Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Trap Claims 10x-100x Accuracy Gain

kdawson posted more than 6 years ago | from the see-it-when-i-believe-it dept.

Spam 419

SpiritGod21 writes in with a NYTimes article on a new approach to spam detection that claims out-of-the-box improvement of 1 or 2 orders of magnitude over existing approaches. The article wanders off into human-interest territory as the inventor, Steven T. Kirsch, has an incurable disease and an engineer's approach to fighting it. But a description of the anti-spam tech, based on the reputation of the receiver and not the sender, is worth a read.

Sorry! There are no comments related to the filter you selected.

Ummmm.... (3, Insightful)

rustalot42684 (1055008) | more than 6 years ago | (#21567711)

I read part of TFA, and it seems to be saying that you can id spam mails because they are being sent to a person who gets lots of spam. But that still doesn't take into account the fact that that person also receives legit mail, AND the fact that what is spam to one person isn't spam to another.

Also, seems like a bit of a slashvertisment for what is yet an unproven technology - the only benchmarks we have are ones they provide.

Is linux for homos? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21567797)

consider: sea monkey --> okay semen

Re:Is linux for homos? (3, Funny)

MightyYar (622222) | more than 6 years ago | (#21567957)

Oooo! Can I play?

"Anonymous Coward" --> A Condom Warns You

Re:Is linux for homos? (2, Insightful)

courseofhumanevents (1168415) | more than 6 years ago | (#21568159)

"MightyYar" --> "him gay, try!"

No (0, Informative)

Anonymous Coward | more than 6 years ago | (#21567839)

It totally takes how much legitimate email each individual gets into account. What they are saying is that if 30% of the emails I receive are usually spam, then my personal spam filter should mark about 30% of my email as spam. It should sort my mail based on how spammy it looks and then kill the top 25%, pass through the bottom 65%, and maybe give some extra scrutiny to the middle 10%. It's a pretty interesting idea.

Re:Ummmm.... (2, Insightful)

MechaStreisand (585905) | more than 6 years ago | (#21568205)

... AND the fact that what is spam to one person isn't spam to another...

That's not true though. Spam is defined as bulk, unsolicited e-mail. Even if some retard actually likes to read their spam e-mails and buy things they advertise, that doesn't change the fact that the message was sent in bulk (to many other people as well), and that it was unsolicited by at least the vast, overwhelming majority of them.

I love the smell (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#21567717)

of slashvertisements in the morning. /sarcasm

x100 improvement in accuracy? (1, Interesting)

EmbeddedJanitor (597831) | more than 6 years ago | (#21567731)

Was the previous technology less than 1% accurate?

Re:x100 improvement in accuracy? (3, Informative)

Dan East (318230) | more than 6 years ago | (#21567803)

Misquoted by the Slashdot story as usual. FTA:
Over 99 percent spam blocking means fewer than one mistake in every 100 messages processed. That's 10 to 100 times fewer mistakes than any other available systems.

Dan East

Re:x100 improvement in accuracy? (0)

Anonymous Coward | more than 6 years ago | (#21568183)

I want that system that makes "100 times" "one mistake in every 100 messages processed". Then I'll take the negation of it.

Re:x100 improvement in accuracy? (2, Informative)

teh moges (875080) | more than 6 years ago | (#21567953)

No. If previous methods let through one in 100 (1%) then a 10x improvement would result in one in 1000 getting through (0.1%).

Aww (1, Redundant)

AlphaDrake (1104357) | more than 6 years ago | (#21567733)

Does this mean I can't recieve new ways to "enlarge my pen15 and please my significant other while keeping my bank info for safeness"?

Re:Aww (0)

Anonymous Coward | more than 6 years ago | (#21567809)

Does this mean I can't recieve new ways to "enlarge my pen15 and please my significant other while keeping my bank info for safeness"?
Not as Spam [spam.com] . You can still get it as Potted Meat Food Product [pk.org] . Try it on Saltines. One taste and you can't get enough of that Partially Defatted Cooked Beef Fatty Tissue. Not sure if it will do anything to enlarge your pen15, but it's worth a shot.

Yet another wrong answer... (5, Insightful)

damn_registrars (1103043) | more than 6 years ago | (#21567753)

At least once a week there seems to be another flashy technique to filter or block spam. Great.

