not illegaly copy our software. 2) Do not reverse engineer our software. 3) Our software is provided AS IS. ABSOLUTELY *NO* WARRANTIES WHATSOEVER!
Why do you need pages and pages and pages of boilerplate lawyerspeak to say the above? It isn't necessary!
One thing you might want to watch out for are pre-installation EULAs that you can only read on screen! I came across one recently while installing printer software for someone recently. You couldn't copy/paste the EULA to Notepad/Wordpad/Whatever and print it out on another printer to read in 'meatspace'!
You cannot fix social problems with legislation. Spam will never end as long as there will be fools who buy products advertised by unsolicited commercial e-mail. Period.
Before I wrote it, I was ready to *SCREAM* in frustration at all the useless spam I got at a webmail address from 'manual spammers' who read that address off a website image I used to have and 'spammed away'. That is why I never gave out my POP3-enabled email address because I knew I could code a POP3-based solution that could filter the spammers out for good!
I was successful!
Nowadays, the only time I get spam is on two occasions:
1) When I have my software temporarily disabled in order to get expected, important, one-time emails such as a website login passwords. Once I get such emails, I immediately re-enable the software and have effectively 100% spam protection again!
2) The spammers send me a 'Subject line:' spam with an email body with zero content--nothing but the terminating period per the email RFC specification. A pathetic act of desparation. Should enough of them get through to be a bother, I can slightly recode my software to add the subject line contents to the filtering routine and block spam at this level as well! I could even add an effective dictionary-based filtering technique that was used in the very first version of my software to filter out the last bit of 'subject line' spam from spammers who just cannot give up!
For any spammers out there who might be reading this, please remove iamcf13@hotpop.com from your lists. You are wasting your time sending me any email that has any of the 8 telltale signs of spam in it.
It is *impossible* for you to send me *any* kind of commercial email without using one or more of of the 8 telltale signs of spam!
That was the BEST Clippy joke I've read! I can just hear Gilbert Gottfried as that annoying piece of bent wire who comes in quite handy when I use a Microsoft Office program sometimes. As a programmer, I am in genuine awe at the way his 'idle behavior' AI was coded by Microsoft in the Office 2000 version of the Clippy Office Assistant.
Thank you for the moment of amusement, Skraut, you've made my day! =D
PS: Yes, I'm on Windows. Love 'em or hate 'em, Microsoft is still the PC software king these days. If they go out of business today, the world economy will be in grave danger of 'crashing and burning' without them around to support their buggy, but WILDLY POPULAR software....
The first real programming language I learned in college. My first Turbo Pascal program, a simple equation solver, was a kludge that showed it's roots in BASIC, the programming language I knew at the time. Once I properly wrapped my head around the structured programming concept, I was good to go and was off to the races. Nowadays, I think up the code in Visual C++ (almost always just plain C with CString support), type it into the IDE, compile it, and run it with usually no more than minor compile-time/run-time errors. If you are interested, an example of my C coding skills is here--a non-trivial software solution to a real problem that I myself use on a regular basis.:)
Occam's Razor as spam fighting software--mine.
on
DSPAM v3.2 Released
·
· Score: 1
My approach only uses 8 simple rules to score spam--the others use more complicated and computer-intensive methods.
My approach is fast, simple, and effective.
I use it to check my own email where it has filtered out my spam without fail.
The only 'spam' it wont detect currently is 'subject line' spam with email bodies with absolutely no content but I can easily fix that....
Maybe my approach is 'too good to be true' or 'not serious' to merit 'airtime' on Slashdot. You decide.
Looks like when the domain's machine name listed link text and the underlying href are 'the same' you may still get scammed.
Looks like the best way to avoid any problems is to open a brand new browser window and go to the email senders website that way--it is much safer.
The Feds won't like it, but this is aproaching the last straw! Encrypted email in the RSA style should put a stop to this nonsense. How could a phisher impersonate a big bank via RSA encrypted email unless they got ahold of the bank's secret key? But then again, browsing the site manually as explained above will solve the problem of going to a phish site unless the bank's webserver itself got 0wned or compromised by a 'dirty' employee....
I almost completely agree that if you're dumb enough to fall for the scam, you deserve it.
Years ago, when I was on AOL, I almost fell for this scam (password phish)--it was so convincing! At the time, I was brand-new to the internet and was a total neophyte.
At the end before I left AOL, I was just using them as an ISP, nothing more, nothing less. By then, their 'proprietary content' meant nothing to me.
Nowadays, I'm getting authentic-looking phishes from 'banks' via Outlook I don't do business with. LOSERS!!! (>_<);;;
I would filter out the phishes with my POP3 email checker automatically but I can't as I get other important email at this address as well and can't risk deleting any of it.... =/
What the bloody hell, advertising between pages and timed redirection?! Jesus christ. Lay off you vile leeches.
