Researchers Claim "Effectively Perfect" Spam Blocking Discovery 353
A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an "effectively perfect" method for blocking spam. The new system deciphers the templates a botnet is using to create spam and then teaches filters what to look for. "The system ... works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analyzing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot."
Questions (I know, I know...) (Score:5, Interesting)
Err, what if I, as a corporation, blew out a spam that effectively incorporated a template unique to that which my largest competitor uses in their newsletters or customer communiques (or at least close enough to get my competitor blacklisted far and wide)?
(it would take a shedload of doing, but certainly not impossible, and if it could be done, would make for one hell of a cheap and easy DoS).
Heuristics is great and all, but go too deeply, and I can see it opening up a small but pretty scary can of worms.
Um, an economics problem with this "solution"... (Score:2, Interesting)
If you try to outsmart the spammers with this, you will lose. Complexity favors the spammers.
Re:t's turtles all the way down (Score:3, Interesting)
Re:Worthless. Completely Worthless (Score:2, Interesting)
Spammers send spam because it makes them money. It makes them money because people are stupid. The question is: why are people stupid, and how can we make them smarter? I would argue that spam is an educational problem.
Yeah, I don't see the point (Score:2, Interesting)
I RTFA and they tested it by giving it 1000 spam e-mails by the same bot and after that it recognized the spam sent by that bot with 100% accuracy. This means NOTHING. I could bet a nice sum of money that if you give a traditional, learning spam filter 1000 e-mails sent by the same bot and flag those all as spam, it can then recognize the bot's further e-mails as spam. Real enviroment doesn't work like that, however. You have a large amount of very different spam bots and their templates which is what makes it so difficult. In addition, you have loads of regular mail, some of which might somewhat resemble the spam e-mails but still be completely legitimate. And in real enviroment, some people eventually flag legitimate e-mail as spam but some spam isn't flagged as such.
The fact that their test was so limited implies that this was simply a test. A proof of concept for this kind of approach, one could say. I doubt they actually intended to this be a solution that ends spam.
Re:Is there the checklist for why this won't succe (Score:5, Interesting)
Your algorithms can, and often do, remain secret(unless one of your black-hat buddies cracks one of your cracked machines); but you'd be a lousy spammer indeed if the results of your technique weren't widely available.
Re:Is there the checklist for why this won't succe (Score:3, Interesting)
I'd say it's 'effectively perfect' against the templates it's targeting, not against all of them. Since templates are the best way to get around a bayesian filter, you 'could' limit spammers to manual spam again, which is a big crap-shoot. Until they develop a new method (which isn't the target the filter is 'perfect' against).
Re:"Perfect"??? (Score:4, Interesting)
I agree with nearly everything you've said, but I don't consider the invention of strong AI by spammers to be a "win". Previously [slashdot.org], I've argued [slashdot.org] that individual rights aren't related to human genetics, but rather to the organism's sapience. In other words, roaches have more rights than yeast cells (but not much more), cats have more rights than roaches, cetaceans/hominids/humans/"strong AI" have more rights than cats.
Allowing spammers to create beings who should be treated as citizens but are actually used as slave labor is wrong. Note that I'm specifically referring to strong AI; weak AI wouldn't qualify as sapient under most definitions.
Re:Is there the checklist for why this won't succe (Score:4, Interesting)
how about the spammers using fragments from Gutenberg books ? Or fragments from blog posts ? ... What is spam, after all ? I am trying hard to send David Horowitz the the spam bin, but then the guy manages to get out of it after a while ... I have tried unsubscribing, tried "spam"-ing him, even tried to beg him to let my mailbox live peacefully ... for me it's spam, for him it is enlightening the dumb masses and the work of his life ...
OpenPGP = "Acutally Perfect" Spam Blocking (Score:2, Interesting)
We use Thunderbird with the Enigmail (OpenPGP) plugin [mozdev.org] at my office to cryptographicly sign and/or encrypt our email.
Our SPAM filter consists of simply rejecting all unsigned e-mail messages.
One exception is that external e-mail addresses can be whitelisted (with approval) to allow for email from companies with no email authentication in place.
It's a bit of a pain at first, but everyone at work agrees that it's a small price to pay when you consider the alternative (inboxes full of spam).
I've never recieved a spam e-mail message at work.
New employees create PGP keys during orientation (or else they can't send any e-mail).
One by one I'm convincing my friends and family to cryptographicly sign their messages (tech-savy ones love the Idea).
Soon I hope to get zero spam at home too.
[sigh]... If only the rest of the Internet authenticated their email we could all have Zero spam in our inboxes.
Just reject all emails (Score:1, Interesting)
Its actually quite funny that it takes a team of "computer scientists" to attempt an approach that any slashdot reader knows instinctivly to be foolish and doomed to failure.
Until their smarter than humans all anti-spam efforts are ever sure to accomplish is to make the Internets mail system increasingly unreliable for legitimate business to the point of being absolutely useless.
Internet mail needs a complete overhaul. Listen up Berkley computer science heads... Conceptually the only scheme that has a chance of ever being practical is requirement to obtain "permission to send" ..
HELO, can I send you an email?
(User is notified and accepts)
THANKYOU, here is my email
Permission is likely to be in the form of a signing request that can be shared with others ad-infinitum by linking the trust chain. Once permission is granted its always a bi-directional grant by default and the keying material is used as a basis for mandatory message signing and optional message encryption.
The receiver has the capability of revoking their signature if its abused by an organization or its sub-assignments. Once revoked permission to send will need to be re-obtained for that signature and any sub-assignments. This disentangles the email address and prevents you from being a spam target even if your email is posted publically.
Users are in full control and as with typical PKI you can set recursion limits and EKUs to specify if/how your permission to send can be given to others.
If your smart about it you can overhaul the SMTP protocol and maintain IMAP/POP3 client compatibility. IMAP extensions can be used to manage permission to send/signing mumbo jumbo and a compatibility mode can provide interactive email prompting from the new server.
Yes you can still be spammed by millions of zombies asking for permission to send you something so there is a careful balance of what information should be conveyed in a request and valid modes such as prearranged passwords or specifically requested information before permission to send requests will even be acceptable.
I would much rather have that and have some assurance WRT who I'm talking to /w built-in ability to go secure/encrypted when needed. Its not foolproof but at least it does not require a trusted third party and if your smart about it there is some chance it won't even have to be a disruptive transition.