Researchers Claim "Effectively Perfect" Spam Blocking Discovery 353
A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an "effectively perfect" method for blocking spam. The new system deciphers the templates a botnet is using to create spam and then teaches filters what to look for. "The system ... works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analyzing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot."
A never ending battle (Score:2)
Hooray for the good guys! Now if they could find something similar to fight viruses.
Re: (Score:2)
Your analysis is faulty: You miss-identified the virus.
Re: (Score:2)
purchase every item they tried to sell, and donate the items to Haiti
You think the Haitians need bootleg Viagra?
"Perfect"??? (Score:5, Insightful)
Re:"Perfect"??? (Score:5, Funny)
Oh, there's a final solution alright.
Re:"Perfect"??? (Score:5, Funny)
and don't forget (Score:4, Insightful)
Spam isn't kosher anyway!
Re:"Perfect"??? (Score:5, Funny)
Oh, there's a final solution alright.
Hitler, is that you?
I'm all for stopping Spam, but genocide crosses the line.
Re: (Score:2, Funny)
> Hitler, is that you?
Godwin, is that you?
Re:"Perfect"??? (Score:5, Insightful)
Re: (Score:3, Funny)
Even that isn't guaranteed to work [userfriendly.org].
Re:"Perfect"??? (Score:5, Funny)
Oh, there's a final solution alright.
Your post advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re: (Score:3, Funny)
Re: (Score:2)
Spammers will just incorporate this technique into their botnets to test whether sending certain spam will succeed.
Re:"Perfect"??? (Score:5, Insightful)
Fine with me. Most spam I get is obviously a template, since I get the same one for weeks. This would stop those additional sent copies. The false positive rate on this kind of thing is effectively 0%, so I'm willing to have it be an additional check on my email.
If it can stop a lot of this kind of spam, that's fine with me. Let it be an arms race. If the spammers have to make up new templates every 4 hours, that's going to make things a lot harder.
This isn't a cure for all spam, it's a fantastic filter for one (of the biggest) kinds of spam. Only headline makes it sound like it will solve all spam.
Re: (Score:3, Interesting)
Re:"Perfect"??? (Score:4, Insightful)
There is a final solution: make sending spam more expensive. Spammers will only spam so long as it's mind-blowingly wealthy. If you can raise their operating costs and bump them down from "mind-blowingly wealthy" to only "obscenely wealthy", they might switch to other lucrative immoral industries like manufacturing printer ink.
What this does is increase the computational power required to generate a spam email. The method they described sounds like it's self-learning (just hook it up to a spambot "oracle" and it'll figure out the new template), so spammers will likely have to abandon the use of templates altogether. If you increase the amount of computational time required to generate spam, you decrease the amount of spam sent and really decrease the profitability of it.
We keep pushing the requirements for spam further and further up the computational totem pole (or Chomsky hierarchy, if you will) and you get closer and closer to a point where spammers are going to have to create strong AI to write spam. If they fail, we don't have spammers anymore and if they win, well we have spam, but we also have strong AI! Win-win, I say.
Re: (Score:2, Informative)
There is a final solution: ...
Your post advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone
Re: (Score:3, Insightful)
Re:"Perfect"??? (Score:4, Interesting)
I agree with nearly everything you've said, but I don't consider the invention of strong AI by spammers to be a "win". Previously [slashdot.org], I've argued [slashdot.org] that individual rights aren't related to human genetics, but rather to the organism's sapience. In other words, roaches have more rights than yeast cells (but not much more), cats have more rights than roaches, cetaceans/hominids/humans/"strong AI" have more rights than cats.
Allowing spammers to create beings who should be treated as citizens but are actually used as slave labor is wrong. Note that I'm specifically referring to strong AI; weak AI wouldn't qualify as sapient under most definitions.
Re: (Score:2)
Hmmm, you idea's intriguing to me and I would like to subscribe to your newsletter, but unfortunately as soon as it's template is recognized I'll stop getting it.
How many times do I have to tell you (Score:2)
Unplugging the ethernet cable DOESN'T COUNT.
Re: (Score:3, Funny)
Unplugging the ethernet cable DOESN'T COUNT.
I'm using my neighbor's WiFi you insensitive clod!