Except that this ignores the truth behind the spam problem, that many people don't seem to care about. Spam is, at its root, an economic problem. Spam is sent by people who are making money helping someone sell something. The spam you got this afternoon for discount v!@gra or 0EM software is making money for someone. And as long as someone can still make money off of it, they'll keep doing it.

If you want to stop spam, you need to take away the economic incentive. We've already seen how many spam filtering / blocking programs produced in the past 5 years? But yet the spam problem just keeps growing as the number of "solutions" grows. This tells us that the spammers are more than willing to work on ways to circumvent these reactive techniques, so that they can continue to make money off their deeds.

Once we can stop spam from being profitable, we will finally see it go away. But no sooner.

The solution to spam (3, Funny)

Anonymous Coward | more than 6 years ago | (#21567821)

1) Issue a Fatwah that spam is an insult to Islam.
2) Behead those who insult Islam!
3) No more spam. Allah Akbar

Re:The solution to spam (1)

CrazedWalrus (901897) | more than 6 years ago | (#21567853)

Just name a teddy bear Spam. That should just about do it.

Spam must be named Mohammad (0)

Anonymous Coward | more than 6 years ago | (#21567983)

The Religion of Peace (tm)
is not upset over Teddy Bears, but over Mo'
(really it is just grievance theatre)

Just remember in Sudan:
Raping a killing thousands, A-OK
Naming a teddy bear Mohammad, death/flogging/prison

Just so we clear that up.

Re:Spam must be named Mohammad (0)

Anonymous Coward | more than 6 years ago | (#21568203)

I name all my turds mohommed, take that moslem extremists. Now I'm off to go give birth again.

Re:Yet another wrong answer... (5, Insightful)

ender- (42944) | more than 6 years ago | (#21567827)

If you want to stop spam, you need to take away the economic incentive. We've already seen how many spam filtering / blocking programs produced in the past 5 years? But yet the spam problem just keeps growing as the number of "solutions" grows. This tells us that the spammers are more than willing to work on ways to circumvent these reactive techniques, so that they can continue to make money off their deeds.

Once we can stop spam from being profitable, we will finally see it go away. But no sooner.
But why would the anti-spam software companies want that? If they succeed in actually eliminating spam, they'd also go out of business. It may be profitable for the spammers, but I suspect it's even more profitable for the anti-spam companies.

Re:Yet another wrong answer... (1)

wizardforce (1005805) | more than 6 years ago | (#21568227)

But why would the anti-spam software companies want that? If they succeed in actually eliminating spam, they'd also go out of business.

you assume that all anti-spam filters are proprietary, open source filters exist and can be modified to your desire- that in its self should force anti-spam companies to adapt otherwise they got replaced by free as in gnu software. it is in their best interests to at least attempt to beat FLOSS and FLOSS has a lot going for it- if someone finds a better way to code for the project- good for them they just made it better and now anti-spam companies have to step up their efforts to do the same.

Re:Yet another wrong answer... (1)

ender- (42944) | more than 6 years ago | (#21568355)

But why would the anti-spam software companies want that? If they succeed in actually eliminating spam, they'd also go out of business.

you assume that all anti-spam filters are proprietary, open source filters exist and can be modified to your desire- that in its self should force anti-spam companies to adapt otherwise they got replaced by free as in gnu software. it is in their best interests to at least attempt to beat FLOSS and FLOSS has a lot going for it- if someone finds a better way to code for the project- good for them they just made it better and now anti-spam companies have to step up their efforts to do the same.
I'm not talking about the quality of their filters. Certainly the anti-spam companies do want to make the best filters they can. What they don't want to do is actually *eliminate* spam. They have no economic interest in stopping the spammers from sending the spam.

Re:Yet another wrong answer... (0)

Anonymous Coward | more than 6 years ago | (#21568263)

Viruses and trojans are pretty profitable for anti-virus companies too. I would think Symantec, MacAfee, etc would be pretty upset if viruses miraculously disappeared. I think at that point they would probably start producing their own "viruses" to keep the industry alive.

I love conspiracies.

Re:Yet another wrong answer... (1)

UbuntuDupe (970646) | more than 6 years ago | (#21568359)

[tinfoil hat] Could that be where spam profits actually come from, then? Not from the sale of the advertised products, but from selling anti-spam proprietary software that's specifically programmed to ID your spams (through e.g. a checksum)?

Because if the revenue model involves getting people to buy stuff in spam links, you would *think* the credit card companies would find the spammers within about a day or so...

