Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ending Spam

timothy posted more than 9 years ago | from the overdue dept.

Spam 184

Shalendra Chhabra writes "Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003, and has now released a full-on technical book, Ending Spam, on spam filtering. Ending Spam covers how the current and near-future crop of heuristic and statistical filters actually work under the hood, and how you can most effectively use such filters to protect your inbox." Read on for the rest of Chhabra's review.

Spam (unsolicited commercial email) and phishing (fraudulent emails) are causing losses of billions of dollars to businesses. Many initiatives are currently underway for fighting this challenge. On the legal front, a Virginia court recently sentenced a prolific spammer, Jeremy Jaynes, to nine years in prison, and a Nigerian court sentenced a woman to two and a half years for phishing. Michigan and Utah have both passed laws creating "do-not-contact" registries in July/August 2005, covering e-mail addresses, instant messaging addresses and telephone numbers. Technical initiatives to fight spam include server- or client-side spam filtering, using Lists (Blacklists, Whitelists, Greylists), Email Authentication Standards (IIM, DK, DKIM, SPF, SenderID), and emerging sender reputation and accreditation services.

Ending Spam is the first book explaining the fine details of the theoretical models and machine-learning algorithms implemented in these filters. The book is divided into three parts: introduction to spam filtering, fundamentals of statistical filtering, and advanced concepts of statistical filtering.

The first section of the book discusses the history of spam, spam kings, different approaches for fighting spam such as blacklisting, whitelisting, heuristic filtering, challenge response, throttling, collaborative filtering, Authenticated SMTP, Sender Policy Framework and SenderID, spammer fingerprinting, etc. However, the author omitted any mention of locally-sensitive hash functions (such as Nilsimsa Hash) to counter spammers' random insertion of words, the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart), Greylisting, Identified Internet Mail, and Domain Keys (now Domain Keys Identified Mail).

In the next chapter, the author clearly explains various components of a Language Classifier Pipeline, including the Historical Dataset (aka wordlist, database, dictionary, filter memory), Tokenizer, and the Analysis Engine with its feedback loop. However, the process flow of a language classifier could have been more generalized, e.g. incorporating an initial text-to-text transformer. This chapter also covers the advantages and disadvantages of various training modes for filters, such as Train Everything (TEFT), Train-on-Error (TOE), and Train Until No Errors (TUNE). This part concludes with the description of Paul Graham's famous spam-filtering technique using Bayesian classification (as described in "A Plan for Spam"), Gary Robinson's Geometric Mean Test, Fisher-Robinsons Inverse Chi Square (including the source code for the inversion function), and some other tricks for optimizing spam- filtering accuracy.

The second part of this book deals with the fundamentals of statistical filtering. The author explains HTML and Base64 encoding, followed by a detailed description of tokenization techniques (e.g. Sparse Binary Polynomial Hashing). Then there's a discussion of the various tricks that spammers use for penetrating filters. Although these tactics are mentioned in John Graham-Cumming's "Spammers Compendium," Jonathan has very elegantly explained why some tricks work for spammers and some don't. This part concludes by addressing some of the resource, storage and scaling concerns raised by the large number of features generated from tokenization techniques.

The third part of this book deals with advanced concepts of statistical filtering. This includes the testing criteria for measuring accuracy of an email filter, and some advanced tokenization concepts, e.g. chained tokens (taking word-pairs and phrases into account, instead of individual words) generated using a sliding 5-byte window as mentioned in Sparse Binary Polynomial Hashing. The next chapter describes the Markovian Model implemented in the CRM114 Discriminator, but the author fails to describe different weighting schemes for features implemented in the Markovian-based version of CRM114. The author then describes the Bayesian Noise Reduction Technique for purging "out of context" data from the mail text. This chapter concludes with a very nice summary of collaborative algorithms and techniques, such as Message Innoculation, Streamlined Blackhole List, Fingerprinting, Automatic Whitelisting, URL Blacklisting, and Honeypot email addresses for snaring spammers' address harvesting bots.

The most interesting part of this book is the appendix, where the author presents interviews with John Graham-Cumming of POPFile, Brian Burton of SpamProbe, Marty Lamb of TarProxy, Bill Yerazunis of CRM114 Discriminator, and Jonathan Zdziarski of DSPAM (himself). I loved this section.

The salient points of the book: it's very easy to read; each chapter begins with a very thought-provoking introduction, and concludes with a crisp "final thoughts" section. The number of technical errors are very few in this print, and the illustrations are of good quality. Since the book is geared more toward the Bayesian and statistical generation of spam filters, the absence of certain spam-busting technologies is acceptable. However, a noticeable omission is the lack of discussion about measuring spam-filter accuracy, and what impact this has on setting filtration thresholds. A section on the economics of tradeoffs, and the use of a Receiver Operating Characteristic curve (ROC) would have been very helpful.

Overall, by putting together Ending Spam, Jonathan Zdziarski has made another significant contribution (after DSPAM) to the anti-spam community. Whether you are a system administrator, anti-spam researcher, engineer or a newbie interested in fighting spam, this book is a great reference.


William S Yerazunis and Richard Jowsey also contributed to this review. Shalendra Chhabra is a Graduate Student in Department of Computer Science and Engineering at University of California, Riverside. He is on the development team of CRM114 Discriminator and has presented his work at MIT Spam Conference 2005, Cisco Systems, and Stanford University. You can purchase Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

*Clears Throat* (-1, Troll)

Asshat Canada (804093) | more than 9 years ago | (#13325252)

Apple is still gay.

Question (-1, Troll)

Anonymous Coward | more than 9 years ago | (#13326021)

are you clearing your throat because it was full of cum?

You can't have both... (3, Insightful)

TarryTops (888130) | more than 9 years ago | (#13325276)

The openness eill have to pay it's cost. and spam is one such pest. You can develop better strategies for pest control. But in the end it's a trade off.

Bill Gates promised to end it (2, Funny)

Anonymous Coward | more than 9 years ago | (#13325291)

Why worry about spam? Bill Gates promised to end spam by early next spring. (It's marked in my calendar along with the link to where he promised, but not with me in my PDA right now.)

Re:Bill Gates promised to end it (1)

Radres (776901) | more than 9 years ago | (#13325604)

Whoa, you weren't joking [detnews.com] .

Like most parasitic maldies (1)

Stanistani (808333) | more than 9 years ago | (#13325294)

I'm wondering... will UCE (Spam) be like malaria... controllable in most areas but impossible to eradicate?

Or will these dedicated folks and others be able to eliminate it, perhaps by changes to the mail protocols?

Re:Like most parasitic maldies (0)

Anonymous Coward | more than 9 years ago | (#13325363)

UCE, is that like a UFIA?

Is spam a parasitic malady and, if so, what next? (4, Insightful)

WillAffleckUW (858324) | more than 9 years ago | (#13325390)

I'm wondering... will UCE (Spam) be like malaria... controllable in most areas but impossible to eradicate?

