Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SpamNet: Razor for the Masses

CmdrTaco posted more than 12 years ago | from the isn't-that-cool dept.

Spam 256

UCRowerG writes "From CNET News on Yahoo!: "Conceived by Napster co-founder Jordan Ritter and open-source developer Vipul Ved Prakash, the company is touting the benefits of democracy, networking and collaboration in the war against unscrupulous e-mail marketers." " Since Prakesh is responsible for Razor, hopefully there will be Linux support as well, but once again I gotta throw my props at Spamassassin which catches over a hundred spam for me each day.

cancel ×

256 comments

I need my spam (4, Funny)

Hatechall (541378) | more than 12 years ago | (#3728955)

Spam is the only mail I get...makes me feel part of something greater than I.

Re:I need my spam (-1, Offtopic)

Big Dogs Cock (539391) | more than 12 years ago | (#3728991)

Is your penis enlarged?

Have you seen pictures of real sorority girls?

Have you made $50,000 with this simple scheme?

[insert random Japanese characters here]?

MODERATORS ON CRACK (-1)

Jean Marie le Penis (575842) | more than 12 years ago | (#3729084)

Yeah - it's shit, but it aint offtopic.

Re:MODERATORS ON CRACK (0)

Anonymous Coward | more than 12 years ago | (#3729146)

Enlarge Your Boss"
by Anna Lee Hastings, New York, N.Y.

Enlarge Your Boss

Thousands of people all over the world are using
your penis
to make a few hundred extra dollars monthly,
everyone knows that.
So now is the time to refinance
your penis
You can save up to 75 percent on
your penis
It's a fact. Simply by using
your penis
You can make over $5,000 per month in as little as 6 months!
The truth is, if you're not using
your penis
To generate income, you're leaving income on the table.
Here's what the experts have to say about
your penis
"A gold mine."
"An incredible lead generation tool."
"Blows away traditional mailing."
It's
your penis
What are you waiting for?
100% Satisfaction Guaranteed or
your penis
Back!!

But wait there's more!
What do you REALLY KNOW about
your penis
Did you know you can search for
your penis
Right on the Internet?
WE CHECK
your penis
OUT FOR YOU!!!
Amazing stealth
penis
Can track anyone!

If you do not wish to receive future mailings, please click
your penis
We will promptly remove
your penis
from our database.

Copyright © 1999-2002, SatireWire

Re:MODERATORS ON CRACK (-1)

L0rdkariya (562469) | more than 12 years ago | (#3729161)

Dear Sir,

Please tell me in great detail how to use my penis to beat ACs to bloody death. Thank you.

Re:I need my spam (5, Funny)

gentix (559742) | more than 12 years ago | (#3729010)

And if you follow the instructions of every penis enlargement email you get, you'll soon really be part of something greater than you...

Re:I need my spam (0)

Anonymous Coward | more than 12 years ago | (#3729094)

Damn... The nlaslt64 has crashed again. I think it's due to the ML10 upgrade of last week.. Fuck fuck fuck

What I find strange (1)

Brother_Chubba (586342) | more than 12 years ago | (#3729157)

What I find strange is the Spammers insistence on my interest in furry animal rape sex..

I mean I've never been to any sites promoting furry animal rape.

Why do they think I like raping furry animals?

Re:What I find strange (-1)

MMMMMMMMMMMMMMMMMMMM (537317) | more than 12 years ago | (#3729316)

Well, you read slashdot. That quite explain itself.

Eat it ACs (-1)

Whistler's Mother (539004) | more than 12 years ago | (#3728960)

Fuh Cube Itchs

Death to UCE (1, Interesting)

jazzbotley (581155) | more than 12 years ago | (#3728962)

Kill 'em all. I hate SPAM.

Re:Death to UCE (0)

azadism (578262) | more than 12 years ago | (#3729282)

Well put. Nice, simple and I tottaly agree.

First CLIT post! (-1)

perl_god (578135) | more than 12 years ago | (#3728967)

Props to tha child(fork)in' CLIT. AC's and Janitors must eat death!

Alanis would love this. (5, Funny)

Bilestoad (60385) | more than 12 years ago | (#3728969)

And the first thing the story about the spam-battling startup does is to load some popup advertising.

Wonderful.

Re:Alanis would love this. (2)

ceejayoz (567949) | more than 12 years ago | (#3729118)

Yeah, except that you choose to come here. You've got the option to not read Slashdot.

Re:Alanis would love this. (2)

thesolo (131008) | more than 12 years ago | (#3729154)

And the first thing the story about the spam-battling startup does is to load some popup advertising.