Someone replied and mentioned the free spam filters, suggesting that the "spam and sell spam filters" model won't work because of the free alternatives. However, this is like saying that no one would buy windows if WINE were perfect. Free software has a harder time finding advertising funds.

Re:Yet another wrong answer... (3, Insightful)

ucblockhead (63650) | more than 6 years ago | (#21567841)

Yes, and once we can stop drugs from being profitable, we will see them go away too.

Oh, and prostitution, too. And identity theft. And insurance fraud. Yup, it's simple to fix. Just make it unprofitable! Simplicity itself!

Re:Yet another wrong answer... (-1, Offtopic)

Trogre (513942) | more than 6 years ago | (#21567913)

<i>Oh, and prostitution, too. </i>

Oh our country had the perfect solution to that problem. They made it legal.

Cleared it right up, it did.

</sarcasm>

Re:Yet another wrong answer... (1)

MightyYar (622222) | more than 6 years ago | (#21568095)

You live in Vegas [bloggingvegas.com] ?

I don't think anyone expects prostitution to go away - I think they just hope to make it safer for all involved. Those of us who are realistic know it won't go away.

Re:Yet another wrong answer... (0)

Anonymous Coward | more than 6 years ago | (#21568229)

Why assume the GP is in the US? I can quickly name the Netherlands and Germany as countries that have legal, taxed prostitution.

Yes, morons will scream about how there should be no drugs, prostitution, illegal immigrants, etc. Sane people realize that "harm reduction" is usually the best policy, rather than throwing addicts in jail for years, wasting police man hours on worthless stings, or encasing your country in an airtight dome.

Re:Yet another wrong answer... (3, Funny)

MightyYar (622222) | more than 6 years ago | (#21567985)

As much as I'd like to forget it, I think your post made me realize that some spam is actually filling a market need. Ugh. Yay, capitalism!

Re:Yet another wrong answer... (0)

Kadin2048 (468275) | more than 6 years ago | (#21568343)

As much as I'd like to forget it, I think your post made me realize that some spam is actually filling a market need. Ugh. Yay, capitalism!
Well, it's filling a market need but only does so economically because it externalizes the costs of message distribution on other, uninvolved, third parties.

Frankly I think this is a problem with email in general. If we were designing email today, it's pretty easy to see the flaw: everyone basically pays the same amount for email (some very small portion of the amount you pay to your ISP every month) which means those who don't use or under-use the system subsidize it for those who heavily use or abuse it.

If you did the same thing with physical mail -- paid for the entire system out of taxes and let everyone use it as much as they wanted -- you'd have 300 pounds of junk mail on your front doorstep every day, too. It's doomed.

I happen to think the solution is metered billing and micropayments. Obviously this changes how email would function, and keep it from being the great democratic equalizer between rich and poor that it sometimes gets trotted out as being, but such is life. Internet exceptionalism was cool in the 90s and I liked the ideas too, but a whole lot of it is and was just naiveté.

Re:Yet another wrong answer... (1)

OzRoy (602691) | more than 6 years ago | (#21567845)

And how exactly do you propose we do this?

Everyone knows what spam is, but it's economical because there are idiots out there who ignore the warnings and buy the crap anyway. So it seems that the only ways to make spam uneconomical is to either remove idiots from the Internet (Internet Utopia here we come!), or stop the spam from getting to them.

Re:Yet another wrong answer... (1)

RedWizzard (192002) | more than 6 years ago | (#21567887)

And how exactly do you propose we do this?

Everyone knows what spam is, but it's economical because there are idiots out there who ignore the warnings and buy the crap anyway. So it seems that the only ways to make spam uneconomical is to either remove idiots from the Internet (Internet Utopia here we come!), or stop the spam from getting to them.
Make it illegal and fine the people who profit from it.

Re:Yet another wrong answer... (0)

Anonymous Coward | more than 6 years ago | (#21567917)

Make it illegal and fine the people who profit from it.

Oh, you mean like it is now? Yeah, that's working great.

Re:Yet another wrong answer... (1, Funny)

wvmarle (1070040) | more than 6 years ago | (#21567963)

Make it illegal and fine the people who profit from it.

Easier said than done. First start with a legal definition of spam e-mail, that does not cover things like mailing lists. Personally I am sending out many mass mailings, on an opt-out basis (I harvest interesting mail addresses myself) - and get very few opt-outs and many reactions. I specifically send mails to people that may be interested in buying my goods. This should definitely be legal, it's a great marketing tool and helps my business very well.