Or will these dedicated folks and others be able to eliminate it, perhaps by changes to the mail protocols?


Interesting question that, considering my work involves malaria.

My guess is that, like malaria and most parasitic infestations, we will at some point develop a "cure". The "cure" will work for a few years, after which the parasite (spam) will have adapted, surviving until then in different hosts (old windows machines donated to Africa, who knows). Then, having developed a new trick, it will come back as strong as ever.

Biology teaches us that organisms adapt to changing environments, thru selective breeding (natural), point mutations, and unforseen combinations (see the H51N avian influenza). We can develop cures, but once we do so, we can be fairly sure that, baring species extinction, it will develop methods to cope with our cures.

An easy solution would be to move to IPv6 - but this, like authentication, will only kill off the spam which doesn't use "trusted email clients that are identified" while the spam that can survive will be encouraged to spread like wildfire.

So long as the fiscal, legal, and societal penalties for spamming are fairly low and the rewards are high, and while most people do nothing about it, it will spread.

Re:Is spam a parasitic malady and, if so, what nex (2, Interesting)

-brazil- (111867) | more than 9 years ago | (#13325512)

Bad analogy. Spam is not an organism or infection. It is a business model. It does not "survive" in computers, but in a combination of economical, technical and legal conditions. Once those conditions become strongly unfavorable to the business model, there isn't really much that adaption can do. Selling "snake-oil" wonder cures used to be a really big, widespread business model. Better-informed consumers and increased regulation of the market for medicine have all but eradicated this practice. It survives, but in a much-changed and diminished form.

If it's a business model, where's the underwear? (2, Interesting)

WillAffleckUW (858324) | more than 9 years ago | (#13325651)

Bad analogy. Spam is not an organism or infection. It is a business model. It does not "survive" in computers, but in a combination of economical, technical and legal conditions.

True and False.

Spam acts like a parasitic organism, due to the favorable conditions for the business model. It does, in some cases, actually "survive" in certain computers, which are spam zombies that spew out spam from a spam source - in fact, there are a few at the other UW (in Wisconsin) which utilize the identified computers there to get thru the filters here (in Seattle).

Informing consumers is highly unlikely to stop this behaviour - or else AIDS/HIV would have been halted. Some consumers are highly resistant to changing their behaviour, don't think it's important, or it's such a good deal what would it hurt.

And, like the malarial mosquito, spam uses those responders (infected persons) to download more spam zombie software, since they tend not to be technical enough to remove the infection.

Re:If it's a business model, where's the underwear (2, Interesting)

-brazil- (111867) | more than 9 years ago | (#13325773)

It does, in some cases, actually "survive" in certain computers, which are spam zombies that spew out spam from a spam source

That's not survival in the "organism" analogy, since a zombie will not send spam without a source, which will be gone when the business model is not workable, and especially not cause new source to appear.

like the malarial mosquito, spam uses those responders (infected persons) to download more spam zombie software, since they tend not to be technical enough to remove the infection.

You're mixing up the spreading of "zombie" software that is used to send spam with the spreading of spam itself.

I totally agree that computer worms/viruses work very much like an infectious disease. But they are merely one tool that spammers use, not identical with the phenomenon of spam as such.

Re:If it's a business model, where's the underwear (2, Interesting)

WillAffleckUW (858324) | more than 9 years ago | (#13325871)

I totally agree that computer worms/viruses work very much like an infectious disease. But they are merely one tool that spammers use, not identical with the phenomenon of spam as such.

Just as a mosquito is merely a tool the malarial parasite uses to spread itself.

Let's say we knock out something that permits mosquitos to infect human hosts. Chances are that it might only partially impact malarial infections of non-human hosts. The impacted malarial bug, provided it survives and breeds, may then decide to use another vector to complete the infection.

Same with spam - we can knock out the zombies. We can knock out the spam kingpins. We can make the email transmission more secure - it migrates to cell phones or text messages or video messages. Unless we go for species extinction, it is likely that it won't die, but will instead change.

Nowadays I rarely see pop-under ads any more - due to using different browsers - but now ads show up that are movies, which really burn up my bandwidth. To kill off those ads, I would have to disable the very useful site portions that i do want.

So long as the evolutionary niche exists that permits spamsters to make a buck or two from sending spam, so long as people don't turn in most spam, so long as some people buy from spamsters, and so long as most spamsters don't serve long jail sentences and are never caught, it is highly unlikely that spam will cease to exist.

Re:If it's a business model, where's the underwear (2, Insightful)

-brazil- (111867) | more than 9 years ago | (#13326098)

Just as a mosquito is merely a tool the malarial parasite uses to spread itself.

Except that spam does not use zombies to spread itself, SPAMMERS use zombies to spread spam.

Your analogy is simply flawed. Spam is NOT an organism. It does NOT "survive" somewhere, adapt and spread from the places where it survived.

And we certainly DO go for "species extinction", by eliminating the conditions that make spam practicable and profitable. You enumerate some of those conditions yourself in the end.

Re:If it's a business model, where's the underwear (2, Insightful)

WillAffleckUW (858324) | more than 9 years ago | (#13326236)

Except that spam does not use zombies to spread itself, SPAMMERS use zombies to spread spam.

Your analogy is simply flawed. Spam is NOT an organism. It does NOT "survive" somewhere, adapt and spread from the places where it survived.

And we certainly DO go for "species extinction", by eliminating the conditions that make spam practicable and profitable. You enumerate some of those conditions yourself in the end.


If it looks like a duck, and it quacks like a duck, and it paddles like a duck, you want me to check to see if it's a robotic assembly of nanobots pretending to be a duck.

Nah. My point is/was - not that I brought up the biological equivalency of spam to malaria (someone else did, and i said it isn't, but it could be thought of that way) - that even should we find a "cure" for spam, it would come back so long as the underlying model rewarded the spamsters in some way to continue to perpetuate.

So long as up to half the population won't report spam - in fact, it's more like 99 percent;

So long as enough people buy from spamsters to make it economically rewarding - which it is;

So long as the penalty is remote enough or far enough in the future to be ignored - which it is;

And so long as society encourages the pursuit of wealth above moral/ethical standards - which it does;

This won't change.

Sure, you can plug up a hole in the dike. I can - and do - turn in spamsters. But they will migrate and adapt.

Are they infectious diseases? Sometimes, see the use of zombies.

Can we truly eradicate them - no, because people will replace the prior spamsters so long as the afore-mentioned conditions perpetuate.

Want to cut down malaria? First, find easy methods of improving sanitation that allows it to perpetuate. Then find ways to interfere with the malarial infection of humans. If you do it backwards, it's likely that many places will still spread it. Because not everyone is rich like we are.