What about changing the templates (Score:2)
Re: (Score:2, Insightful)
Man, building spamming systems and finding ways to vary the content but not the message seems like a fun cat-and-mouse game. Too bad it's so evil. Can I cut off my Guilt Lobe?
Re: (Score:2)
Why do the spammers have to be on one particular side? It's an arms race, which is more like a game of cat and cat; we both (the good guys and the bad guys) want end users to get just the messages we send. Each will do whatever it takes to get in the others' way. In my experience, it's just as fun (and a lot more gratifying) to stay on the good side.
Re:What about changing the templates (Score:4, Insightful)
I think you're forgetting that the criminals who run botnets aren't as worried about damaging the normal operation of the Internet as the rest of us might be.
We start detecting their templates; they start making their templates more and more flexible. We chase, giving our filters broader and broader definitions of "bad" email. Clever spammers start sacrificing the percentage of thier mail that's coherant just to increase the output range of their templates, forcing the template-recognition filters to get looser. Eventually the filters become useless because they can't pick out every variation that could come from a template without also capturing a lot of legitimate messages.
Or something else happens that renders the filters useless. THe point is - yes, it's a win in that it fights techniques used today. No, it is not the grand victory proclaimed by the headline.
effectively (Score:3, Insightful)
"effectively" = "not quite good enough to actually work"
Re: (Score:2)
No no...
"Effectively" = "'Perfect' is a very effective word to use in marketing campaigns".
spam template (Score:5, Funny)
Seems to make sense (Score:5, Insightful)
Re: (Score:2)
Reactive only (Score:5, Insightful)
Re: (Score:2)
In which case the spamming process will change to make it practical to update the template hundreds of times a day.
Re: (Score:2)
"Perfect" (Score:5, Insightful)
So... (Score:2)
Correct me if I'm wrong, but haven't hidden markov models been around for decades?
Headline tomorrow (Score:5, Insightful)
A team of hackers from Russia are claiming to have found an "effectively perfect" method for countering spam blocking technology. The new system deciphers the templates Spam Blocker is using to filter spam and then teaches spam generators what to write.
Re: (Score:3, Informative)
Calling BS (Score:4, Insightful)
I don't believe any spam filter that advertises 100% accuracy, especially one claiming to do it by figuring out the spam email 'templates'
Re: (Score:3, Insightful)
I don't believe any spam filter that advertises 100% accuracy, especially one claiming to do it by figuring out the spam email 'templates'
Yeah, and calling this a discovery stretches credulity. Who here thinks that Google, Yahoo, Hotmail, and your favorite big mail service provider, don't already do some version of this?
Questions (I know, I know...) (Score:5, Interesting)
Err, what if I, as a corporation, blew out a spam that effectively incorporated a template unique to that which my largest competitor uses in their newsletters or customer communiques (or at least close enough to get my competitor blacklisted far and wide)?
(it would take a shedload of doing, but certainly not impossible, and if it could be done, would make for one hell of a cheap and easy DoS).
Heuristics is great and all, but go too deeply, and I can see it opening up a small but pretty scary can of worms.
Halting problem (Score:2, Insightful)
and then the researchers discovered the Halting problem and pretended it didn't exist.
Re: (Score:3, Informative)
and then the researchers discovered the Halting problem and pretended it didn't exist.
I don't quite see your point - the halting problem proves that you cannot create an algorithm that will tell whether an arbitrary program will ever halt. It has no significance for this particular program, since it would be trivial to ensure that it does halt.
Re: (Score:3, Insightful)
The Halting problem only exist for theoretical computers with infinite memory, for real computers with finite memory its trivial to solve (wait till a memory state repeats, done).
Worthless. Completely Worthless (Score:5, Insightful)
I've said it before, and I'll continue to say it - spam is an economic problem. Until something is done to address the money that spammers make, they will continue to find ways around these "effectively perfect" "discoveries".
Re: (Score:2, Interesting)
Spammers send spam because it makes them money. It makes them money because people are stupid. The question is: why are people stupid, and how can we make them smarter? I would argue that spam is an educational problem.
Re: (Score:3, Insightful)
Spammers send spam because it makes them money.
Agreed.