I use Outpost Firewall from agnitum.com and have it configured to filter such Javascript 'tricks' like this out. I had no problems browsing the Episode V site in the article.
As for me, I've only been employed as a programmer for about five years. Before that, I had nothing but 'minimum wage' jobs.
Am I bitter?
No.
The time spent at those other jobs along with about eighteen plus years of ongoing education in computer programming have been put to good use.
Can you literally think the source code for a computing task, type it into the IDE, compile it, and it works or doesn't work due to a minor error?
I can.
For that, I am very grateful.
My struggle is learning new algorithms from other sources and implementing them as source code and in learning how to use new software technologies and add them to my skillset. Once these are 'mastered', it becomes a snap to add them as needed to the programs I write. Another area of difficulty is in software design. My goal is to design and write a piece of software once and only once without updating it. It is my effort to get it right the first time. The last major software project I did took about a month to finish--most of the time was spent designing the whole program for every thinkable contingency and painstaking coding and testing the modules for it. This 'craftsman' approach to programming is at odds with the 'microwave, gotta have it now' mentality of business, but I'd rather see the software I write work as designed and intended with NO side effects. I have (co-)written mission-critical software in the past--it is rather wonderful and amazing to see it run and humbling to know a business is depending on it to run correctly in order for them to operate their business.
Over time I have built up a software library of small source code modules that I can literaly fit together to create working programs in little time. Another thing I've done is taken other people's source code (available freely from the web) and created 'new' software tools by writing a new function that interfaces with the 'old code' creating a 'black box' that is easy and convenient to use. Another thing I've done is taken other peoples source code and 'strip out' the unneded parts--leaving behind the valuable, 'meaty' source code bits that can be used in programs.
As Newton said:
"If I have seen further it is by standing on ye shoulders of Giants." --Isaac Newton
I am indebted to all who have helped me to be the computer programmer I am today. Thank you.
Each time you sit down on a chair you are using faith. You are trusting that the chair (and by extention, the manufacturer of said chair) will support you and not collapse, subjecting you to possible injury or death.
Let's raise the stakes.
Each time you go out in public and do anything in the capacity of a law-abiding citizen, you are using faith. You are trusting that the other people who are out in public are also law-abiding citizens and will not do aything to you to defraud you, injure you, or kill you. Also, by extension of the chair sitting analogy above, you are also trusting that any and all modes of transportation you use in your travels will not injure you or kill you when you use them or interact with them due to such things as wear and tear, negligence, human error, equipment malfunctions, or--due to 2001-09-11 and other days like it then and now--terrorism.
Let's raise the stakes.
The atheist believes there is no God. After they die, he or she has more to lose if they are wrong than if they are right.
The agnostic believes that it impossible to to know whether there is a God yet does not profess to be an atheist. So these people put God on the 'back burner' so to speak and go about their daily lives. When they die, one of two things happen:
1) If there is no God (per the atheists) they lost nothing and are 'in the nothingness of oblivion where all living things must go to someday....'
2) If there is a God (per the theists) they are in the same position as the atheists who believe there is no God. He or she has more to lose if they are wrong than if they are right.
The theist believes there is a God and has entered a proper relationship with Him per my previous post. He or she has more to gain if they are right than if they are wrong. If they are wrong, they lost nothing and are 'in the nothingness of oblivion where all living things must go to someday....' along with the atheists and the agnostics.
If they are right, they have this to look forward to:
Jer.32 [26] Then came the word of the LORD unto Jeremiah, saying, [27] Behold, I am the LORD, the God of all flesh: is there any thing too hard for me?
John.14 [1] Let not your heart be troubled: ye believe in God, believe also in me. [2] In my Father's house are many mansions: if it were not so, I would have told you. I go to prepare a place for you. [3] And if I go and prepare a place for you, I will come again, and receive you unto myself; that where I am, there ye may be also.
Rom.8 [38] For I am persuaded, that neither death, nor life, nor angels, nor principalities, nor powers, nor things present, nor things to come, [39] Nor height, nor depth, nor any other creature, shall be able to separate us from the love of God, which is in Christ Jesus our Lord.
Rev.22 [12] And, behold, I come quickly; and my reward is with me, to give every man according as his work shall be. [13] I am Alpha and Omega, the beginning and the end, the first and the last. [14] Blessed are they that do his commandments, that they may have right to the tree of life, and may enter in through the gates into the city. -- KJV Bible at umich.edu
As for people dying and heading off to 'the nothingness of oblivion where all living things must go to someday....' that is, per science and the Bible, NOT the case.
I disable it temporarily for good reason. This is usually to receive website account logon information. Once received, the software is re-enabled again and the spam is filtered out automatically once more.