What should be illegal (and I suspect is already) are the attempts at identity theft, selling prescription drugs (real or fake), selling fake brand products, etc. Sellers of this kind of products should be tackled by the police first, and secondly those helping them in their marketing - most notably e-mail spammers. That is at least partly where the real solution lies.

Re:Yet another wrong answer... (5, Insightful)

choongiri (840652) | more than 6 years ago | (#21568135)

No, if you are harvesting email addresses and sending unsolicited commercial messages to them, it is quite simple:

You are a spammer.

Re:Yet another wrong answer... (1)

Velcroman98 (542642) | more than 6 years ago | (#21568289)

I'd be afraid it the government starts writing more laws to do with the internet. So far, the laws they've created against spam have been meaningless, with a few exceptions. I foresee a situation with more anti-spam laws pushing more of the bad spammers overseas, and regular people being charged with huge fines for sending a few emails to people with a grudge or looking for the next lawsuit lottery.

I see solutions, possibly coming from email vendors like Google, M$, or others. Something along the line of authentication to prevent spoofing, and some sort of registered dynamic "white list" - a DNS for email white listing.

Re:Yet another wrong answer... (0)

Anonymous Coward | more than 6 years ago | (#21568191)

A few points:

1. If spam was only a problem because of its use in crime there would be no need for laws specific to spam. Criminals willing to commit fraud and other crimes are unlikely to balk at sending spam unless the penalties are ridiculously severe.
2. If you are in the U.S. this is what the FTC wants you to know about the CAN-SPAM act [ftc.gov] .
3. Don't read too much into people not opting out of your emails. For one thing, spammers often use 'opt-out' links to verify whether an email address is active. Clicking on the links often (usually?) results in more spam. It is also likely some portion of your emails are never being read - possibly because they're filtered into a spam folder.
4. By sending unsolicited mail you may be inadvertantly associating your business/brand with "attempts at identity theft, selling prescription drugs (real or fake), selling fake brand products, etc." (I think you recognize this.)

Re:Yet another wrong answer... (1)

lgw (121541) | more than 6 years ago | (#21568261)

It's quite simple: opt-out mailing list = spam. You = spammer. World = better off without you.

Re:Yet another wrong answer... (3, Interesting)

penix1 (722987) | more than 6 years ago | (#21568291)

...and get very few opt-outs and many reactions.


I can imagine the reactions you get...

There are two reasons for this. First, nobody is receiving your emails because you are blocked nine ways to hell in their spam filters. Second, because most spam (yours included) use the opt-out crap for email verification of their lists. They know they have a live one so most sane people ignore opt-out links in email since they are dangerous.

what needs to be changed *IS* the opt-out crap. It needs to be confirmed-opt-in plain and simple. While they are at it, I wouldn't say no to outlawing email harvesting either. Throw in a $10,000.00 fine for each violation of either provision and call it pretty. Make half the fine go to the organization that hunts down violators and we got a sound business solution.

Re:Yet another wrong answer... (2, Funny)

Harmonious Botch (921977) | more than 6 years ago | (#21568347)

Where do you live?

Re:Yet another wrong answer... (1)

QuantumG (50515) | more than 6 years ago | (#21567901)

Fund a government agency to fight spam by tracking down the people sending it (note: I said people, not computers) and fine them. You don't have to fine them much.. just a little more than they earn sending the spam, multiplied by your ability to find the spammers. The profit is now gone.

Don't care enough about spam to pay a tax to fund a government agency to make spam history? Then stop complaining about it like its the end of the freakin' world.

Re:Yet another wrong answer... (1)

OzRoy (602691) | more than 6 years ago | (#21568005)

Of course, a Government agency to fight this stuff. Because agencies/businesses that devote their entire business model to prevent other illegal activities like online piracy has worked real well. After all it has caused the Pirate Bay has disappear and go out of business. /sarcasm

Re:Yet another wrong answer... (0, Flamebait)

QuantumG (50515) | more than 6 years ago | (#21568047)

So you're saying that anti-fraud agencies and, well, ya know, the police are just completely ineffective.

Fuckin' idiot.

Re:Yet another wrong answer... (2, Insightful)

OzRoy (602691) | more than 6 years ago | (#21568111)

On the Internet, yes. Because, ya know, the spammers won't just move to where spam isn't illegal, like Nigeria or something.

Wake up, they are already committing fraud, and already breaking the law. The agencies already exist that fight fraud, and yet how many spammers have actually been caught and charged with fraud? How much of this spam has actually been stopped?