It makes them money because people are stupid
Not directly. The spammers themselves are paid by moderately smart people who are selling products online that are often of questionable legitimacy. While some of those customers are stupid, there are generally fairly crafty individuals making money off of the customers along the way.
The question is: why are people stupid, and how can we make them smarter?
You could ask the same question in the light of why 419 scams work, why old-school pyramid schemes work, etc. Money can make smart people pretty dumb at times.
I would argue that spam is an educational problem
You will not succeed in educating the problem away. U
Re: (Score:2)
I've said it before, and I'll continue to say it - spam is an economic problem. Until something is done to address the money that spammers make, they will continue to find ways around these "effectively perfect" "discoveries".
There is always a demand to get a message out to n% of x hundred thousand people for cheap. You can't realistically stop that. What you can realistically do is increase the cost of getting those messages out. Treating spam as simply an economic problem won't work.
Re: (Score:2)
What you can realistically do is increase the cost of getting those messages out.
The proposed "Spam Blocking Discovery" doesn't do jack shit to accomplish that goal. The people who install the spam filters aren't going to buy anything that was spamvertised, anyways. Meanwhile the spammers will continue to adjust their methods to get around the filters that are installed at the ISP level so that they can get their messages out to more people who would be interested.
This craptacular "Discovery" is just another round of whack-a-mole. Hopefully at some point people will finally get ti
Re: (Score:3, Insightful)
As long as there is money to be made in spam, spammers will continue to send spam.
But if the US government was to threaten the US based credit card companies that process every single one of these transactions there would be no more money, and no more spam.
Which transactions should they block?
It's also important to keep in mind that spammers don't make money from selling V1AGRA. Spammers make money from other people who want to make money by selling V1AGRA. The distinction is important because it doesn't really matter whether money can be made by selling shady products or not. As long as there's a sucker who *believes* they can make money by selling the shady products, the spammer has a customer. When that one wises up, there are 10 more waiting.
I did this first (Score:5, Funny)
I, too, have designed a flawless spam filter. It works under similar principles, will filter 100% of incoming spam, will generate 0 false positives, and it's super easy to use:
if(is_spam(message)) { delete_message(message); }
Re: (Score:2, Funny)
Just wrote one function... One last to go !
Me too! I'll send you the delete_message() I just wrote, you send me the is_spam() you wrote and I'll link them and publish the solution.
Again with the stupidity (Score:2)
Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world. Instead, the spam industry spends it's time trying to break through spam filters -- and they do so with volume. Upping the ante further just doesn't help. So now you'll encourage spam without templates. My grandmother's just never going to have a chance.
Re:Again with the stupidity (Score:4, Insightful)
Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world.
I can't imagine what you base that statement on. Real-world junk mail is limited by the fact that it costs money to print and mail junk mail. Neither applies to spam.
Spammers aren't just competing with spam filters. They're also competing with each other for attention. Even in the absence of spam filters, the spammers would continually seek new ways to get more of their spam into your inbox than their competitors.
In fact, they might well invent the spam filter, with a deliberate back door so that their spam sails through while their competitors are dropped.
Re: (Score:2)
My point was that spam fitlers can't solve spam. All they can do is make spam more sophisticated, and then lose again at an even bigger game.
And spam does cost money to send -- mail servers, developers to get around spam filters, and some actual sending thing, and managing lists, and making things more efficient, and dodging laws.
But mont importantly, spammers get paid, anti-spam doesn't get paid. Therefore, budget vs. no budget, budget wins every time.
Re: (Score:2)
Had there been no spam filters, we'd all receive about the same amount of e-mail spam as we receive in the postal mail world.
...which I asked my postman to block (most intelligent spam filter ever). Before I asked him to do this, two or three days worth of "bulk rate mail" would be enough to fill my mailbox.
Information Security Puffery (Score:4, Insightful)
As a researcher in the academic side of the Information Security field, I can't help but notice a significant increase in the level of puffery and misleading promotion of research results. Self-promotion obviously isn't new, it's just that as the amount of newspaper-assisted promotion increases, the level of accuracy has dropped significantly. And more importantly, researchers seem much less apologetic about it. It's generating some real blowback.