Some spammer sent a spam with absolutely *NO* content whatsoever in the email body.
Easily fixed.
All I need to do is extend the spam filtering my programs do to the 'Subject:' line and spammers will be silenced for good--it will be impossible for them to conveniently spam 'in the open' via the email subject line or email message body. If the spammers are still spamming in an obvious, verbose manner, I can incorporate code from my first version of the filter to filter out such spam (it was dictionary and keyword based). The only area left to spam in is the email headers. Who reads those unless you are tracking down spam so you can complain to the appropriate parties.
I have given up reporting spam--I just delete it automatically. I report the fraudulent email I get sometimes when I have my software temporarily disabled.
Now then...why is a spam and fraud tool like the one mentioned in the article considered news on Slashdot while my anti spam/fraud/malware filter continues to languish in the mists of obscurity?
[Slashdot News submission result for my website and an earlier version of the software that used a more complicated approach] A bold, new approach to fighting spam.... Thursday March 11, [2004] @11:51PM Rejected
The Long Tail Media | Posted by michael on Tuesday October 05, @04:25PM from the something-for-everyone dept. Chris Anderson writes "I'm the editor of Wired Magazine and if you'll forgive the autohornblowing, I think you'll be interested in my piece in our latest issue. It argues, with a lot of new data, that the entertainment industry is shifting from an era of hit-driven economics to one of niche-driven economics. Content that was once relegated to the fringe, beneath the threshold of commercial viability, is now increasingly able to find a market in distributed audiences, marking a shift towards the previously-neglected Long Tail of the demand curve."
and I do not (to introduce the email spam/fraud/malware filter software I wrote--now in an improved version)?
What is the criteria for newsworthy items here?
Is it someone's status in the (computing) industry?...
Or is it someone's attempt at genuine innovation to solve a problem that threatens the stability and reliability of the Internet itself?
Before I wrote the software I use now to check my POP3 email account inboxes, I was fed up and pratically seeing red over all the spam/fraud/malware I got.
Now, thanks to using my own software, I feel sorry for spammers/fraudsters/computer crackers. I am genuinely surprised when I get a real email or a pathetic, no-content spam from a spammer/fraudster/computer cracker.
In short, my software filters 'obvious' spam/fraud/malware out at its most fundamental level while still allowing normal email communications to take place. Normal email doesn't contain one or more of the eight 'hallmarks' of spam/fraud/malware that I've determined all such email has.
I think my software is worthy of a news item here. Just have a look at my (currently) rated '5 interesting' way to 'fix' Google.
The 3-4 hurricanes hitting Florida and other parts of the Carribean and Atlantic Oceans--I never heard of that happening before.
Mt. Saint Helens erupting again in my lifetime as it did back in 1980 in spectacular fashion that time.
The Yosemite National Park 'supervolcano' is 'overdue' in erupting.
News of 'Richter Scale 6' quakes hitting California
The Bible did say the world would be destroyed by fire this time around.
2Pet.3 [3] Knowing this first, that there shall come in the last days scoffers, walking after their own lusts, [4] And saying, Where is the promise of his coming? for since the fathers fell asleep, all things continue as they were from the beginning of the creation. [5] For this they willingly are ignorant of, that by the word of God the heavens were of old, and the earth standing out of the water and in the water: [6] Whereby the world that then was, being overflowed with water, perished: [7] But the heavens and the earth, which are now, by the same word are kept in store, reserved unto fire against the day of judgment and perdition of ungodly men. [8] But, beloved, be not ignorant of this one thing, that one day is with the Lord as a thousand years, and a thousand years as one day. [9] The Lord is not slack concerning his promise, as some men count slackness; but is longsuffering to us-ward, not willing that any should perish, but that all should come to repentance. [10] But the day of the Lord will come as a thief in the night; in the which the heavens shall pass away with a great noise, and the elements shall melt with fervent heat, the earth also and the works that are therein shall be burned up. -- KJV Bible at hti.umich.edu
Maybe it won't be due to nuclear war but there is still a possibility of that occuring with all the nuclear weapons still out there....
Slashdot Mirror
AOL needs to learn that @hallmark.com DOES NOT equal spam.
It does if the headers say otherwise.
Look at all the 'phish' spam purportedly from such sites as eBay, PayPal, CitiBank, and SunTrust that I've gotten recently in the past.
But no more.
That crap, along with all other unwanted email with file attachments and HTML are now headed for my own virtual wastepaper basket.
I wrote it. I use it. It works.
I kinda regret doing it now but it paid the rent at the time...
This is a possible antidote to unchecked capitalism which has lead to greed and inflation which led this programmer to write a questionable piece of software in order to keep a roof over his head.