Re:Yet another wrong answer... (1)

lgw (121541) | more than 6 years ago | (#21568281)

The police were pretty much ineffective (at least, at stopping crime) where I grew up, and government agencies in charge of "getting rid of X" get a larger budget the more "X" there is, so the incentive is always backwards.

Re:Yet another wrong answer... (1)

Cryacin (657549) | more than 6 years ago | (#21567857)

Well put.

The spam issue is a human problem, rather than something that can be filtered with a trivial algorithm. True, bayesian filtering et al gets rid of the bulk of crap, but nothing short of a "Personal Assistant" in the human sense will get anywhere near full accuracy. Hence, this becomes a cognitive AI issue.

To properly filter spam, the system would need to extract MEANING from the text, then make a high level decision on whether the user of the inbox wants to read something that falls under this meaning category. Essentially, we are going from a raw data state, to a conceptual level, to a symbolic level. This is what we are missing.

True, spammers would still be able to flood your inbox with crap, but it would have to be meaningless crap, which would be a spam bin distinction in itself.

Unfortunately, to achieve this, as stated earlier, is definitely non-trivial. Perhaps the person who proves me wrong would also like a crack at travelling salesmen. ;)

Re:Yet another wrong answer... (4, Insightful)

pclminion (145572) | more than 6 years ago | (#21567875)

At least once a week there seems to be another flashy technique to filter or block spam. Great.

It's not "flashy." It's called information theory and statistics. It is an extremely powerful concept that has far more important potential uses than simply filtering spam email. Every new advancement in automated classification and knowledge extraction is VITALLY IMPORTANT to our ability to cope in a world which has suddenly been flooding with SO MUCH information. This power tool is being applied to what some might see as a "silly" problem, but the fact remains that spam is a powerful motivation to researchers to push further limits in the fields of pattern recognition, information and natural language processing.

If you're against the advancement of information processing techniques, then... uh, okay, I guess. If you can't see beyond spam, you are terribly short sighted.

Re:Yet another wrong answer... (3, Informative)

wizardforce (1005805) | more than 6 years ago | (#21567907)

how do you propose we remove the economic incentive for spam? ok let's see how this has been attempted or hypothesized in the past: charge a fee per email rather than a blanket fee from the ISP for access. ok but most of the real spam that is being sent is done through compromised PCs so attacking the problem by charging a fee per email is useless because the people in control of this spam-net are not the ones paying for bandwidth/email fees. ok then pass laws against it. that doesn't work either, the remaining spam-nets will still work because it can not be enforced in the host country let alone all those who are not subject to the law. ok then build better spam traps. tried that, it isn't doing so well- spam is still getting through in large numbers. educate people? that will certainly make things better in a lot of ways but there will still be that twat that actually wants to get spam... have ISPs cut off high bandwidth connections from those suspected of spamming? can anyone say privacy nightmare? as much as I hate spam I hate the idea of ISPs snooping through your email no matter what their reasons are. now what?

Re:Yet another wrong answer... (1)

lgw (121541) | more than 6 years ago | (#21568307)

It's blindingly simple: follow the money. All the enforcer has to do is buy whatever shit the spammers are selling, and then kill whoever gets the money. Optionally, insert trial.

Re:Yet another wrong answer... (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21567919)

Isn't making spam less profitable what they're attempting to do by blocking it? Doesn't that defeat the initiative in its own way?

I mean, I'd imagine inventing new ways of blocking spam would be a lot easier than standing the economy on its head.

Simple way to Do That (1)

BlackGriffen (521856) | more than 6 years ago | (#21568025)

Charge money to send emails. That idea has been discussed before, I know, but there is a twist to make it work - make it so that the recipient is the one who gets paid. After all, it's their time the spammers are wasting so they should be fairly compensated. This would cause serious problems for people who run listservs, so this would have to be combined with user customizable white-lists. In the ideal case, each recipient can even name their own price, have a white list, and retroactively forgive debt. For most users the charges will roughly balance out and/or they'll have the who send them the most email on their white list. The ISP and money shuffler makes money by charging the owners of the account a fixed fee for providing this premium spam-free service.

Then, of course, you get the problem of spammers trying to weasel their way into as many white-lists as possible, but it is easy to kick them off the white list and the spammers would be subject to criminal prosecution if they are hacking or otherwise resorting to dirty means to get themselves on white lists.