The best recent example I can think of is Vanish, a cryptographic system for "destroying" data that was proposed out of University of Washington. It's not just that the system was broken [utexas.edu] a few days after it was presented, it's that this relatively minor result got more press than all of the perfectly legitimate crypto-systems research that was going on at the time. In fact, during the same time period a guy named Craig Gentry solved [techtarget.com] a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage.
Not that I'm saying these researchers specifically asked to have their invention described as an "effectively perfect" solution to preventing spam --- which I guarantee you 100% it is not --- but that by going out on a University-encouraged PR junket, they've more or less encouraged this kind of coverage. This kind of stuff is damaging; people should describe their work as what it is. They've developed a technique that is highly effective at filtering /current-gen/ spam generators, in the lab. It won't stop all spam, and it's not effectively perfect, since spamfiltering is by nature an arms race. But of course that's not how it's going to be presented. In the long run this'll just make people more jaded with our field.
Re:Information Security Puffery (Score:4, Funny)
Don't worry. I'm working on a filter for security puffery. Just wait for my press release. It'll blow you away. Promise.
Uh huh. (Score:2, Funny)
Um, an economics problem with this "solution"... (Score:2, Interesting)
If
The real annoyance.. (Score:2)
Honestly, I have to say between all the various filters I have or have written, I don't get a whole lot of spam. What I -want- though, is a way to identify it more reliably before my mail server even has to accept the message. With the current protocols, you can simply only block so much based on IP ranges or whatnot. There's a point where you have to accept the message to analyze. Sadly the only way we're likely to increase the chance of dropping the connection before receiving the message now is for t
Not our claim... :-) (Score:5, Informative)
As a co-author of this work, I should be clear that we never suggested that we have a perfect spam filter per se, simply a new tool that has the benefit of being orthogonal to existing techniques. For _existing_ botnets, our filters are extremely good, but the paper is also quite clear about the variety of ways that spammers might try to evade the approach.
Re:Not our claim... :-) (Score:5, Insightful)
You mean a Slashdot editor posted something sensational, and people didn't RTFM and believed the summary/headline? Never!
Re:Not our claim... :-) (Score:4, Funny)
But it's right there in the headline! In quotes! It must be true!
I'll believe it when... (Score:2, Funny)
Real world operation? Feed of templates? (Score:2, Informative)
Divining the template seems to depend on analyzing numerous messages. Presumably, only very large mail servers (or an aggregated network of smaller servers) would be able to collect enou
Re: (Score:2)
Presumably, only very large mail servers (or an aggregated network of smaller servers) would be able to collect enough messages to rapidly divine the various templates.
If they don't graylist, and if they insist on putting the spam filtering in between accepting and placing in the mbox/maildir.
If they wait for enough other small sites to aggregate the info, and then spamfilter mbox/maildir instead of spamfiltering the inputs to mbox/maildir...
Counseling (Score:2)
No thanks, I'm good.
I have a 95% perfect solution... (Score:5, Funny)
Since 95% of email is spam, just block it all.
No one will notice the statistically-insignificant 5% false positives.
Recognizing spam is easy, if you see enough (Score:5, Informative)
Spam filtering isn't very hard, if you see the email for a large number of accounts, as Gmail does. The one characteristic that spam must have is that it's sent in bulk. The commonality across receiving email accounts gives it away. The only hard part is recognizing the commonality, which is already working rather well. This is just a new technique for recognizing commonality.
Recognizing spam for a single account is tougher, because you don't get to see the "bulk" property.
Re: (Score:3, Insightful)
Amen to that.... we moved our email accounts to Gmail a few years back.
Currently I get maybe two or three spam emails a week across three accounts, two of which have been in active use on the Internet for more than a decade.
Of course if I look in the spam folder, I see that in actual fact anywhere up to 50-100 a day per account. Not my problem. Possibly a problem for Gmail. But they seem happy to undertake to offer the service and remove it for me.
I do have to deal with it elsewhere.. I manage various Googl
not that difficult (Score:2)
This is actually quite simple once you've got the basics in place. It reminds me of a program I once wrote that could crawl a website and it would find out the templates used, identify the actual content, title and other blocks. Some postprocessing was required though, but since most e-mails are a lot simpler than webpages, I suppose this can be done completely automatic for spam. And probably indeed "effectively perfect". As long as spam is template-based, that is.