Perhaps if he were in a financially better position at the time, he would have passed this project by.
When money is more important than people you get all sorts of societal ills. I haven't seen any real lasting good come of the unchecked preoccupation with wealth--there is always a downside no matter how small or insignificant.
Nice to see these Monty Python bits get 'updated' to use the new spim term.
Hormel should count their blessings over all the free advertising they get for their 'meatspace' SPAM product because of the popularity of the original SPAM skit the Python troupe did which became synonymous with massive ammounts of unwanted email and thus dubbed spam.
At least that is a lot more than you can do to some spammer working out of their trailer in central Arkansas and relaying their spam through a Korean proxy.
Directory of IP Based Blacklists
I found this site rather by accident, I'm glad I did.
If the proxy list there is reasonably accurate, one could block a good deal of proxied email spam.
Right now I am using my program on my public, unhidden, unobsfucated email address where first time correspondents can contact me. If, via that point of contact, they need to send me a file attachment, HTML, or whatever, I can give them a private email address I use. There was a recent Slashdot story about the Secret Service breaking up a 'phisher'/carding ring to much fanfare. Not long after that, I checked my email at this private address and got a eBay 'phish'. I was expecting to hear from someone I haven't contacted in awhile, not an attempt at fraud and identity theft. Anyway I figured out how I could filter the 'phish' emails out for good. I just went to the ecommerce sites I do business with and verified I get only plain text email. Now all I have to do is configure my program to filter out all emails bearing file attachments or HTML on my private email address. It'll just take me a minute or two to do this. I do have another (semi)private address where such content could be sent to me if needed.
Anyway, I wrote the software because I was genuinely tired of all the spam I got and did something constructive about it. This is after dealing with piles of unwanted email sent by 'manual spammers' at a web-based email account I still have. Why do I call them 'manual spammers'? Because they (must have) read my email address off an image file at an old website of mine and manually added my email address to their lists or quite possibly used a 'dictionary attack' to spam me. This is why I never gave out a POP3 email address until a few months ago because I didn't wan't Outlook downloading and saving spam and malware--so I have my software deal with it instead.
However, to get back to your response above, I could add statistical support to the 8 criteria I am using. But doing that would make my software no different from the others that have this support in them.
So then what is so unique about my email filtering programs over the others?
My program puts the user in 100% complete control of the email they retrieve from their inbox.
With the statistical approach, admirable as it may be, has a chance for error (false positives) be it a small chance.
With my rule-based approach, there is (unfortunately) no middle ground, degrees of freedom, or complex mathematical calculations needed: either the incoming email is acceptable to the rules or not.
The user has the option with my program to save these unacceptable messages so there is no chance of having important email deleted--it is identified (mistakenly) as spam after being 'sanitized' for possible review and use.
My programs are a complete email client and mailserver both with built-in email filtering. All the other solutions I came accross on the internet need a mailserver or email client in order to work.
In closing, I want to say that 'bowing to market forces' and adding in statistical modeling, or lots and lots of custom rulesets would make my programs no different than the likes of CRM114, DSPAM, or SpamAssassin: statistical modeling or complicated rulesets can use lots of space and bog the CPU down with lots of calculations. If you are in a hurry, you'd probably have to dedicate a PC to do nothing but check email in such an environment. I wanted to make a simple, efective mail filter and was partly inspired to do so by this quote:
Many modern producers couldn't have breakfast for less than $7,000. The man was a genius.
Could the same be said of Robert Rodriguez?
He made El Mariachi for about $7,000.00
I found it to be an entertaining film.
He kept the cost down (by necessity) by pricipally doing all the camerawork, direction, and behind-the-scenes production work himself among other things.
The key is to read the SMTP headers and the underlying HTML (if any).
The phishers/extortionists are counting on people not being savvy enough to do that--thus, they 'win'.
LostCluster wants to scrap SMTP.
What other scheme with the reliability of SMTP is around now to take its place?
Then there is all the time, effort, and infrastructure invested in SMTP--no one is going to throw all that away if there isn't something better to take it's place.
All SMTP is is a transport medium--neither good nor evil.
The simple (but time consuming and resource draining) quick fix would be for all email to be publicly encrypted with public key cryptology [the Feds'll love that! >:) ]. Business sites publish their public key out in the open and use their private key to encrypt their email before sending it out. Authenticity problem solved except for two problems:
1) The bad guys correctly guess or generate the private key of bigsite.example.com This is laughably unlikely but possible which leads to the more likely possibility:
2) Someone at bigsite.example.com accidentally or deliberately divulges (under duress?) the secret key to the bad guys.