Simple solution: Use Mozilla, and turn off unrequested popups. I haven't seen one in months.

yo ho ho (-1)

IAgreeWithThisPost (550896) | more than 12 years ago | (#3728971)

three clits in a row

care for some tubgirl? [redcoat.net]

Re:yo ho ho (-1)

perl_god (578135) | more than 12 years ago | (#3729008)

I think I'm in love with TubGirl.......

Early Post! (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3728973)

This early post for Annabel Lee! The Seychelles will kick Greenland's ASS!

It was many and many a year ago,
In a kingdom by the sea,
That a maiden there lived whom you may know
By the name of
ANNABEL LEE;
And this maiden she lived with no other thought
Than to love and be loved by me.
I was a child and she was a child,
In this kingdom by the sea;
But we loved with a love that was more than love--
I and my
Annabel Lee;
With a love that the winged seraphs of heaven
Coveted her and me.

And this was the reason that, long ago,
In this kingdom by the sea,
A wind blew out of a cloud, chilling
My beautiful
Annabel Lee;
So that her highborn kinsman came
And bore her away from me,
To shut her up in a sepulchre
In this kingdom by the sea.

The angels, not half so happy in heaven,
Went envying her and me--
Yes!--that was the reason (as all men know,
In this kingdom by the sea)
That the wind came out of the cloud by night,
Chilling and killing my
Annabel Lee.

But our love it was stronger by far than the love
Of those who were older than we--
Of many far wiser than we--
And neither the angels in heaven above,
Nor the demons down under the sea,
Can ever dissever my soul from the soul
Of the beautiful
Annabel Lee.

For the moon never beams without bringing me dreams
Of the beautiful
Annabel Lee;
And the stars never rise but I feel the bright eyes
Of the beautiful
Annabel Lee;
And so, all the night-tide, I lie down by the side
Of my darling--my darling--my life and my bride,
In the sepulchre there by the sea,
In her tomb by the sounding sea.

grammer! (1, Offtopic)

RogueProtoKol (577894) | more than 12 years ago | (#3728975)

its there not their

we should start a fund to send all /. staff to a school of english :)

Re:grammer! (0, Offtopic)

acrollet (415006) | more than 12 years ago | (#3729000)

and it is:

it's there, not their
^

it's == it is
its == the possessive of it

Re:grammer! (2)

CaseyB (1105) | more than 12 years ago | (#3729105)

It's a law that any spelling/grammar flame must contain at least one spelling/grammar mistake. This one's got several.

grammer != grammar (0, Offtopic)

ABetterMan (579589) | more than 12 years ago | (#3729028)

heheh :)

Re:grammer! (0, Offtopic)

chowbok (467829) | more than 12 years ago | (#3729029)

It's "it's", not "its". Don't throw stones.

Re:porno! (-1)

L0rdkariya (562469) | more than 12 years ago | (#3729152)

It's "tits", not "it's". Get your breasts right.

Re:grammer! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3729031)

we should start a fund to send all /. staff to a school of english :)

You started a sentance without a cap. and you ended it with an emoticon? Not to mention refering to the English language improperly (hint: it kinda gets a cap. as well).

Re:grammer! (0)

Anonymous Coward | more than 12 years ago | (#3729101)

to further clog the DB tables, You started a sentence with "You started a sentance ..." Yeesh, the trolls are weak.

Re:grammer! (0)

Anonymous Coward | more than 12 years ago | (#3729138)

It's a law that any spelling/grammar flame must contain at least one spelling/grammar mistake. This one's got several.

- CaseyB

Re:grammer! (0, Offtopic)

splume (560873) | more than 12 years ago | (#3729036)

And it is "it's" not its.

Usage Note: Its is the possessive form of the pronoun it and is correctly written without an apostrophe. It should not be confused with the contraction it's (for it is or it has), which should always have an apostrophe.(http://www.dictionary.com/search?q=it% 27s)

Re:grammer! (0, Offtopic)

albalbo (33890) | more than 12 years ago | (#3729037)

Grammer?

Spelling!

Re:grammer! (0)

Anonymous Coward | more than 12 years ago | (#3729382)

*sigh* Sad. It's not its. Perhaps we should send you to a school of English as well. Oh, and by the way, It's grammar.

impaling.... (0, Redundant)

Silverstrike (170889) | more than 12 years ago | (#3728977)

Spammers need to be impaled on long barbed spikes. I think that the Slashdot Community wouldagree with me [slashdot.org]

Re:impaling.... (3, Funny)

Alien54 (180860) | more than 12 years ago | (#3729077)

Spammers need to be impaled on long barbed spikes.