Same goes for spam - find ways to make it unrewarding for people to buy from spamsters (e.g. sell Viagra etc cheap, offer open source versions of office cheap - that's what they sell), find ways to make it bad to be a spamster, and then batten down the hatches with new protocols.

Re:Is spam a parasitic malady and, if so, what nex (3, Interesting)

jonbryce (703250) | more than 9 years ago | (#13325896)

Spam may not be an organism or an infection, but the people who send it are. So I think it is a perfect analogy.

Re:Is spam a parasitic malady and, if so, what nex (2, Insightful)

-brazil- (111867) | more than 9 years ago | (#13326011)

No, because the anti-spam measures do not aim to kill those people, only to make them stop sending spam. Furthermore, spammers are not a separate species and do not reproduce (as spammers).

Re:Is spam a parasitic malady and, if so, what nex (3, Funny)

Tony Hoyle (11698) | more than 9 years ago | (#13326164)

No, because the anti-spam measures do not aim to kill those people

Yet.

Re:Is spam a parasitic malady and, if so, what nex (0)

Anonymous Coward | more than 9 years ago | (#13325663)

So long as the fiscal, legal, and societal penalties for spamming are fairly low and the rewards are high, and while most people do nothing about it, it will spread.

I agree wholeheartedly... Most technological screening solutions would only be a temporary remedy. In the long-run it will be stricter legislation that will impede spammers efforts.

Re:Like most parasitic maldies (1)

tarquin_fim_bim (649994) | more than 9 years ago | (#13325489)

You will never eliminate spam until you eliminate the markets for the goods they purvey. String up all the small penised fellows with weak erections and we shall all be free.

Re:Like most parasitic maldies (1)

FragHARD (640825) | more than 9 years ago | (#13325967)

don't forget the fellow who need to refinance every 3 months ;)

Esprit d'Corps (5, Funny)

Shadow Wrought (586631) | more than 9 years ago | (#13325308)

While all of these different technological approaches to spam are worth pursuing, they just don't build the same esprit d'corps as a mob with pitchforks and torches at midnight.

Re:Esprit d'Corps (0)

Anonymous Coward | more than 9 years ago | (#13325426)

they just don't build the same esprit d'corps
That's "esprit de corps", the apostrophe is used when it's next to a vowel ;)

Re:Esprit d'Corps (1)

Shadow Wrought (586631) | more than 9 years ago | (#13326029)

You know I initially wrote it as esprit de corps but I thought I was mangling it. That's what I get for thinking...

Sorry for the flamebait but (1, Funny)

suso (153703) | more than 9 years ago | (#13325312)

"Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003,"

Awww, poor babies. That's a long time to fight spam.

Re:Sorry for the flamebait but (5, Informative)

Stanistani (808333) | more than 9 years ago | (#13325354)

From:
HERE [castlecops.com]

"ABOUT THE AUTHOR:
Jonathan A. Zdziarski has been fighting spam for eight years, and has spent a significant portion of the past two years working on the next generation spam filter DSPAM. His research in algorithmic theory and neural networking has led to the development of many new approaches in language classification, and he has played a key role in designing some popular algorithms in use today, including Message Inoculation, Bayesian Noise Reduction, and the first functional Neural Networking algorithm for spam filters. Zdziarski lectures widely on the topic of spam and was a speaker at the 2004 and 2005 MIT Spam Conference.
"

The best way to fight spam (5, Funny)

WillAffleckUW (858324) | more than 9 years ago | (#13325327)

is with a knife, a spatula, and a frying pan, preferably over a hot wood fire.

Yum!

Re:The best way to fight spam (1)

E-Rock (84950) | more than 9 years ago | (#13325984)

Are you sure? I thought the safest thing to do was to throw it in the trash and then empty the trash. (Works on both the meat simulation and e-mail varities)

Score -5 Outdated. (2, Insightful)

Anonymous Coward | more than 9 years ago | (#13325332)

As with any book of this type, it is outdated by the time it reaches the shelves. The spam battlefield changes on a daily basis and the tools used to fight the battle, change with it daily.

By the time a book has been written edited, proof read(though many publishers skip this part), type set, printed, distributed and sold, it no longer resembles the technology.

Fundamentals Don't Change Much/Fast (2, Interesting)

billstewart (78916) | more than 9 years ago | (#13325670)

Sure, some details will change, and spammers and anti-spammers will pick up new tricks and abandon old ones, and the percentages of email that are spam will keep changing (normally up, but I saw one recent article saying it had dropped significantly in the last year.) But most of the fundamentals don't change much, or at least not very fast. Filtering techniques, Bayesian analysis, collaborative filtering, etc. are a solid core of knowledge that will continue to be useful.

Rule 1 (Spammers always lie) won't change, though occasionally they'll think of new things to lie about. Rule 2 (Spammers are Stupid) won't change, though of course some spammers violate this rule, and some spammers can hire smart people to work for them, and enough of them are sufficiently persistent skr1pt k1dd13z that it sometimes makes up for stupidity.

The latest and greatest spam-blocking technique will last a while before spammers find a way around it - it's somewhat of a losing game, because if it works well enough to be widely popular, it becomes a target for spammers to work around, though if it's effective and obscure, it'll work for you and your friends for a lot longer.

PC users will continue to run insecure operating systems without administering them well, so there'll always be zombies for spammers to abuse. Windows automatic updates will gradually help this, but not only will new OS bugs get discovered frequently, but users will insist on running trojan horses that pretend to be new amusing programs, breaking any semblance of security.

Am I really that old?!? (-1, Offtopic)

Otter (3800) | more than 9 years ago | (#13325345)

Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003...

OMTFG! Since 2003!!!! I just got a (admittedly sketchy looking) Milky Way out of the vending machine with an expiration date in 2003.

What we learn:

1) Damn, I'm getting old.

2) I must be the only one here who eats Milky Ways.

dude Milky Ways suck (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13325462)

You got caramel, nougat, and chocolate...why not eat a Snickers? Peanuts too much for ya?

Re:dude Milky Ways suck (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13325644)

Fuck nuts.

Re:dude Milky Ways suck (1)

Ass, Ltd. Ho! (714400) | more than 9 years ago | (#13325648)

Some people have allergies. Be sensitive.

From the Milky Way package (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13325914)

"This product is processed in a factory where there are just hella nuts, man. Nuts all over the damn place. Seriously, there are a lot of nuts around here."

So unless this guy is like the Evel Knievel of nut-allergic candy bar eaters, there's no excuse for not getting the vastly superior Snickers bar. I still posit that the original poster is not manly enough to handle it.

Re:dude Milky Ways suck (0, Offtopic)

Dunbal (464142) | more than 9 years ago | (#13325910)

Obligatory comment:

I have a peanut allergy you insensitive clod!