If 1 or 2 happens, the bad guys can now send email appearing to come from bigsite.example.com even though the email is transmitted from elbonia.example.com If TCP/IP spoofing or a compromised mailserver at bigsite.example.com is used, the desception apparently becomes perfect. Of course, should bigsite.example.com disavow their compromised key and issue a new one, everybody who does business with them have to change their keys and otherwise muck around with public key encryption which will be a stumbling block to the non-crypto savvy.
In the end I say, using crypto or replacing SMTP is not the answer. Just use a bit of detective work on the underlying SMTP headers and any imbeded HTML A HREF links to expose the fraud with the help of a whois service. If it still looks legitimate, you can:
1) Stop doing business with them.
2) Alert them to the situation so they can do something about it.
3) Contact the authorities and let them handle it.
What more can one do in this situation?
Or possibly your approach languishes because people aren't interested in an approach with a staggering potential for false positives in identifying spam?
My software can be configured to allow all sorts of 'spammy' content through. At least such content is 'defanged' to prevent malware via HTML and file attachments from compromising one's PC outright. Can the same be said of the other spam filters? The other ones I know about cut away file attachments with 'runnable' extentions and probably do not 'neutralize' unsafe HTML like my software does. Since it has been posited (established?) that computer crackers are working with spammers to set up 'zombie relays' via infected email file attachments or exploit-laden HTML pages sent by email, why not deny them those avenue of attack while still allowing such email to flow unimpeded but in a benign, inert state? In this manner, the user must consciously compromise their system by making such content hostile again which is easy to do.
You say that other systems have 'complicated rules' like that's a bad thing--they are complicated in an attempt to actually separate spam from ham intelligently.
But how can you do that effectively if the sp4mm3rs 4r3 c0nst4nt1y m1ssp31ling w0rds in an effort to evade word-based pattern matching algorithms? My approach is immune to such chicanery because the content I 'score' on is the only content that really matters when looking for spam or 'spamlike' content--all other content is irrelevant and is used by spammers/crackers to get their content past filters and into your mailbox. The way I see it, someone sending you unsolicited email for the very first time have absolutely no need to send you file attachments, HTML (looking content), quoted printable (looking) content, percent signs, dollar signs, numbers, URLs (or URL-like content), or email addresses (or email address-like content). If they do, the email they sent you is likely spam. In my case, that fact was borne out as when the filtering on my public email address, iamcf13@hotpop.com, was a little less restrictive, I still got spam and the occasional Nigerian '419' advance fee fraud email that didn't use percent signs or dollar signs in their fraudulent content. Fed up with even getting this trickle of spam and fraud, I set my SpamByte code to 0 and filtered out effectively all my spam! Right now, I rarely get an occasional 'Subject line' spam with a zero-content body. I have concluded for the time being that these are sent 'manually' out of spite by the spammers and are not 'standard' spam with it's convenient links to 'spamvertised sites' and whatnot.
It's not like there is some conspiracy to promote other solutions over yours.
Allow the Slashdot story editors to 'speak for themselves'.
Since 2004-07-15, the following antispam software packages/algorithms got a news story about them on Slashdot:
DSPAM v3.2 Released
DSPAM v3.2 Beta-1 Released
SpamAssassin 3.0 Released
Revolutionary Spam Firewall Developed
My shareware mailserver had built-in 'antispam firewall' support at the TCP/IP connection level since Thursday, July 15, 2004, 22:19 Universal Coordinated Time
Fighting Spam with DNA Sequencing Algorithms
The above software all use sophisticated numerical and pattern matching algorithms in order to indentify spam from other legitimate email. I say it is unecessar
Unfortunately, 'spreading the message' of the Boulder Pledge via email could be construed as 'mass mailings' even though it is not commercial in nature.
/. succumb to these blatant types of advertising. If the article was submitted by a non-Wired affiliated person ... I might have read it. At least some other Slash-Advertisers post anonymously. pfft.
Perhaps it is best to post the Boulder Pledge to your website or as the signature to your emails.
This is why I cannot use unsolicited spam emails to 'spread the word' about my antispam software---the ends wouldn't justify the means.
So my simple, effective approach languishes in obscurity while bigger, more complicated, CPU-intensive approaches are featured on Slashdot.
My approach lets *YOU* decide what kinds of content you want in your email while the other approaches I've seen here use complicated rules to try to flag an email as spam or not.
In an earlier post, I describe the merits of my software in an enthusiastic, factual manner.
For that, this was the result:
[block quoted section below]
MOD SPAMMING PARENT DOWN (Score:0)
by Anonymous Coward on Saturday October 23, @11:06PM (#10612183)
Your solution is to spam slashdot with adds for your overly-restrictive, simplistic mail filter?
Go home.