Re:Simple way to Do That (2, Funny)

OzRoy (602691) | more than 6 years ago | (#21568065)

Alright!! I'm going to white list me a new car!

Re:Simple way to Do That (1)

MillionthMonkey (240664) | more than 6 years ago | (#21568215)

(X) No one will be able to find the guy or collect the money

Re:Simple way to Do That (1)

BlackGriffen (521856) | more than 6 years ago | (#21568361)

Then his mail won't reach the recipient, simple is that. This is a pre-pay scheme, not post pay.

Re:Yet another wrong answer... (1)

Spazmania (174582) | more than 6 years ago | (#21568037)

Except that this ignores the truth behind the spam problem, that many people don't seem to care about. Spam is, at its root, an economic problem.

That's all well and good, but wake me up when you have a viable economic solution based on the premise that spam is an economic problem. And by viable I mean doesn't have a massive downside like e-stamps, trampling on the first amendment, or elevating jail times for spammers beyond those for violent crimes.

In the mean time, you'll have to pardon me if I don't throw up my hands and say, "There's nothing I can do about it! Its an economic problem!" 'Cause as it turns out, there are things I can do about it.

Re:Yet another wrong answer... (2, Interesting)

7Prime (871679) | more than 6 years ago | (#21568045)

How about charging the sender $0.01 for every email that's never opened. That way, spammers risk a HUGE number of people catching the trap and not opening their email. It wouldn't be worth it to advertise in that fashion, because you lose more than you make (spam requires 10s of thousands of emails to be effective, if 90% of those are unopened, than you risk losing over a hundred dollars on a scheme that might make you $50 on a good day)

Re:Yet another wrong answer... (1)

welkin23 (1168399) | more than 6 years ago | (#21568151)

nice pseudo-thinking. why bother fighting waldenstrom's when the real culprit is death, right?

it should be obvious that what i'm trying to say is that less spam is better; it's not a worthless endeavor merely because it doesn't solve all of mankind's problems.

your last sentence is correct; however, your notion that spam filtering will never be effective enough to stop spam from being profitable because it hasn't so far happened in 5 years (???) is silly. you mention taking away economic incentive. how, with laws? rather than hold my breath for 20 years and disregard "wrong answers" i'll give mr. kirsch my blessing, whether or not it is as effective as he claims it is, regardless of its longevity.

Re:Yet another wrong answer... (5, Interesting)

Jimmy_B (129296) | more than 6 years ago | (#21568189)

Except that this ignores the truth behind the spam problem, that many people don't seem to care about. Spam is, at its root, an economic problem. Spam is sent by people who are making money helping someone sell something. The spam you got this afternoon for discount v!@gra or 0EM software is making money for someone. And as long as someone can still make money off of it, they'll keep doing it.
Not exactly. It's making money for the spammer, but it probably isn't making money for the person who hired him. You see, even if no one ever bought anything advertised in spam, it would still be sent. The problem is multilevel marketing [wikipedia.org] , which creates a lot of people desperate to sell unsellable inventory, some of whom pay spammers to advertise it for them. A perceived economic incentive is enough, even if there isn't a real one.

Re:Yet another wrong answer... (1)

gad_zuki! (70830) | more than 6 years ago | (#21568221)

>We've already seen how many spam filtering / blocking programs produced in the past 5 years?

Lots. Even in my most anceint hotmail account I see almost no spam. The filters are working and the spam cat and mouse game has reached a point where the sophistication of spam detection is outpacing the spammers. There comes a point where their resources cannot keep up. We've reached that point I think. I dont expect spam to ever leave but now its a controlled problem. In the future we might even start seeing lots of spammers go back to other scams because spamming will be too much of a hassle.

Oh well, next time dont build your worldwide messaging standard on a clunky hackey piece of crap like smtp.

Re:Yet another wrong answer... (1)

adamkennedy (121032) | more than 6 years ago | (#21568341)

At least once a week there seems to be another pie in the sky idea for blocking spam that relies on somehow manipulating economics to sold the problem. Great

Except that this ignores the truth behind the economics problem.

In the long run, you can't beat economics.

Self-defeating strategy? (0)

Anonymous Coward | more than 6 years ago | (#21567757)

Is this a self-defeating strategy? It depends on some members of the group receiving a lot of spam. But once they're in they receive less spam.