No, I long ago suggested spam licenses where we get to go out and give each spammer a bright orange flow in the dark permanent eartag, complete with animal tracking collar. Then we can heard them up and stampede them over a cliff or something.

spelling correction (1)

Alien54 (180860) | more than 12 years ago | (#3729119)

argg need coffee

flow in the dark = glow in the dark

heard them up = herd them up

[set head band mode = 1]

Re:impaling.... (0)

Anonymous Coward | more than 12 years ago | (#3729151)

What have you got against long barbed spikes? I can hear them all scrambling to put on their teflon coats even now..

Plural (4, Interesting)

richlb (168636) | more than 12 years ago | (#3728981)

...which catches over a hundred spam for me each day.

Is the plural of "spam" really "spam"?

Re:Plural (0)

Anonymous Coward | more than 12 years ago | (#3729049)

Is the plural of "spam" really "spam"? Actually, "spam" is the plural form. There is no singular form of the word...it only appears in bulk.

Re:Plural (1)

sporty (27564) | more than 12 years ago | (#3729134)

Depends.. isn't one spam enough? Who would want two? Either the meat or the mail.

Re:Plural (1)

DrSkwid (118965) | more than 12 years ago | (#3729198)

yes it is
there are a plenty of nouns that work this way

some flour and some more flour is still flour
water
rice
salt
etc. etc.

Re:Plural (0)

Anonymous Coward | more than 12 years ago | (#3729216)

I hate to tell you this, but if it isn't plural.. it isn't spam! ;)

Bandwidth (4, Insightful)

Iscariot_ (166362) | more than 12 years ago | (#3728998)

Think of all the Bandwidth wasted on spam. (Downloading, and sending.) Before my cable provider charges me for spending too much time on the net because I'm using their precious data lines, I think they should get rid of those spammers.

Rather than a client side tool like SpamNet, I'd like to see something that sits along side mail servers.

Stop the spam before it gets sent!

Re:Bandwidth (1)

littlerubberfeet (453565) | more than 12 years ago | (#3729052)

He has a point, with the advent of charging for total data moved, not just bandwidth, we can now sue spammers for DIRECT MONITERY LOSSES. That rocks. Sucks if they are offshore though.

Re:Bandwidth (1)

Hualon (585189) | more than 12 years ago | (#3729062)

But is spam blocking really the responsibility of your ISP? I think that a user-tool is the best way to block this sort of thing. If anything, RoadRunner or whatever your ISP would be happy to continue your barrage of spam once their usage rules are in place. They simply have no incentive to block it before it charges you on the $.20 a meg program. But an ISP approach to blocking SPAM requires a rules-based approach. The parent article states that such approaches are too tedious to scale or update with any frequency. -Hualon

Re:Bandwidth (1, Insightful)

Jon Katz on Tuesday (578508) | more than 12 years ago | (#3729064)

Myth: Bandwidth is wasted on spam

Fact: In the overall since of things, bandwidth is plentiful and very cheap. While it may cost you or I an arm-and-a-leg for a DS1 or DS3 circuit - it costs your average telco very little. With all the huge pipes flowing into Tier 1 and Tier 2 ISPs, the amount of bandwidth used on sending you that 15k spam email is minimal comparied to you using P2P software to download coprighted songs.

So really you should be up-in-arms about the illegal downloading of music using P2P software when you talk about wasting bandwidth.

Re:Bandwidth (2)

skroz (7870) | more than 12 years ago | (#3729072)

That would be spamassassin. Works great for me. I catch over 95% of my users' spam, with only a single known false positive after three months of use. Combined with Vipul's Razor, it contributes to others' ability to catch spam, as well.

Re:Bandwidth (2)

bcrowell (177657) | more than 12 years ago | (#3729235)

Their method depends on a web of trust, with trusted users defining what's spam and what's not. So it makes sense to have something running on the user's end. Also, most users don't have any way to convince their ISP to put anything on the server side.

Signatures? (2, Interesting)

MarvinMouse (323641) | more than 12 years ago | (#3728999)

Just as a curiousity, are these signatures just checksums, or are they a more complex algorithm?

I would be interested to learn how these signatures are generated. Since if they are checksums, it will be reasonably easy to defeat (just change one letter in each e-mail message), but if they are something more complex it might become more difficult.

As well, it might prevent good mail from coming through if these signatures are too simple.

Anyone know details at all?