[ Reply to This | Parent ]
Re:Spam is a social problem--my solution (Score:0)
by Anonymous Coward on Saturday October 23, @11:35PM (#10612297)
I hope you don't write your emails in the same way as you write your posts, because this one surely looks like spam.
[ Reply to This | Parent ]
[block quoted section above]
Why then was the following news item posted to Slashdot in the first place?...
[block quoted section below]
The Long Tail
Posted by michael on Tue Oct 05, '04 04:25 PM
from the something-for-everyone dept.
Chris Anderson writes "I'm the editor of Wired Magazine and if you'll forgive the autohornblowing, I think you'll be interested in my piece in our latest issue. It argues, with a lot of new data, that the entertainment industry is shifting from an era of hit-driven economics to one of niche-driven economics. Content that was once relegated to the fringe, beneath the threshold of commercial viability, is now increasingly able to find a market in distributed audiences, marking a shift towards the previously-neglected Long Tail of the demand curve."
[block quoted section above]
Why is it all right for Chris Anderson to talk about his ideas for free on Slashdot in the form of a news story and not I?
Some selected posts from that thread that address this issue:
[block quoted section below]
Re:autohornblowing (Score:0)
by Anonymous Coward on Tuesday October 05, @04:36PM (#10444135)
if the Slashdot invoice for this publicity is 0$, then I'm even more impressed by the autohornblowing.
[ Parent ]
Why? (Score:0, Flamebait)
by jmays (450770) on Tuesday October 05, @04:29PM (#10444034)
Why does
Re:Why? (Score:3, Insightful)
by halfelven (207781) on Tuesday October 05, @04:59PM (#10444377)
(http://florin.myip
Indeed. EULAs that are truly on the up and up boil down to these simple clauses:
1) Do not illegaly copy our software.
2) Do not reverse engineer our software.
3) Our software is provided AS IS. ABSOLUTELY *NO* WARRANTIES WHATSOEVER!
Why do you need pages and pages and pages of boilerplate lawyerspeak to say the above? It isn't necessary!
One thing you might want to watch out for are pre-installation EULAs that you can only read on screen! I came across one recently while installing printer software for someone recently. You couldn't copy/paste the EULA to Notepad/Wordpad/Whatever and print it out on another printer to read in 'meatspace'!
Well said!
That I why I use a technological solution.
I wrote it. I use it. It works!
Before I wrote it, I was ready to *SCREAM* in frustration at all the useless spam I got at a webmail address from 'manual spammers' who read that address off a website image I used to have and 'spammed away'. That is why I never gave out my POP3-enabled email address because I knew I could code a POP3-based solution that could filter the spammers out for good!
I was successful!
Nowadays, the only time I get spam is on two occasions:
1) When I have my software temporarily disabled in order to get expected, important, one-time emails such as a website login passwords. Once I get such emails, I immediately re-enable the software and have effectively 100% spam protection again!
2) The spammers send me a 'Subject line:' spam with an email body with zero content--nothing but the terminating period per the email RFC specification. A pathetic act of desparation. Should enough of them get through to be a bother, I can slightly recode my software to add the subject line contents to the filtering routine and block spam at this level as well! I could even add an effective dictionary-based filtering technique that was used in the very first version of my software to filter out the last bit of 'subject line' spam from spammers who just cannot give up!
For any spammers out there who might be reading this, please remove iamcf13@hotpop.com from your lists. You are wasting your time sending me any email that has any of the 8 telltale signs of spam in it.
It is *impossible* for you to send me *any* kind of commercial email without using one or more of of the 8 telltale signs of spam!
Game Over, Spammers/Computer Crackers!
ROTFLMAO!!!!
That was the BEST Clippy joke I've read! I can just hear Gilbert Gottfried as that annoying piece of bent wire who comes in quite handy when I use a Microsoft Office program sometimes. As a programmer, I am in genuine awe at the way his 'idle behavior' AI was coded by Microsoft in the Office 2000 version of the Clippy Office Assistant.
Thank you for the moment of amusement, Skraut, you've made my day! =D
PS: Yes, I'm on Windows. Love 'em or hate 'em, Microsoft is still the PC software king these days. If they go out of business today, the world economy will be in grave danger of 'crashing and burning' without them around to support their buggy, but WILDLY POPULAR software....
The first real programming language I learned in college. My first Turbo Pascal program, a simple equation solver, was a kludge that showed it's roots in BASIC, the programming language I knew at the time. Once I properly wrapped my head around the structured programming concept, I was good to go and was off to the races. Nowadays, I think up the code in Visual C++ (almost always just plain C with CString support), type it into the IDE, compile it, and run it with usually no more than minor compile-time/run-time errors. If you are interested, an example of my C coding skills is here--a non-trivial software solution to a real problem that I myself use on a regular basis. :)
My approach only uses 8 simple rules to score spam--the others use more complicated and computer-intensive methods.