Re:dude Milky Ways suck (0)

Anonymous Coward | more than 9 years ago | (#13326150)

Obligatory dismantling of your post:

1. Milky Ways do not have peanuts.
2. "Blah blah blah, you insensitive clod" is old and unoriginal (as is "I, for one, welcome our X overlords" and "1. Blah. 2. ?? 3. Profit!").
3. Die.

Re:dude Milky Ways suck (0, Offtopic)

Dunbal (464142) | more than 9 years ago | (#13326216)

Obligatory rebuttal:

      Although Milky Ways do not have peanuts, if you had bothered to read the parent the poster was talking about Snickers, which does!

      We all die. Race ya!

You can't catch it all (2, Insightful)

solodex2151 (700977) | more than 9 years ago | (#13325350)

Spam will continue to disguise itself as legit email. You can try to filter it out and set more strict filters but catching legitimate mail is far more likely to happen. In the end, you have to make a trade off and practically accept some spam.

Re:You can't catch it all (1, Interesting)

MightyMartian (840721) | more than 9 years ago | (#13325437)

The root problem is with SMTP. We can try to patch it up with SPF and SenderID, we can try to find ways of putting identifiers on emails, but at the end of the day the protocol itself was built in a simpler age.

The ultimate solution will come when we move to a new-generation mail delivery system. But the day is a long ways off, because the sheer cost of implementing such a system and the necessity of having it integrate with older SMTP systems for the years required for large-scale adoption means that spammers have a healthy length of time to irritate us.

Re:You can't catch it all (4, Interesting)

plover (150551) | more than 9 years ago | (#13325614)

You've missed the last two years in spammer technology, haven't you?

Spam is no longer simply the domain of a giant server with a huge database. It's increasingly being sent out by zombie PCs, infected with viruses or trojans. Spammers pay the zombie-farmers to send their crap. Zombies send the email masquerading as the PC owner, using their credentials. Sender-ID? No problem, he's got one. SMTP? Sure, use the victim's server.

Zombies mean that no matter what technology is used for sending validated, signed, pre-paid, whatever email, the zombies will have access to those resources and will still spew their crap. No anti-spam server technologies are going to prevent Windows machines from getting infested.

Re:You can't catch it all (4, Interesting)

MightyMartian (840721) | more than 9 years ago | (#13325684)

I'm well aware of the zombie problem (having been the recipient of very nasty distributed dictionary attacks). The way that mail ought to work is that any system without an MX record ought not to be permitted to send email to an MTA. Unfortunately for a variety of reasons (from legitimate to pure incompetence or laziness) many mail servers do not have MX or reverse records, and because sufficient amounts of legitimate email come from such servers, and because there is no line drawn between MTA and MUA (all go through port 25TCP), zombies can quite happily spread havoc.

The first step to a new mail system is to assure that only legitimate and properly configured mail servers honoring MX records on outgoing mail (or whatever ends up replacing MX records) can expect delivery. Mail admins' hands are tied by stealth systems or badly configured ones, but if we do try to implement the no-MX rule, which would eliminate the zombie attacks, we end up shutting out systems that, for whatever reason, don't publish an MX record for outgoing servers.

Zombies ought to be the easiest thing to shut down by a) not permitting non-MTA machines to push anything beyond the network via port 25 and b) publishing both incoming and outgoing mail servers.

Re:You can't catch it all (1)

51mon (566265) | more than 9 years ago | (#13326271)

First someone needs to invent a methodology for communication that prevents spam.

No good saying SMTP is broke, if you don't say how to fix it conceptually. Otherwise the solution will end up as spam free as SPF is (SPF never set out to stop spam, but to stop impersonation, but that isn't how it was sold).

Ultimately the protocol has to have a way to shifting costs to the sender, or at least offer that option , and these costs may have to be larger than the cost of the communication itself (which may be neglible).

I personally believe the brokenness of SMTP is exagerrated, and the brokeness of the many client machines running botnets is underestimated.

The problem with the book, is it addresses how to do content filtering, when it isn't the content of spam that is the problem. The old adage about scientists making a living studying a problem, and engineers making a living avoiding such problems, springs to mind.

Which is why methods that address the underlying issues (bulk, unsolicited, compromised boxes) often work better (think whitelisting, greylisting, challenge/response (whatever you think of it, it is effective for the person using it), Exploit block lists) than statistical filtering, or statistical weighting of a number of rules.

Ending Spam? (4, Insightful)

demonbug (309515) | more than 9 years ago | (#13325371)

Does anyone else find it funny that a book called "Ending Spam" talks about spam filtering? Maybe I'll go write a book; "Ending World Hunger: How To Filter Sally Struthers From Your Television".

If you can't see it, it ain't there?

Re:Ending Spam? (2, Insightful)

DogDude (805747) | more than 9 years ago | (#13325484)

Well, I think that most rational people would understand the title to mean "Ending spam as it pertains to ME". In which case, as far as most people are concerned, if they don't see spam, then the spam problem is solved. I really don't think that that is an inordinate amount of literacy license.

And yes, if you don't see it, then unless you're a system administrator (can't be more than 0.001% of the population), the problem IS solved. The problem isn't spam per se, but that spam clogs up MY inbox.

It's just like anything else. Nobody is going to end spam altogether... that's just naive. But if you don't see it any more, then the problem (again, spam filling up MY inbox), then it's fixed. I don't give two shits as to what some upstream sysadmin has to do to stop it. I have my own problems, and that's part fo his job. Just stop spam from getting to ME, and I'm all good.

Effecitve filtering will end spam (4, Insightful)

Sycraft-fu (314770) | more than 9 years ago | (#13325491)

The reason spammers do it is that their message reaches people, enough of them to make it worthwhile. So, the more effective and widespread the filters, the less messages that reach people, and the less it's worth. If the filters were really effective, nearly 100%, it would simply not be worth it to spam, you wouldn't make any money because no one would see your message.

I don't think we'll ever get there, but yes filtering really could end spam.

I know it's a cliché movie, but I can't help (2, Insightful)

Idealius (688975) | more than 9 years ago | (#13325586)

Reminds me of the conversation at the end of Batman Begins with Gordon and the Bat:

Gordon: "Batman making a stand as he has will only escalate the problem."

If suddenly the masses are educated on spam filtering, wouldn't spammers just adobt tactics to avoid them?

I mean it is afterall a "spammers market". They have increased resources because they're getting all the money. I'm sure the spammers are much smarter than most techies who use filters, they just don't care. They think, "If this techie is going to use a filter to stop my spam so be it, there's a 100 people for each one of him that won't."

No we need to think of new techniques outside of filtering. Filtering is mostly nonsense, manual work. We need something philisophically different than filtering which affects how spam comes through in-transit, or something that affects the financial backing of spammers.

We should be breaking down their lines of communications, etc - not expecting granny to take up spam filtering techniques.