Re:Signatures? (1)

littlerubberfeet (453565) | more than 12 years ago | (#3729078)

Another problem: given the volume of spam sent, there are gonna be GIGS of checksums or algorithms to store in order to block the spam. Ouch, what am I going to do about the old sparC machine with the 500 meg drive that I use as an email server?

Re:Signatures? (4, Informative)

torpor (458) | more than 12 years ago | (#3729109)

Its way more complicated than that. Just read the "whats new" page for a good summary:

http://razor.sourceforge.net/docs/whatsnew.html

I'm frankly quite happy to see Razor come to fruition.

I had exactly the same idea for how to do this (with distributed signature databases) in '93 when I started a well known ISP. The plan was to offer spam-killing as a second-tier service to offer our customers, but alas: at the time, it was considered by management (read: VC) more profitable to allow open spam relays to our subscribers than it was to try to get subscribers to pay for a service like this, so the implementation details went nowhere.

Excellent to see it come to light in the form of working code, OSS style.

Their will? (0)

Anonymous Coward | more than 12 years ago | (#3729003)

...hopefully their will be Linux support..

They are going to put in their will to add linux support? Why not get some *before* they die?

Spamassassin works with razor ... (3, Insightful)

dzym (544085) | more than 12 years ago | (#3729005)

According to README.Debian ...
SpamAssassin is compatible with Razor, an online spam database. Get the package razor, maintained by Robert van der Meulen.

Re:Spamassassin works with razor ...it does (1)

HowlinMad (220943) | more than 12 years ago | (#3729073)

I use it with Debian and mutt. Great combination. Dumps all my junk into a junk mail directory where every once in a while I report them all and them delete them. since I run a small mailserver and some of my used use Windows I am glad to hear of this. They get thier SPAM marked and they use filets to keep them out of thier inboxes, but they have no way of reporting them. I amworking on a procmail recipe that will send them the SPAM anyway, but send a copy to me so I can report it. Hopefully this will become a moot point for me.

Gah! (2)

SkyLeach (188871) | more than 12 years ago | (#3729012)

If it works anything like existing P2P networks then It will take about a week to stop each spammer and block thousands of non-spam emails simply becuse they contain the same words commonly used by spammers.

:-)

Re:Gah! (1)

Leo Giertz (584210) | more than 12 years ago | (#3729058)

But they're not worth more than my £0.02. ;-)

Way to fact-check! (1)

nicwolff (91386) | more than 12 years ago | (#3729013)

Prakash drew inspiration for the company from the sci-fi novel A Fire Upon The Deep, by Stanford computer science professor, Vernon Ving

That's "Vernor Vingh".

Re:Way to fact-check! (1)

SpacePunk (17960) | more than 12 years ago | (#3729091)

"Prakash drew inspiration for the company from the sci-fi novel A Fire Upon The Deep, by Stanford computer science professor, Vernon Ving

That's "Vernor Vingh"."

That's "Vernor Vinge" you barbarian.

Way to make an incorrect correction! (1)

lokki (585269) | more than 12 years ago | (#3729098)

Try Vernon Vinge.

Excellent author, btw.

Re:Way to make an incorrect correction! ^2 (2, Funny)

SpacePunk (17960) | more than 12 years ago | (#3729156)

"Vernor Vinge"

If in doubt go to http://www.amazon.com/exec/obidos/ASIN/0812515285/ 102-0508855-7921755

Here's the URL... (5, Informative)

EnglishTim (9662) | more than 12 years ago | (#3729015)

http://www.cloudmark.com/ [cloudmark.com]

... because the guy who posted this obviously couldn't be bothered....

Spamassassin for Windows = Outlook? (2)

pieterh (196118) | more than 12 years ago | (#3729019)

So, does anyone actually know of a package using Vipul's Razor or similar that works on Windows and does not require me to switch to a MS product?

spambouncer -- nice procmail spam filter (1)

Sizban (105432) | more than 12 years ago | (#3729020)

check out spambouncer at www.spambouncer.org [spambouncer.org] . i've been using it for quite some time now, and it catches most all of my incoming spam. there's some stuff it catches that it shouldn't, but that can be tailored with custom procmail rules and a quick check over the bounce.incoming folder once in awaihle. and it's free and open source, of course.

I hate spam (0, Funny)

Anonymous Coward | more than 12 years ago | (#3729024)

I gotta stop reading Spam. My dick is 354 feet long and it is attracting far too many Linux hippies. :-(

Support and that stuff (1)

littlerubberfeet (453565) | more than 12 years ago | (#3729025)

WHat about Mac support? I am sure those with email servers using the Xserve line (however illogical) would want a product like this. Also, what about ways to differentiate legit newsletter mailings and spam? This has been a huge problem. Yahoo still dumps mail from my account into that Bulk folder that shouldn't be there.