My approach is fast, simple, and effective.
I use it to check my own email where it has filtered out my spam without fail.
The only 'spam' it wont detect currently is 'subject line' spam with email bodies with absolutely no content but I can easily fix that....
Maybe my approach is 'too good to be true' or 'not serious' to merit 'airtime' on Slashdot. You decide.
Looks like when the domain's machine name listed link text and the underlying href are 'the same' you may still get scammed.
Looks like the best way to avoid any problems is to open a brand new browser window and go to the email senders website that way--it is much safer.
The Feds won't like it, but this is aproaching the last straw! Encrypted email in the RSA style should put a stop to this nonsense. How could a phisher impersonate a big bank via RSA encrypted email unless they got ahold of the bank's secret key? But then again, browsing the site manually as explained above will solve the problem of going to a phish site unless the bank's webserver itself got 0wned or compromised by a 'dirty' employee....
Years ago, when I was on AOL, I almost fell for this scam (password phish)--it was so convincing! At the time, I was brand-new to the internet and was a total neophyte.
At the end before I left AOL, I was just using them as an ISP, nothing more, nothing less. By then, their 'proprietary content' meant nothing to me.
Nowadays, I'm getting authentic-looking phishes from 'banks' via Outlook I don't do business with. LOSERS!!! (>_<);;;
I would filter out the phishes with my POP3 email checker automatically but I can't as I get other important email at this address as well and can't risk deleting any of it.... =/
Exhibit A: me.
I wrote it. I use it. It works.
The part I use is free to all. Enjoy!
I use Outpost Firewall from agnitum.com and have it configured to filter such Javascript 'tricks' like this out. I had no problems browsing the Episode V site in the article.
Advertising like that is likely a waste of money. Why not use those funds to pay the programmers to make FireFox even better?
...Unless enough of them are 'outed' in this fashion -- then there will be decisive action on this matter.
The average citizen doesn't matter in the scheme of things unless enough of us band together to do something about this.
Prov.16 [18] Pride goeth before destruction, and an haughty spirit before a fall.
As for me, I've only been employed as a programmer for about five years. Before that, I had nothing but 'minimum wage' jobs.
Am I bitter?
No.
The time spent at those other jobs along with about eighteen plus years of ongoing education in computer programming have been put to good use.
Can you literally think the source code for a computing task, type it into the IDE, compile it, and it works or doesn't work due to a minor error?
I can.
For that, I am very grateful.
My struggle is learning new algorithms from other sources and implementing them as source code and in learning how to use new software technologies and add them to my skillset. Once these are 'mastered', it becomes a snap to add them as needed to the programs I write. Another area of difficulty is in software design. My goal is to design and write a piece of software once and only once without updating it. It is my effort to get it right the first time. The last major software project I did took about a month to finish--most of the time was spent designing the whole program for every thinkable contingency and painstaking coding and testing the modules for it. This 'craftsman' approach to programming is at odds with the 'microwave, gotta have it now' mentality of business, but I'd rather see the software I write work as designed and intended with NO side effects. I have (co-)written mission-critical software in the past--it is rather wonderful and amazing to see it run and humbling to know a business is depending on it to run correctly in order for them to operate their business.
Over time I have built up a software library of small source code modules that I can literaly fit together to create working programs in little time. Another thing I've done is taken other people's source code (available freely from the web) and created 'new' software tools by writing a new function that interfaces with the 'old code' creating a 'black box' that is easy and convenient to use. Another thing I've done is taken other peoples source code and 'strip out' the unneded parts--leaving behind the valuable, 'meaty' source code bits that can be used in programs.
As Newton said:
I am indebted to all who have helped me to be the computer programmer I am today. Thank you.
Faith is the key.
Rom.12 [3] For I say, through the grace given unto me, to every man that is among you, not to think of himself more highly than he ought to think; but to think soberly, according as God hath dealt to every man the measure of faith.
Each time you sit down on a chair you are using faith. You are trusting that the chair (and by extention, the manufacturer of said chair) will support you and not collapse, subjecting you to possible injury or death.
Let's raise the stakes.
Each time you go out in public and do anything in the capacity of a law-abiding citizen, you are using faith. You are trusting that the other people who are out in public are also law-abiding citizens and will not do aything to you to defraud you, injure you, or kill you. Also, by extension of the chair sitting analogy above, you are also trusting that any and all modes of transportation you use in your travels will not injure you or kill you when you use them or interact with them due to such things as wear and tear, negligence, human error, equipment malfunctions, or--due to 2001-09-11 and other days like it then and now--terrorism.
Let's raise the stakes.
The atheist believes there is no God. After they die, he or she has more to lose if they are wrong than if they are right.