Re:Effecitve filtering will end spam (1)

thogard (43403) | more than 9 years ago | (#13325976)

There are an infinite number of people who find an ad and give spamers thousands of dollars to send out their ad to millions of people. The rich spam bastards don't make money selling pills (even though some have admitted to it), they make their money by reselling spaming services to people who think they will work for their product.

The only real way to stop a spamer is jail or a baseball bat but someone else will always be in line to replace them.

Re:Effecitve filtering will end spam (0)

Anonymous Coward | more than 9 years ago | (#13326328)

Wrong. Very few people make money off MLM scams, yet there is a never ending stream of them. There are those at the top or those providing "services" (bullet-proof servers, bot-net's) that will make money.

Spam will never end as long as there are enough suckers who believe you CAN make money off spam. And until then, there will be those at the top of the MLM scum-pyramid willing to fleece them of their money.

Re:Ending Spam? (3, Insightful)

pomo monster (873962) | more than 9 years ago | (#13325523)

Well, in a way, and I don't mean philosophically. If nobody can see the spam, then it really will dry up--spammers won't even bother.

There's no such thing as a perfect filtering system, but for every message blocked, that's extra effort for the spammer to get through, making it less and less worthwhile to spam at all.

Or maybe they'll just send more and more, hoping at least one gets through.

Re:Ending Spam? (0)

Anonymous Coward | more than 9 years ago | (#13325605)

The difference is: if no one sees spam, then the spammers go out of business, and spam really does go away.

fantastic advice (3, Interesting)

Anonymous Spammer (700974) | more than 9 years ago | (#13325376)

We spammers love you idiots who use spam filters. You were never going to buy from us or fall for our scheems anyway, so you do extra work to filter your e-mail and that way we are not bothered by you reporting us or attacking us. We are free to continue to waste your bandwidth and overflow your inbox, but you never see the spam and you leave us alone, to keep spamming those too ignorant to protect themselves. The complaints die down and we get what we want, the unknowing victims. What a great system.

Heck, our lobby group even points out to Congress how spam laws are not really needed, since people who really don't want the spam are free to filter it. That and a litte payola and we are free to phish for more victims.

Yea, keep "fighting spam" with lame filters, we love it. Thanks!

hello (-1, Redundant)

team anus (907851) | more than 9 years ago | (#13325384)

i hate spam

Email is mostly broken (4, Interesting)

mcrbids (148650) | more than 9 years ago | (#13325397)

Email, as a system, is fundamentally broken. It's this broken design that allows SPAM to happen in the first place.

Current anti-spam solutions are to email what an Antivirus package is to Windows - a hack add-on that increases complexity and costs without solving the underlying problem(s).

Rather than fight viruses, we should be engineering an O/S that's inherently resistent to them. How many of you Linux/BSD/MacOS users EVER use antivirus, or need to?

Rather than build ever-better antispam filters for Email, we should be engineering an email solution that's inherenly resistant to SPAM.

The answer lies in authentication - who is sending the email. Some of the best technologies now available use degrees of authentication without actually *saying* it outright. Examples are: refusing invalid domains, greylisting, challenge-response, SenderID - all of these are some form of authentication.

As these are, one-by-one bypassed by the spammers, the need for authentication of senders will continue to increase, until the dolts who will invariably reply with that "your solution will not work because... (check the options)" are shown to simply be.... wrong.

Give it time. It's already happening whatever the originators of the SMTP protocol desired.

Re:Email is mostly broken (4, Insightful)

MichaelSmith (789609) | more than 9 years ago | (#13325452)

The answer lies in authentication

And it requires central control. Is this what you want?

Re:Email is mostly broken (2, Interesting)

MightyMartian (840721) | more than 9 years ago | (#13325498)

The problem with these is that they're all duct-tape jobs on the SMTP protocol. The SMTP protocol has fundemental problems in that it essentially has no sender verification and has been configured as much by tradition as anything else to allow MTAs and MUAs to be effective equivalents. To some extent SPF and SenderID try to overcome the verification problems, but at least SPF has serious problems when it comes to forwarding unless header rewriting is done.

I suppose the "legitimate" spam (not generated by zombies through various sorts of attacks) may always be around, because I can think of no efficient and streamlined means of allowing a user to configure automatic settings saying "Don't send me commercial spam". With a properly designed transport system, at least it should be possible to easily blacklist abusive domains.

Claiming "SMTP is Broken" without any better ideas (1)

billstewart (78916) | more than 9 years ago | (#13326000)

I'm tired of hearing people rant that "We have spam because SMTP is Broken, and SOMEBODY ought to fix it", when they don't really have any better ideas. If you've got any sense of history, you'd remember the complexity of X.400 (which has a lot to do with why almost nobody uses it), and they'd remember the newer UUCP versions that had authentication built in (doesn't stop spam either), and relatively closed systems (market forces either killed them or forced them to interface with Internet mail.)

The fundamental problem is that technology pushed the *costs* of sending mail and creating identifiers (IP addresses, domain names, email addrs, etc.) to near-zero and the cost of finding recipients to near zero, human nature makes it profitable to send gullible people mail if you've got no morals, and the popularity of the internet means that people with no morals can easily get the tools to use it. Willingness to spam is a social problem, and economics have made it possible to become an actual problem. The real cost of sending mail isn't likely to go up (encryption affects it a bit, but CPU time is basically free, or you can attempt to impose artificial prices on email transmission (which will fail, if you get it accepted at all, because they don't match real prices.) You can use technology to increase the cost of discovering recipients, using things like tagged addresses and subdomain-per-user naming that increase the search space, and you can use technology to reduce the amount of mail a given group of senders can send to a given receiver. *Recipients* can impose prices or other throttling mechanisms on senders without disrupting most of the other infrastructure, which can help - I know a number of people who find that simple TMDA/Captcha techniques kill off most of their spam, by increasing the cost of discovering an email address that they'll *read* (the cost is the attention spam of having a real human read the captcha image, plus the need to use a real email address to send from instead of a bogus one) - but even they say that it annoys some people they'd really like to get email from.

Re:Email is mostly broken (1)

MemeRot (80975) | more than 9 years ago | (#13325575)

I read an article on informationweek.com [slashdot.org] that says spammers are enthusiastically adopting sender id in an attempt to legitimize themselves, or at least avoid filtering.


But since spamming is legal, those spammers not engaged in phishing or other fraud may choose to accurately identify their mail servers to avoid filtering based on Sender ID compliance. And that seems to be what's happening. Based on a sample of 400,000 spam messages, MX Logic found that 16% had published SPF records.


So spammers have a 16% adoption rate of sender id, legit businesses have an 18% adoption rate. Doesn't look too successful yet.

Gotta use it right (2, Insightful)

jfengel (409917) | more than 9 years ago | (#13325917)

If they're adopting SenderID, it makes it easy to filter them. You can't filter just on the existence of SenderID; you need to check who the sender is and ignore email from known spammers.