KInda flawed (1)

thedarknite (1031380) | more than 6 years ago | (#21567767)

So, if I understood the article correctly, this technology will classify more email as spam the more spam you have received. Wouldn't this eventually classify everything as spam, forcing you to trawl through catch folders to find all your legit email?

Re:KInda flawed (0, Redundant)

mr_stinky_britches (926212) | more than 6 years ago | (#21567795)

You are severely oversimplifying their solution.

Re:KInda flawed (4, Informative)

pclminion (145572) | more than 6 years ago | (#21567825)

So, if I understood the article correctly, this technology will classify more email as spam the more spam you have received.

No, that's not how it works at all. Let me try putting it as a concrete example. You have a friend, Jane, who likes to swap stupid chain emails, subscribes to all kinds of "voluntary spam," and generally receives 1000 spam mails a day. Jane's a great lady, don't get me wrong, but you know the type of person I mean. You talk to her in real life, but over email she is incredibly annoying, as most of her messages are essentially meaningless.

Now, let's say that BOTH YOU AND JANE receive the same message M. Now, you know Jane, and you know the kind of messages she typically received (mindless, at least in YOUR eyes). What are the chances that this message M is something that YOU will be interested in? Probably very low. The vast majority of email Jane receives is "crap," at least according to your definition, and so the very fact that Jane received message M greatly increases the likelihood that it is "crap."

Does that make better sense?

Re:KInda flawed (2, Insightful)

swillden (191260) | more than 6 years ago | (#21568001)

Does that make better sense?

Not much.

Two issues: First, how does the system know that Jane's e-mail is mostly spam. Who tells it? Does it use some other filters to identify the spam in order to determine her spam rate?

Second, how does the system know that the message you received and the message Jane received are the same? Spammers have long been randomizing parts of messages in order to block older spam filters.

Re:KInda flawed (2, Interesting)

wvmarle (1070040) | more than 6 years ago | (#21568053)

Second, how does the system know that the message you received and the message Jane received are the same? Spammers have long been randomizing parts of messages in order to block older spam filters.

An interesting thing, as outlined in TFA that you should R, is that the mails do not have to be the same. They may have different check-sums even. However they are checked against the sending IP-address. If more messages from the same IP address arrive (presumably within a certain time frame), they are all considered spam or ham. Spammers tend to send lots of mails from the same IP address at a time, so that should work.

How they handle mailing lists though is not clear to me really. There are quite some loose ends to the article.

eh? (1)

Coop (9778) | more than 6 years ago | (#21568353)

But doesn't the fact that *I* received the message equally indicate that it's *not* spam? I don't understand. Jane getting the message indicates that it's spam, me getting it indicates that it's not.

Makes sense (4, Informative)

Dan East (318230) | more than 6 years ago | (#21567785)

I own a number of domains, and receive all email to each domain in a catch-all account. I receive a great deal of emails to totally fictitious email accounts at my domains. Those recipients receive 0% legitimate emails, so anything sending to those accounts is 100% certainly a spammer. Basically what Abaca is doing is working with all the shades of gray in between. Also, this is a system that can only be employed at the server level. It's not like you could add this technology to your stand alone email client.

Dan East

Re:Makes sense (1)

InakaBoyJoe (687694) | more than 6 years ago | (#21568133)

Exactly, I do the same thing. Honeypot accounts provide a training signal to the spam filter.

Of course, the spammers' workaround is to permute, randomize, or otherwise vary the messages. Done well enough it can cause the spam filter to fail to recognize the similarities between messages received at different accounts.

As this "Abaca Email Protection" is susceptible to the same problem, I don't see any evidence that it can substaintiate its pompous claims of being "revolutionary", "mathematically guaranteed", or "spammer proof". Who the heck writes that stuff anyway?

Re:Makes sense (1)

sgartner (1108101) | more than 6 years ago | (#21568321)

Also, this is a system that can only be employed at the server level. It's not like you could add this technology to your stand alone email client.

Worse than that. Since it works on statistical probabilities it is only accurate if it has a large enough domain to work in. A single server (even with, for example, 100 domains on it) is unlikely to have a statistical domain large enough to provide accurate results.

It's not clear to me whether their appliance actually sends each e-mail (or the headers or something) to their centralized servers for processing to achieve that giant domain, or whether they count on their clients having a large enough domain for the scheme to work. Obviously the larger, the better for this. Maybe they ship a domain summary of some kind to each appliance (like shipping a DNS cache).