Also, I want to know the technical details.
Anyone with links?
It would be nice to know how this actually works. P2P spam wars??

Re:Support and that stuff (1)

zaphod123 (219697) | more than 12 years ago | (#3729210)

The spamassassin program is called from procmail.
There are two ways to use it. One is a simple perl script that is invoked each time you receive mail. For sites that receive a large amount of mail, there is a daemon and client program.

Spamassassin gives each spam quality in an email a score. For instance, if the body of the message claims auto email removal, it gives the message a score of 1.750 plus anything else it finds. You can find all the scores at http://www.spamassassin.org/tests.html

Each user of spamassassin has a user_pref file where you can change the score required for an email to be considered spam. You can also blacklist or whitelist sites in the file.

All of the program is written in perl (except for spamc which is in C), so if you know a little perl you can get a more detailed explanation of it. :)

I surrender! (0)

Anonymous Coward | more than 12 years ago | (#3729026)

I give up. I've tried several anti-spam tactics, and they either:
  1. Let too much spam through
  2. Block some legitimate mail
  3. Or, require the sender to do something different, confusing them utterly.
I'll just post my credit card number and shipping address on my web page. Sent me all the junk you want to sell me, just stop sending spam!

Two questions: (1)

Mr Guy (547690) | more than 12 years ago | (#3729027)

1) Why outlook? I'd like this for Mozilla (Mailzilla?)

2) How is this a war? I hate unneeded escalation. War is when you fight an enemy you respect enough to fear. Invasions are when you fight an enemy you don't respect enough to fear. This is neither, this is more like ignoring an annoying child.

Re:Two questions: (4, Funny)

SpacePunk (17960) | more than 12 years ago | (#3729115)

It's a war!

Everything is a war!

War on Poverty!
War on Drugs!
War on Terrorism!
War on Spam!

TO ARMS! TO ARMS!
WAR DRAWS NIGH!

SpamAssasin (1)

howardjp (5458) | more than 12 years ago | (#3729034)

The WELL just installed it a week or so ago and it has been great! It tags correctly about 97% of the time and that is fantastic!

Now if they'd only get people's names right.. (2)

mrbill (4993) | more than 12 years ago | (#3729039)

>"Prakash drew inspiration for the company from the sci-fi novel A Fire Upon The Deep, by Stanford computer science professor,
>Vernon Ving, who wrote about a router the size of a planet "that could filter spam," Prakash said. "

Wow, I bet Vernor Vinge is happy about that one!

Re:Now if they'd only get people's names right.. (2)

the gnat (153162) | more than 12 years ago | (#3729248)

I cringed when I read that, but it's really cool that they cited "A Fire Upon the Deep". That was one badass book. Even if his galactic USENET doesn't make too much sense the way it's pictured in the book, the idea of an entire planet whose economy is based around routing network traffic is way cool. Vinge's is probably the most fascinating portrayal of a civilized galaxy that I've read, and (despite his odd contrivances, which I won't give away here) one of the most realistic. Certainly far more original than a "Galactic Empire".

Okay, I'm through trolling for Vinge. Anyone know of sci-fi works of comparable merit published in the past decade? I'd given up until I read his last two...

Link Ranking Wars (3, Interesting)

Alien54 (180860) | more than 12 years ago | (#3729042)

I figure that there are so many spammers ....

what if they got into the system and overloaded it while still small so as to promote their own links and to discredit the project? Just a wild thought, not that they would ever be that organized.

I am thinking of the recent Google ranking wars, for example.

for most folks using it, it would be enough to put them off their feed if the spammers polluted the data pool early and strongly enough. Presuming that the average user was not an expert user.

I see this as part of a larger problem of people pushing competing viewpoints on the web.

Alledged nasty group "A" against alledged heroic group "B" - gets messy when things like politics and religion get involved.

A question... (0)

SubMissionary (585480) | more than 12 years ago | (#3729043)

Does anyone else get the image of ninja's hurling canned ham at people when they read the name of this app?

SpamCop (4, Interesting)

Mwongozi (176765) | more than 12 years ago | (#3729057)

My e-mail is currently hosted at SpamCop [spamcop.net] , who do a pretty good job of filtering out spam before it even reaches my mailbox. They shunt spam into a seperate folder using the excellent SpamCop blacklist, and can also optionally use additional blacklists including SPEWS, Osirusoft, ORDB, Spamhaus, Monkeys.com, etc. etc.