That's a good thing. It lets them spew all of the email they want; let's call it freedom of speech (since I don't want any legal limitations on spam also being used to prevent legitimate speech). And I get to ignore them; I can filter them at the SMTP layer even before they get to send the whole message.

It may not be successful yet, if people are misusing the technology by trusting the existence of a Sender ID record to mean it's not spam. But don't blame the technology for being misused.

Re:Gotta use it right (1)

pete6677 (681676) | more than 9 years ago | (#13326040)

This sounds much more effective than the current IP based blacklists which block entire address spans just because of one spammer. Yes, some spammers will have multiple authenticated servers set up, but it will be a lot harder for them to switch quickly. Bot nets will also be incapable of sending spam, which is a major source of spam today.

Re:Gotta use it right (2, Insightful)

jfengel (409917) | more than 9 years ago | (#13326170)

We'll probably still end up with some IP-based blacklists. You can imagine a spammer who spews out an infinite number of verified IDs. You can't blacklist just the IDs because they're one-shots. Instead, eventually you'll end up saying, "Hey, this server seems perfectly willing to grant IDs to any jackass; let's blacklist the IPs and encourage non-jackasses on that server to get a new one."

Basically, there will have to be layers of responsibility, and we can encourage the various layers to be responsible for the layers below them. Otherwise, a layer which mixes legitimate and asinine uses will risk having its legitimate users tarred with the same brush. The legitimate users will flee, and the spammers will no longer be able to hide among them.

Re:Email is mostly broken (1)

huckda (398277) | more than 9 years ago | (#13325629)

so is snail mail...
I receive just as much "spam" in my mailbox as I do in my "inbox"...the difference? I can use anti-spam software on the inbox..and the mailbox is USPS property :(

Re:Email is mostly broken (1)

Dunbal (464142) | more than 9 years ago | (#13325867)

I can use anti-spam software on the inbox..and the mailbox is USPS property

      Not only that, but companies pay the post office a lot of money to put their junk mail in your box, which is why the USPS is not about to stop it. Spam, however, doesn't cost the spammer much (apart from the software and know-how to get set up). Then they can tie up a virtually limitless amount of bandwidth at no additional cost, until they get caught. The cost of this is borne by ISPs and ultimately everyone on the net in terms of infrastructure and lag/dropped packets.

Re:Email is mostly broken (1)

The Cisco Kid (31490) | more than 9 years ago | (#13325934)

Another big difference is that the companies that pay to mail paper advertisements subsidize the costs for the post office to enable you to send letters for 39 cents. The spammers on the other hand add huge amounts of bandwidth usage to ISP and backbones bills without paying for any of it, forcing them to increase the amounts they charge for service.

Ads sent by paper mail reduce your costs to send normal paper mail.

Ads sent by email *increase* your costs for Internet (email) service. (And this is true wether or not you have filter software that hides the undesirable messages from you - it still cost time, bandwidth, diskspace to transmit and store)

Re:Email is mostly broken (3, Informative)

MrAnnoyanceToYou (654053) | more than 9 years ago | (#13325667)

You asked for it, Here It Is. You have officially scored the lowest I have ever personally seen, and I had to actually ADD negative things to the checklist just for you.

Yes, it's a possibility. Unfortunately, in this case the 'dolts who invariably reply with the survey' are actually right. The survey is funny, but it serves a very important purpose in this case - it shows that completely re-engineering the entire e-mail system means that the problems we have are masked temporarily and then reemerge. Identity, no identity, in the end the 'stopgaps' are actually better than the 'build it from the ground up' solution.

You Personally advocate a

(x) technical (x) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

(x) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(N/A) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Extreme stupidity on the part of people who do business with Microsoft
(x) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
(x) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a fascist for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Email is mostly broken (1)

Itanshi (861931) | more than 9 years ago | (#13326280)

mmmm dunno if this's been said, but i'll take my chance. If i had a filter that spell checked the subjects and or blocked ascii code misue, that'd clean alot of crap out x_x heck if hotmail had that i'd think about using it.... nevermind i'll stick with gmail

Jonathan Zdziarski is out of his mind. (1, Interesting)

Some Random Username (873177) | more than 9 years ago | (#13325419)

Read some of his essays. He genuinely believes that all evidence clearly shows that the earth cannot possibly be more than 10,000 years old.

The contract between being a logical minded person like a programmer, and being so easily brainwashed into believing comeplete nonsense is startling.

Re:Jonathan Zdziarski is out of his mind. (4, Insightful)

david.given (6740) | more than 9 years ago | (#13325582)

Read some of his essays. He genuinely believes that all evidence clearly shows that the earth cannot possibly be more than 10,000 years old.

This may be the case; however, that doesn't invalidate his work on spam. Remember, Sir Isaac Newton was a firm believer in the more exotic aspects of mystical alchemy, and the vast bulk of his 'research' was complete gibberish. That doesn't make his work on gravity any less valuable.

Re:Jonathan Zdziarski is out of his mind. (1)

Some Random Username (873177) | more than 9 years ago | (#13325609)

This isn't about his work on spam, its about a book. When someone's writing demonstrates that they are crazy, its worth keeping that in mind when reading their other writing. I didn't say DSPAM sucks because he is crazy, I just pointed out that he is crazy, and what he says may or may not have any basis in reality.

Re:Jonathan Zdziarski is out of his mind. (1)

protohiro1 (590732) | more than 9 years ago | (#13325881)

I think it is very possible that Mr. Zdziarski is very intelligent and has written an excellent book on the subject. The fact that he seems to have made some pretty horrific logical contortions to try and defend his religion as if it is a science has no bearing on that fact. I wouldn't read a book on theology, science or logic that he wrote, because his grasp on both issues is pretty tenuous. But he seems to be an expert on spam, so his expertise on the subject is valuable.

Re:Jonathan Zdziarski is out of his mind. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13325615)

So then, anyone in the world who believes in creationism is a twit? You can carve out a slice of scientists, nasa astronauts, and the rest of the cream of the crop too then.

Re:Jonathan Zdziarski is out of his mind. (1)

Some Random Username (873177) | more than 9 years ago | (#13325647)

No, anyone who has demonstrated they are capable of logical thought, and then proceeds to discard all logic and believe something completely rediculous, even going out of their way to make up nonsense to dismiss all the facts is crazy.

I never said anything about creationism, or any particular religion. I said he belives the world cannot possibly be more than 10,000 years old, which is completely insane.

Re:Jonathan Zdziarski is out of his mind. (0)

Anonymous Coward | more than 9 years ago | (#13325686)

Just about every creationist and born again christian out there believes that the world is around that old. Why? Because there's some evidence to support the claim. Constants of the universe make it impossible for the Sun's burn rate or the world's slowing down (leap seconds) to go back millions of years. Biblical texts claim to record the lineage back to the first human inhabitants, which brings people back about 10,000 years. And finally, Zdiarski makes a good point that if the Bible is true, then half-life might have not always been constant.