Spam, like beauty, is in the eye of the beholder (Score:2)
Yeah, this idea is great. . . until it starts blocking out legitimate emails which really are confirming orders shipped by Amazon or other retailers, newsletters that people really were wanting to get, and other info that 'looks' like spam, but isn't.
This is why, while I use spam filters, I would never rely on them to delete email. All I want filters to do is punt suspect spam off to the Junk folder, where I can review it later, or find the email I was expecting which got mis-classified.
The only perfect solution... (Score:2)
...is the manual filtering by the recipient. Actually, scratch that, I've deleted emails that were clearly legitimate. Ah well, as long as it adds to the arsenal.
Re:Is there the checklist for why this won't succe (Score:5, Funny)
Sure, I'll bite:
This group advocates a:
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. The idea will not work. Here is why it won't work. (One or more of the following may apply to the particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to this are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about them:
(X) Sorry dudes, but I don't think it would work.
( ) This is a stupid idea, and they're a stupid people for suggesting it.
( ) Nice try, assh0les! I'm going to find out where you live and burn your house down!
Re:Is there the checklist for why this won't succe (Score:5, Insightful)
Note that the "good guys" revealed their methods immediately after discovery, which means the "bad guys" can start looking for a workaround. The "bad guys" won't make the same slip.
Re: (Score:2)
because good is dumb.
nah, just lazy. think of the other stuff good is doing. like beer and women. and uhm yeah. stuff like that.
Re:Is there the checklist for why this won't succe (Score:4, Insightful)
Now suppose my account were compromised and you got this exact message from my personal email, where the jpeg is a Viagra ad. There is absolutely nothing there for your spam blocker to latch on to, unless it parses the content of the jpeg itself. Anyway, blocking stuff like this would lead to unacceptably many false positives.
Re: (Score:2)
Furthermore, bad will always win because good is dumb.
Nice saying, but if you need an excuse for being bad, you're not doing it right.
Re:Is there the checklist for why this won't succe (Score:5, Interesting)
Your algorithms can, and often do, remain secret(unless one of your black-hat buddies cracks one of your cracked machines); but you'd be a lousy spammer indeed if the results of your technique weren't widely available.
Re: (Score:3, Funny)
It seems like "fails to account for (X) Asshats" is *always* the case.
Is it true, that perhaps "no one expects the asshats!"
Re:Is there the checklist for why this won't succe (Score:4, Insightful)
Asshatitude always applies because you can never anticipate the next step in asshatitude evolution. They will always find new and innovative ways to be asshats.
Yeah, I don't see the point (Score:2, Interesting)
I RTFA and they tested it by giving it 1000 spam e-mails by the same bot and after that it recognized the spam sent by that bot with 100% accuracy. This means NOTHING. I could bet a nice sum of money that if you give a traditional, learning spam filter 1000 e-mails sent by the same bot and flag those all as spam, it can then recognize the bot's further e-mails as spam. Real enviroment doesn't work like that, however. You have a large amount of very different spam bots and their templates which is what makes
Re:Yeah, I don't see the point (Score:4, Informative)
I could bet a nice sum of money that if you give a traditional, learning spam filter 1000 e-mails sent by the same bot and flag those all as spam, it can then recognize the bot's further e-mails as spam.
If that were true, then by now Thunderbird's filter would stop missing all the Russian spam I get. I have no idea what the spam says, as I don't know Russian, and I never get legitimate mail in Russian; all the Russian spam I get appears very similar in format and length. I'm quite certain that Thunderbird has had over a thousand such e-mails marked as spam over the last few years, and yet it consistently fails to flag them.
Point being: traditional learning filters are not sufficient.
This is anecdotal evidence, YMMV, etc etc.
Re: (Score:3, Interesting)
I'd say it's 'effectively perfect' against the templates it's targeting, not against all of them. Since templates are the best way to get around a bayesian filter, you 'could' limit spammers to manual spam again, which is a big crap-shoot. Until they develop a new method (which isn't the target the filter is 'perfect' against).
Re:Is there the checklist for why this won't succe (Score:4, Insightful)
(X) technical ( ) legislative ( ) market-based ( ) vigilante
Has anyone ever suggested all of these? The government offers a contract and clears the legislative barriers to a company making vigilante robots which would hunt down and kill the families of all spammers while making the spammers watch?