The agnostic believes that it impossible to to know whether there is a God yet does not profess to be an atheist. So these people put God on the 'back burner' so to speak and go about their daily lives. When they die, one of two things happen:
1) If there is no God (per the atheists) they lost nothing and are 'in the nothingness of oblivion where all living things must go to someday....'
2) If there is a God (per the theists) they are in the same position as the atheists who believe there is no God. He or she has more to lose if they are wrong than if they are right.
The theist believes there is a God and has entered a proper relationship with Him per my previous post. He or she has more to gain if they are right than if they are wrong. If they are wrong, they lost nothing and are 'in the nothingness of oblivion where all living things must go to someday....' along with the atheists and the agnostics.
If they are right, they have this to look forward to:
As for people dying and heading off to 'the nothingness of oblivion where all living things must go to someday....' that is, per science and the Bible, NOT the case.
First up, a 'scientific explanation':
Here is my effort.
I wrote it. I use it. It works.
There are only two cases where it doesn't work.
I disable it temporarily for good reason.
This is usually to receive website account logon information. Once received, the software is re-enabled again and the spam is filtered out automatically once more.
Some spammer sent a spam with absolutely *NO* content whatsoever in the email body.
Easily fixed.
All I need to do is extend the spam filtering my programs do to the 'Subject:' line and spammers will be silenced for good--it will be impossible for them to conveniently spam 'in the open' via the email subject line or email message body. If the spammers are still spamming in an obvious, verbose manner, I can incorporate code from my first version of the filter to filter out such spam (it was dictionary and keyword based). The only area left to spam in is the email headers. Who reads those unless you are tracking down spam so you can complain to the appropriate parties.
I have given up reporting spam--I just delete it automatically.
I report the fraudulent email I get sometimes when I have my software temporarily disabled.
Now then...why is a spam and fraud tool like the one mentioned in the article considered news on Slashdot while my anti spam/fraud/malware filter continues to languish in the mists of obscurity?
Why does Wired Magazine editor Chris Anderson get a news item on Slashdot (self-promotion for entertainment related article he wrote)
and I do not (to introduce the email spam/fraud/malware filter software I wrote--now in an improved version)?
What is the criteria for newsworthy items here?
Is it someone's status in the (computing) industry?...
Or is it someone's attempt at genuine innovation to solve a problem that threatens the stability and reliability of the Internet itself?
Before I wrote the software I use now to check my POP3 email account inboxes, I was fed up and pratically seeing red over all the spam/fraud/malware I got.
Now, thanks to using my own software, I feel sorry for spammers/fraudsters/computer crackers. I am genuinely surprised when I get a real email or a pathetic, no-content spam from a spammer/fraudster/computer cracker.
In short, my software filters 'obvious' spam/fraud/malware out at its most fundamental level while still allowing normal email communications to take place. Normal email doesn't contain one or more of the eight 'hallmarks' of spam/fraud/malware that I've determined all such email has.
I think my software is worthy of a news item here. Just have a look at my (currently) rated '5 interesting' way to 'fix' Google.
Not all spammers are male.
I read an online story about a female spammer.
What would be her punishment then?
The Mark Of The Beast....Just add commerce!
Other signs I've noticed....
The 3-4 hurricanes hitting Florida and other parts of the Carribean and Atlantic Oceans--I never heard of that happening before.
Mt. Saint Helens erupting again in my lifetime as it did back in 1980 in spectacular fashion that time.
The Yosemite National Park 'supervolcano' is 'overdue' in erupting.
News of 'Richter Scale 6' quakes hitting California
The Bible did say the world would be destroyed by fire this time around.
Maybe it won't be due to nuclear war but there is still a possibility of that occuring with all the nuclear weapons still out there....
So you have 3 choices:
Be an atheist and be called a fool by the Bible.
(Pss.14 [1] The fool hath said in his heart, There is no God. They are corrupt, they have done abominable works, there is none that doeth good.)
Be an agnostic and be rejected by God.
(Rev.3 [15] I know thy works, that thou art neither cold nor hot: I would thou wert cold or hot. [16] So then because thou art lukewarm, and neither cold nor hot, I will spue thee out of my mouth.)
Or, seek God and his forgivness. (Heb. 11 [6] But without faith it is impossible to please him: for he that cometh to God must believe that he is, and that he is a rewarder of them that diligently seek him.
, John.3 [16] For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life. [17] For God sent not his Son into the world to condemn the world; but that the world through him might be saved. [18] He that believeth on him is not condemned: but he that believeth not is condemned already, because he hath not believed in the name of the only begotten Son of God.)
Then there is the experiences of this man which corroberate the preceding Bible passage.
So in the end, the choice is yours....With God, there is no middle ground....