What I find insane is people who will immediately dismiss something (and apparently someONE) without even considering any real evidence apart from their own personal opinion. Pht.

Re:Jonathan Zdziarski is out of his mind. (1)

Dunbal (464142) | more than 9 years ago | (#13325791)

Biblical texts claim to record the lineage back to the first human inhabitants

      These are the same biblical texts in which no one seems to agree on what the actual amount of time involved is when the word "day" or "year" is used?

      I think that argument needs to be cleared up and defined correctly before using "biblical time" as a standard by which other things are measured. But since this will never happen, I personally will choose to use more rational and consistent sources of time measurement as a reference.

Re:Jonathan Zdziarski is out of his mind. (0)

Anonymous Coward | more than 9 years ago | (#13325845)

Actually, no. The six days of creation are unrelated to the record of lineage and ages. There's some discussion of whether the first six days of creation took literal days, years, or decades, but in light of plenty of other evidence outside of christian circles, there just isn't enough data to support the claim that the earth is millions or billions of years old. Isotopes are only one datapoint, there are many other datapoints that conflict with that.

Re:Jonathan Zdziarski is out of his mind. (1)

Some Random Username (873177) | more than 9 years ago | (#13325963)

No, there are no other data points that conflict with it. Saying "leap seconds prove its impossible" doesn't actually prove anything. Give some real evidence, not just regurgitating some other psycho's nonsense. Bullshit doesn't smell better just because you have alot of it.

Re:Jonathan Zdziarski is out of his mind. (1)

Dunbal (464142) | more than 9 years ago | (#13326148)

The six days of creation are unrelated to the record of lineage and ages.

      I only have your word for it.

      You can't define something in terms of itself, and no other "evidence" exists to confirm or deny the "truths" in the Good Book. Only what people say about it. What they believe.

      On the other hand I can define radioactive decay for you in many consistent ways, and can prove its consistency by obtaining reproducible experimental results. Do you want to define it in terms of a change in counts per unit time? Or in the increase in the amount of decay products created over time? The change in mass over time, perhaps?

      You can deny the truth if you want. This would make you an irrational person, since the truth is true no matter what people think about it. There is not much point arguing with a fool, as the self same proverbs say.

      Or your alternative is to try to pick a logical flaw in how I apply the truth about radioactive decay to explain the age of the world. It's entirely possible that there is a mistake there and the truth has been misapplied to mean something it doesn't. We are, after all, only human. How exactly do you plan to do this? I am an open minded person. But simply claiming that it's not true does not make it untrue. You have to prove it if you expect recognition. I am open minded but also a critical thinker.

      By the way, what dictionary is "datapoint" in? I failed to find it and am not clear on your meaning, yet you used this obviously new compound word twice.

      I should know better than respond to an AC post, but what the heck. I'm bored.

Re:Jonathan Zdziarski is out of his mind. (1)

Some Random Username (873177) | more than 9 years ago | (#13326041)

No, lots of Christains and creationist have common sense. Being a creationist doesn't mean you believe the current Christian interpretation of the bible, just that some form of higher being made the world. And being a Christain doesn't mean you believe every crazy thing another Christain says either.

You do realize the bible says nothing about the age of the earth right? That the 6,000-10,000 figures are the wildly speculative opinions of assorted people's interpretations of the bible, not actually the bible, or any other religious text, right? There's no reason for any Christain to believe that nonsense, as it has nothing to do with their faith.

And I didn't dismiss anyone or anything. I simply pointed out that he is insane, and his writings should be considered in that light. Keep in mind he is the one dismissing all scientific evidence regarding the age of the earth, so even you consider him insane then.

Absolutely (1)

DogDude (805747) | more than 9 years ago | (#13325746)

So then, anyone in the world who believes in creationism is a twit?

Absolutely. Do you have another word for somebody who ignores all scientific evidence, and instead believes in some imaginary man who lives in the sky and performs miracles? I think that "psychotic" or "delusional" or "schizophrenic" also work, but "twit" is pretty good, too!

Re:Absolutely (1)

TheJorge (713680) | more than 9 years ago | (#13326207)

Do you have another word for somebody who ignores all scientific evidence, and instead believes in some imaginary man who lives in the sky and performs miracles?

Creationism isn't necessarily the belief that science is wrong. Many if not most religous educated people believe both in science and this imaginary man in the sky. When we speak of Creationism as an alternative to Evolution (as it usually comes up on /.) I may be in agreement with your point of view. But in general, Creationism merely implies the existence of a creator. Usually one can follow this line of thought with their logical faculties intact by admitting that faith is not logic-based, but rather a necessarily logicless belief in something without evidence for or against it.

Belief in God is not contrary to logic, it's just outside it. Belief that the world is 10,000 years old requires a little (lot) more bending of commonly agreed upon scientific knowledge and reasoning.

Re:Jonathan Zdziarski is out of his mind. (0)

Anonymous Coward | more than 9 years ago | (#13325803)

You can carve out a slice of scientists, nasa astronauts, and the rest of the cream of the crop too then.

Fine with me. Those people are exactly the ones that shouldn't be where they are anyway.

As for the "scientists", they are already quite carved out, so to speak. Nobody in the scientific world takes a a creationist seriously.

Re:Jonathan Zdziarski is out of his mind. (0)

Anonymous Coward | more than 9 years ago | (#13325689)

Indeed. As the other replier to your posts said, this does not in any way invalidate his work on spam. As long as something is testable and built on solid theory, I don't care who said it.

However, the essays on that page really are downright disturbing. Some quotes:

"The Bible is the oldest and most reproduced document in existence. Having this quality, it is the most likely to be authoritative in explaining the logical progression of how we ended up where we are."

"Christianity is Logical"

"Theorists believe that order emerged from chaos, but society is rapidly degenerating, where it should be becoming more ordered if this theory held water. With this observation, it is very difficult to support the theory that the world started in chaos. If indeed it had started in chaos, it would end in chaos. If society is degenerating as we observe, then clearly the world had to begin at the opposite end of the spectrum - order."

"The theory that the earth is billions of years old is almost a laughable concept to me"

All from this [nuclearelephant.com] essay. I'm sure it gets even worse at the end of it, but I couldn't read the whole thing. Too depressing. How this man is capable of enough intelligent thought do create an apparently decent book on spam filtering is beyond me.

Re:Jonathan Zdziarski is out of his mind. (1)

Dunbal (464142) | more than 9 years ago | (#13325717)

the earth cannot possibly be more than 10,000 years old.

"Nonsense. The earth is as old as we are, no older. How could it be older? Nothing exists except through human consciousness." - 1984, George Orwell.

Re:Jonathan Zdziarski's DSPAM claims are bogus too (0)

Anonymous Coward | more than 9 years ago | (#13325930)

Zdziarski's claims for the performance of DSPAM are just as fantastic as his creationist claims.