Combine that with POP3, IMAP, and web access, and also the ability to suck mail out of existing POP3 accounts and I think it's excellent value.

No, they're not paying me to say all that, I'm just an extremely happy customer. :)

Re:SpamCop (1)

mixbsd (574131) | more than 12 years ago | (#3729399)

the ability to suck mail out of existing POP3 accounts

By which time the spam has eaten up bandwidth and briefly occupied space in your pop3 inbox, so there's still a chance that a legitimate mail could bounce due to lack of space.

Client-side "spam-eaters" are all very well and good for removing the annoyance factor, but they don't help with the economics of running a mail-server.

SpanBouncer is good too (2, Insightful)

chowbok (467829) | more than 12 years ago | (#3729061)

It's straight procmail, not perl-based. The main problem with it was that it hadn't been updated in nearly a year, but a new version finally came out last Friday.

Rime of the ancient spamfilter (1, Funny)

Ted Maul (582118) | more than 12 years ago | (#3729069)

It is an ancient spamfilter
And it stoppeth one in three
By the long domain list and pattern match
Now wherefore stopp'st thou FREE XXX PICS

The hotmail's doors are open wide
And I am OFFERING OPPORTUNITIES TO MAKE $$$$$
The guests are met, the preference set
May'st hear the merry INCHES ADDED TO YOUR PENIS

[That's enough Coleridge - ed]

Hey Ximian! (4, Interesting)

SLot (82781) | more than 12 years ago | (#3729080)

This would be a welcome feature addition for Evolution.

masses = outlook (2, Insightful)

rainTown (536725) | more than 12 years ago | (#3729087)


The company does face challenges. It is charged with transforming a tool that's geared for a small Unix developer community into a product for the masses....

Cloudmark's solution requires a free plug-in that plays a minor role in the background of Microsoft's Outlook, the only e-mail client that the product is currently available for.


hmmm having to choose between the lesser of two evils : spam or viruses, i dunno...

my one wish (0)

Anonymous Coward | more than 12 years ago | (#3729093)

anything to stop the half dozon "easy your celulite today!" and goatse.cx messages.

I'm skinny and hetrosexual, damnit.

Nilsimsa's popularity will be its own demise (5, Insightful)

intuition (74209) | more than 12 years ago | (#3729108)

Vipul's razor uses something they call "Nilsimsa" fuzzy signatures.

The signatures are used to determine how "close" the email that your are testing is in content to known spam. The source code of this hashing algorithm is publically available.

If this network ever became a real problem for spammers, they will simply use word substitution algorithms or any other number of simple methods to change the email until the nilsimsa's signatures are not close enough to flag the email as spam.

This was the problem with Vipul's razor version 1.0, which was discussed on slashdot, and this remains the problem in Vipul's razor 2.0

Yeah, I remember that discussion (0)

Anonymous Coward | more than 12 years ago | (#3729135)

But the key here, again, is cost to the spammer. If something like Razor becomes wide spread, spammers will now need to send each message individually, which requires more time and bandwidth. That may not shutdown the professional spammers, but it might make people doing simple bulk spamming from the ISP of the week think twice.

I'm all for anything that makes spammers pay.

-j

Re:Yeah, I remember that discussion (1)

intuition (74209) | more than 12 years ago | (#3729176)

So you say it won't shut down the "professional" spammer. As that is implied in my original arguement, I agree.

However, I contend further, it wont stop the "amateur" spammers either. All of the amateurs use some spam application that they probably have little idea of how it works, they just know that it does. Spam applications will be upgraded to defeat vipul's razor if it ever becomes popular. I will agree that it does add some extra computing cycles, but I think with a random word subsitution algorithm that relies on probability that the email won't be flagged as spam on the basis of existing signatures could be trivially implemented in linear time.

So to conclude if vipul's razor becomes popular, amateur spam application will contain simple algorithms to defeat it in close to linear time. Vipul's popularity will be its own undoing.

I absolutely agree this will be defeated quickly (0)

Anonymous Coward | more than 12 years ago | (#3729348)

by bulk mail applications.

But it still requires you to actually send out each email individually. You can't just connect to a server and upload the spam and then a long list of people who are about to get screwed over.

That's going to require more time and bandwidth and I'd think increase the chances that "amateur" spammers that don't know what they're doing will get shutdown for more obvious system abuse.

But then, with so many open relays out there... It might just be moot. Only time will tell.