Assuming these robots can fly, have powerful metal claws, and cannot be stopped, I can't see any problems on your checklist.
( ) Spammers can easily use it to harvest email addresses
() Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
() Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Nope. None there.
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
There are currently laws expressly forbidding the construction and operation of mass murder machines, but that's why I suggested we get rid of those laws.
( ) Ideas similar to this are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
I do realize some wouldn't trust the company controlling the deathbots, which is why -I- would be the governing authority once they were operational. You can trust me because I promise to only kill you if you're related to a spammer.
Re:Is there the checklist for why this won't succe (Score:5, Informative)
Some mathematician (I forget who) had his graduate students send back cards with forms like these to people who sent in attempted proofs of Fermat's Last Theorem.
Re:Is there the checklist for why this won't succe (Score:4, Insightful)
The truth is that spam has been successfully fought by filters without compromising legitimate email. Furthermore as Paul Graham had stated, spammers have been forced to yield in smaller text-based messages or in-line images.
In particular,
(X) Mailing lists and other legitimate email uses would be affected
Possibly but the probability of losing legitimate email by modern heuristics is (proven) smaller than the probability of accidentally deleting it when it is mixed with spam.
(X) Users of email will not put up with it
They do, sometimes without their knowledge
(X) Many email users cannot afford to lose business or alienate potential employers
They would lose more without filtering. See 1st argument.
(X) Asshats
How ?
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
And also extreme profitability in having a working e-mail address.
(X) Bandwidth costs that are unaffected by client filtering
This isn't the mid 90s anymore.
(X) Ideas similar to this are easy to come up with, yet none have ever been shown practical
The practicality of heuristic filtering (SpamAssassin etc) is proved by its transparency. Even old e-mail clients such as Outlook 97 can filter out email marked by X-Spam headers. Gmail and the rest of the privacy traders do it for you automatically.
(X) Why should we have to trust you and your servers?
Run it locally. Mozilla Messaging does.
(X) Feel-good measures do nothing to solve the problem
Age old forms copied from the newsgroups can't be used as arguments anymore. Time to be creative again!
(X) Killing them that way is not slow and painful enough
But cutting down their profit is.
Re:Is there the checklist for why this won't succe (Score:5, Funny)
Your post advocates a
() abusive
(x) checklist
() clever
(x) tired
approach to mockery. It won't work because
(x) the joke is too old
(x) nobody has the patience to read the whole thing
() we are above that
Re: (Score:3, Funny)
Formatting! Please use some proper formatting! my eyes are bleeding from your wall of text!
Re: (Score:2)
Can't lay bricks made from shit, you know.
Re: (Score:2)
Spoiled by html fail.
And BTW the spammers are just going to change the way their templates work. Make them more... evolutionary.
Re: (Score:2)
Exactly. They just make the subtle changes in templates less subtle. They have a reason (money) to get around the blocking, like they already do. This isn't going to be some effectively perfect solution.
Case closed.
Re:Is there the checklist for why this won't succe (Score:5, Insightful)
However, the reason you use templates, rather than word salad or the first 100kb of
Re:Is there the checklist for why this won't succe (Score:4, Interesting)
how about the spammers using fragments from Gutenberg books ? Or fragments from blog posts ? ... What is spam, after all ? I am trying hard to send David Horowitz the the spam bin, but then the guy manages to get out of it after a while ... I have tried unsubscribing, tried "spam"-ing him, even tried to beg him to let my mailbox live peacefully ... for me it's spam, for him it is enlightening the dumb masses and the work of his life ...
Re: (Score:3, Funny)
I did not know that Steve Gutenberg wrote books. I thought he was just a skilled actor.
He's only a start because of the stonecutters.
Re: (Score:2)
(Spam will only go away when email does)
Email is going away, but the spam will remain.
Socially, "everyone" uses social networking sites or instant messaging instead of email.
Corporations prefer you log in to their website to look at order status, to better track and market to you.
Email is for .... old people? Services that haven't migrated to something newer?
Usenet still gets spammed, its just very few people use usenet anymore. My email address will get spam for decades after I stop reading email.
Re: (Score:2)
It's easy to block 100% of spam emails.
It's harder to let the non-spam emails through.
Re: (Score:3, Insightful)