He presents not one iota of scientific evidence that DSPAM is a good filter. Here's an article [holden.id.au] that shows that DSPAM kinda sucks compared to the competition.

pfft to the filters! (-1, Offtopic)

GoldAnt (899329) | more than 9 years ago | (#13325449)

pfft to the filters! I say blue security is the way to go...

War that cannot be won.. (0)

Anonymous Coward | more than 9 years ago | (#13325510)

Spam will never end as long as there's money to be made. As soon as you find a way to stop one form of it, another is found.

It's just like the war on terror or the war on drugs (both equally useless). There will always be fanatics, and drugs, regardless.

And in other news... (0)

Anonymous Coward | more than 9 years ago | (#13325530)

Kofi Annan declares the end of wars.

No good publisher (2, Interesting)

SW6 (140530) | more than 9 years ago | (#13325554)

It's by "No Starch Press" who seem to churn out books that look good on initial inspection, but don't seem to deliver on content.

If this was published by O'Reilly, I'd have bought it on sight as they bother to edit their books. As it is, I'll give it a wide berth.

Spam filtering is bullshit. (1)

vettemph (540399) | more than 9 years ago | (#13325583)

Spam filtering is crap. It's like having to wear a bullet proof vest because people will be firing at you while you drive to work. Excuse me for thinking it, But no one shoud be taking shots at you for no good reason.
  We need to have an automated way of dog-piling the retail site that the spammer is trying to lure you to.
Every time a spammer sends an email for viagra our email client should goto the site and fill out the order form 50 times per second... incorrectly.
  There is simply no more time to be pussies about this shit. Spam filtering has been given plenty of time to fix this problem. It's time for something new and aggressive.
VERY AGGRESSIVE.
THE TIME IS NOW!

thank you for your time.

Do something, then (1)

DogDude (805747) | more than 9 years ago | (#13325683)

You're exactly right. I've been running Spam Vampire [hillscapital.com] 24/7 for quite some time now (1-2 years). Works great. Quit bitching and do something about it!

Re:Do something, then (1)

Tony Hoyle (11698) | more than 9 years ago | (#13326232)

Uh OK.. so I have to use up my monthly bandwidth limit jut to piss off someone who's running a zombie, whilst the real spammer doesn't get affected at all.

No thanks.

Re:Do something, then (1)

DogDude (805747) | more than 9 years ago | (#13326339)

1. Generally, home users in the US don't have metered bandwidth. If you have a limit at home, then you should look into finding a new provider.

2. It doesn't effect zombies. If you took the time to read, you'd see that this hits the website being advertised, thus hitting the source of the spam in the wallet.

3. It does more than just piss them off... it runs up their bandwidth bills quite high, actually. They generally quit (at least with that domain) after being hit with spamvampire for a few days. And, of course, it makes spamming much less profitable for them as well.

Re:Spam filtering is bullshit. (0)

Anonymous Coward | more than 9 years ago | (#13326329)

I wrote a script that does that.... and they DID notice it. They tracked me down through my IP address (I wanted them to do that). My provider (a CoLocation facility) send me a copy of the message... they threatoned to sue me, but I wrote back and told them where they should "Stick it", and if they removed me from their spam list, I would stop - but after a while, I was getting so many of spams, I felt there were better ways to screw them,
and my machines got tied up so much...

Some were even so dumb to allow "Cross scripting" and if you find a site that allows this - I would hope you would know what to do... as for the legality of this, I'm sure this is a "grey area", but the fact I "attracted their attention" meant what this CAN hurt the spammers.

I find an aggressive spam reporting system like SpamCop can be very helpful in causing spammers grief... but the BEST WAY is for people not to buy the crap they sell. But (sigh) that is just not possible with so many clueless people on the net these days.

Great, this will help.. (0)

Anonymous Coward | more than 9 years ago | (#13325594)

I've been looking for a complete list of current and future technologies to allow me to better get around them and send more spam.

Thanx!!!

This should really be entitled "Hiding Spam" (2, Insightful)

wernst (536414) | more than 9 years ago | (#13325646)

Not to quibble, but even the best filters don't "end" spam.

Even a manservant reading all of my mail and hand-carying printouts of nothing but personal messages to my Jamacian bungalow doesn't "end" spam.

It would seem that These Guys [slashdot.org] are actually making an attempt to "end" spam.

All this guy is just talking about is hiding it from view. Big deal...

Re:This should really be entitled "Hiding Spam" (1)

bugbear (448726) | more than 9 years ago | (#13326038)

If you hide enough of it, you end it, because if users don't see it, it stops working. And if it stops working, spammers stop sending it.

Which raises the question: why do we still get spam? There have been good filters for years, but there is still spam. So it must be getting through somewhere. My guess is that it gets through to (a) people who get email service from their local ISP, and (b) users at medium-sized businesses, who are compelled to use wretched "enterprise" spam filters.

If everyone used Gmail or Yahoo Mail, that really would end spam, because those guys have good filters.

Who will buy the book? (1)

jlow (907845) | more than 9 years ago | (#13325898)

Why does it sound like the only people who will buy the book are the people who are trying to beat the filters?

Free sample chapter (0)

Anonymous Coward | more than 9 years ago | (#13326023)

There's a free sample chapter [nostarch.com] on the web.

Read it and ask yourself:
  • Does this guy have an axe to grind?
  • Does this guy know what "heuristic" means?
  • Is the technical content of this chapter worth the paper pulp used to print it?

Spam elimination - 101 (1, Interesting)

Anonymous Coward | more than 9 years ago | (#13326228)

While at defcon I found this book called "Spam Cartel" which is very very interesting and revealing.

I also know an acquaintence who developed a very unique and effective program to "finger" every Spam bot infected PC and with a "secret" program under trial, it shut down more than 550,000 spam sending infected PC's.

reports from the SPAM CHAT Channels indicate it was very effective in nailing down and eliminating Spam bots.

The experiment was ongoing for about 4 months last year, and WOW! I had no idea there were that many spam bots...

Word I've gotten is that a few "Checks and Balances" need to be deployed to prevent abuse... but I can imagine what would happen of more mail servers would deploy such a system.

J

Easy Solution to Spam (2, Insightful)

VonSkippy (892467) | more than 9 years ago | (#13326242)

Blacklist everyone, then whitelist only those people who you really want to communicate with. I've been doing it for years and get ZERO spam. People argue that they will miss important messages - nope, I never have. Email is not the only form of communication. All my family, friends, business clients know how to use the phone if their emails bounce. I have a web form (and phone number) for new clients (and once verified they are whitelisted), and I don't give a shit about the few messages that might not make it (although after several years of using this method I have no evidence that I've missed even one).

Next... (0, Troll)

happymedium (861907) | more than 9 years ago | (#13326277)

Next on Slashdot: "Establishing Utopia."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?