-j

Re:Yeah, I remember that discussion (5, Insightful)

ahrenritter (187622) | more than 12 years ago | (#3729375)

I don't believe that computing cycles are the contention point here. The difference is in who is paying for the bandwidth. Consider these two hypothetical cases:

A. Not worrying about razor
The spammer loads up their spam program and gives it a dump file of five hundred thousand email addresses. It takes these, and using its knowledge of spam friendly networks, sends one copy of the spam to 500 different relay servers. Each server receives an identical e-mail with 1000 different bccs. The e-mail body is only 20k, adding the 1000 addresses gives you another 20k or so, so the spammer spends 20 megs in bandwith (20k+20k * 500 mails sent)

B. Worrying about razor
The spammer loads up their spam program and gives it a dump file of five hundred thousand email addresses. It takes these, and the message to be spammed, and sends a slightly modified message to each group of we'll say 10 addresses. This way, if one of the messages gets razor'ed, they only lose 9 possible reads. The spamware sends out 100 emails to each of the 500 spam friendly servers. The e-mail body is only 20k, and the 10 addresses only add 1k or less, so the total message is only 21k now, but it is sent out 100*500 times. The spammer has spent over 1 gig in bandwith now.

That doesn't come cheap.

fucking worthless (2)

Lord Omlette (124579) | more than 12 years ago | (#3729120)

Yahoo and CNet, I mean.

Cloudmark [cloudmark.com]
Brightmail [brightmail.com]

It doesn't work with Outlook Express 6 so I'm in no position to test it :(

Spamassassin over Spambouncer (5, Informative)

waldoj (8229) | more than 12 years ago | (#3729149)

I've run both Spamassassin and Spambouncer. For the curious, I prefer Spamassassin, and here's why.

I was very impressed with Spambouncer. It was the first spam-heuristic system that I'd used (previously, I'd relied solely on MAPS, ORBS, ORDB, RBL, etc.), and I was very impressed. I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.) That worked very well, and I was happy with Spamassassin. The odd piece of spam would get through, and I still had 1:100 legitimate messages get put in my spam folder. But it made my life much simpler.

Then I tried Spamassassin. The big reason was because I wanted to take part in Razor and know that I was a part of a collaborative process. Also, Spambouncer hadn't been updated in months, which struck me as odd. But I also just wanted to try something different. I found that Spamassassin was better. Not in a way that made Spambouncer look bad, it was just clear that Spamassassin was a superior product. For example, Spamassassin provides a complete scoring in the headers, so you know exactly what criteria caused the message to be block. And I never had to set up a whitelist -- it just works. I still get that tiny little bit of spam that gets through, no more or less than with Spambouncer, but that's really not a complaint. It's very, very rare that a legitimate piece of mail gets caught up in the system. Best of all, the nonexistent addresses on my system that spammers have somehow discovered (big@waldo.net, aldo@waldo.net) can be forwarded via my aliases table to Spamassassin's (Or is it Razor's? I forget.) server to be automatically added to their honeypot collection.

I'll stick with Spamassassin, I think. It appears to be the most mature, stable, simple, straightforward spam filtering product available today. For those looking to set up server-side spam filtering, I highly recommend it.

-Waldo Jaquith

Re:Spamassassin over Spambouncer (0)

Anonymous Coward | more than 12 years ago | (#3729267)

For the curious, I prefer Spamassassin


What about for the apathetic?

Not English, Slashdotlish (1, Redundant)

twoflower (24166) | more than 12 years ago | (#3729236)

"throw my props "?

I wish I knew what these people were talking about sometimes.

Client-side spam filters (2, Interesting)

WG55 (153191) | more than 12 years ago | (#3729252)

Are client-side spam filters a good idea any more? It seems to me
that if I have to reject spam at the client end, the damage has already
been done, in that I have already paid for the spam coming through
the network.



Lately I've started actively finding the source of the spam and
alerting the postmaster that their server has been cracked. Am I
wasting my time, or should I just be deleting the stuff without
worrying about it?

SpamAssassin problems. (0, Flamebait)

flamingcow (153884) | more than 12 years ago | (#3729270)

1) PERL is wonderful for admin scripts, and not too great for systems that have to parse large chunks of mail. It's just not fast enough in an enterprise environment.

2) DCC doesn't recognize MIME parts or do fuzzy checksumming. The lack of both makes it trivial to make spam/viruses that get around it.

SpamAssassin wasn't an option for my ISP because of these issues, so I wrote MessageWall [messagewall.org] to do most of SpamAssassin's work with enterprise-level speed.

Re:SpamAssassin problems. (1)

Dossy (130026) | more than 12 years ago | (#3729331)

Nice work on MessageWall -- I was thinking of building something like this just the other day.

As a potentially viable commercial product, I was also thinking of using the same "core design" you used for MessageWall (I came up with the same idea) to create a Win32-based POP/IMAP proxy, so that desktop users can take advantage of these features (in case their ISP doesn't).

Does anyone else see any interest in something like this?

-- Dossy

Only 700 (2, Funny)

Launch (66938) | more than 12 years ago | (#3729271)

"700 per person this year. "

are you kidding me... my hotmail acct gets over 100 a day... At least I know for every week I keep that e-mail address some lucky guys doesn't get spam for a whole year... But then again he isn't going to get his college degree from a non-acredited college or meet girls that just turned 18 and decided to put a webcam in their shower... and let's not forget the 1000s I'm gonna make when this african prince moves all his money into US banks.

unsolicited [ commercial | bulk | junk ] email (4, Funny)

Martin Spamer (244245) | more than 12 years ago | (#3729299)

This is unsolicited bulk/commercial/junk email, it is not Spam and these are not Spamer's, Spamer is a proper surname, my surname.

Now experience has told some will not believe this and think it's a troll so 1) check my posting history, I don't troll and 2) here is my entry in the UK online phone directory.

http://ukphonebook.lycos.co.uk/servlet/Search?sk in =lycos&type=residential&pagesize=10&name=Spamer&lo cation=Hull&initial1=&initial2=

Yes, my name really is Martin SPAMER;
Yes, it really p!$$ me off when people abuse my name;
Yes, it does cause me no end of grief;
Yes, I've heard all the wise cracks before;
No, I don't find them funny.
No, I refuse to be bullied into using an alias, how would you feel if I equated your name with thieving scumbags.

So if you wish to get on my bright side, do not use the term Spam or its derivatives use the term(s) unsolicited [ commercial | bulk | junk ] email.

thank you.

Martin Spamer

Re:unsolicited [ commercial | bulk | junk ] email (1)

meringuoid (568297) | more than 12 years ago | (#3729387)

I think you'll be fighting a losing battle. Spam is no longer just meat... But the generally accepted term for 'one who spams' is 'spammer', with two 'm's. So, go forth and spelling-flame!

Incidentally, Hormel, the company that actually makes SPAM tinned meat, gets picky about this too. They have no problem with 'spam' being used to mean 'junk email' but prefer it to be lower-case. Their trademark is SPAM. So you haven't been sent SPAM, you've been sent spam...

Perhaps (0)

Anonymous Coward | more than 12 years ago | (#3729413)

What's the first thing you think of when someone says "bulk" to you? How about "commercial" or "junk"? (Not to mention "junk"s usage in common speech, like, Bro, gimmie my junk.)

Spam is the only term where it's understood that it was intended to be succeeded by email.

Sorry guy, but it's just easier and more elegant to say "spam" than "unsolicited email" or "junk email".

What can I say? I get spam, and it sucks.

-j

Razor for the Masses (2)

peterdaly (123554) | more than 12 years ago | (#3729319)

"Razor for the Masses"

I was thinking one of the silly metal scooters...

-Pete

Have Your Cake and Eat It Too (5, Informative)

pjrc (134994) | more than 12 years ago | (#3729323)

I've been using Razor with Spamassassin for many months. All you need to do it install the razor package (and the various perl modules it wants), and then add a line like this in your .spamassassin/user_prefs file:

score RAZOR_CHECK 5.0

I've also got the other "network tests" enables (blacklists), but I assign them low scores since they have a lot of false positives.

Using spamassassin with razor and the blacklists really works. My spam file has 836 spams automatically filtered between March 1 to today, June 19. Of those 836 messages, 511 have the RAZOR_CHECK string in the "X-Spam-Status" line that spamassassin adds to the header.

Not too bad, considering Razor uses a rigid message digest that fails if the spammer adds any "random" content to the messages. Saddly, it seems like that's becoming more common. Rumor has it that Razor is someday going to use "fuzzy" matches with one of two algorithms that somehow accomplish such a feat. Anyone know when/if this is supposed to happen??

Problems with these types of spam tools (1)

The Turd Report (527733) | more than 12 years ago | (#3729416)

They are not going work well. Some spam has to be transmitted and delivered before it can be added to the system. Once the spam is recieved at the mail server, the spammer considers it delivered; he will still get paid.

Add blocking at an IP level on the mail server or router for better results.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...