What I would love them to do is provide a forwarding/filtering service for individuals and small domains. I currently use gMail for exactly this purpose. They provide a much better spam filter than my host provider or my local SpamBayes, so I forward all mail from my personal domains to gMail and then back to my server (and then to my local computer). It has cut my spam down to a relatively manageable level.

Though if my hosting provider buys one of these I'll gladly give it a shot (they are big enough to get a significant domain all by themselves). I'm certainly curious to hear from any companies that tried it to see what results they get.

Snake oil (1)

explosivejared (1186049) | more than 6 years ago | (#21567787)

So the way I read this is that it works like a reverse karma system. It doesn't really make much sense though. Remember the old adage about lies and statistics. Without seeing there analysis who knows what they twistsing. I would very much like to see actual data about this system. The idea that a person's amount of spam would fit any sort of predictable distribution seems like a bit of a stretch to me. If anyone with actual numbers could come forth, I think we would all appreciate it. Even if there was a regular distribution of spam for a recipient it would have a tenuous relationship with any one single element at best. I call snake oil without any hard statistical analysis. The best the article gave was a board meeting style feel good chart with no basis in real statistics, only assumed aggregates.

Is it a joke? (2, Insightful)

jmv (93421) | more than 6 years ago | (#21567829)

Seriously, I don't see how anything working remotely as described can work. First, it guarantees that any OSS mailing list will be flagged as spam because we our emails tend to be on the web and we all receive lots of spam. Then how the hell is someone going to know what percentage of spam I receive (or do they expect everyone to give them access to their inbox?)? Even if that were to work, all the spammers would have to do is let the zombies send one email at a time, at which point either they block all my email or they leave it all through. Dumb idea or dumb reporting?

Chicken-and-egg problem (3, Insightful)

sonikbeach (939185) | more than 6 years ago | (#21567835)

How does one initialize this system? Spam is determined by user reputation, yet user reputation is determined by quantity of spam received. Am I missing something? The logic seems circular.

Re:Chicken-and-egg problem (2, Insightful)

explosivejared (1186049) | more than 6 years ago | (#21567937)

Exactly! The system lacks a way of defining what exactly it's blocking. How does one determine that one say receives 25% spam? Does Abaca do the analysis or are you just supposed to guess? While the equation obviously works on paper, when implementation comes it is clearly missing a major element, ie a definition of spam.

Re:Chicken-and-egg problem (1)

wvmarle (1070040) | more than 6 years ago | (#21568019)

This chicken and egg problem is not that hard to overcome.

Start off with "traditional" filtering techniques, they are quite accurate and I suspect give a good enough sample size to get you started.

A second option may be to ask users to mark their spam manually for a day or so. That should also be manageable.

Lastly when there is one group up and running, as I understand it new users can be added without any problems. Just keep them out of the statistical pool (only check their incoming mails on spaminess against the rest of the existing pool) until this user has received enough mails to be included. Such as "seed pool" apparently exists already.

Re:Chicken-and-egg problem (1)

The Raven (30575) | more than 6 years ago | (#21568171)

Google's PageRank is a circular algorithm as well, but that doesn't prevent it from working.

However, this sounds more like a technique to augment traditional spam detection engines. Take SpamAssassin output as a precondition to classify the users, and then use that classification as an input to the SpamAssassin engine with a high weight. Tadaa! Increased detection accuracy.

Whether it would actually work or not, I dunno. Seems plausible, but only as a server based approach, such as something to augment Google's spam filtering. In fact, for large domains this sounds like a pretty reasonable approach.

Re:Chicken-and-egg problem partially solved (1)

sonikbeach (939185) | more than 6 years ago | (#21568197)

Partially answering my own question; this might work with some sort of seeding. Create X number of accounts purely as spambait; post them in fora all over the web, login to free pr0n sites etc; and send 0 legit email to them. Emails for V1a.g.r4 come pouring in, producing a 100% bad cohort. Now create Y number of "good" accounts, post them nowhere on the web, send them (from other email accounts set up for the purpose) a variety of known good email messages, and filter the incoming content allowing only those messages you've sent. Now you have the 100% good cohort.

That gives you endpoints for your curve. Are there any math geeks reading tonight that can tell me if having just the endpoints would be good enough to extrapolate the middle? Calibrating the middle percentiles seems harder, since you can't control the number of spams you'd receive.

How hard it is to spoof 1 million IP addresses during a bulk transfer? That would appear to be a way to defeat this system, since the system assumes a particular batch of spam will originate from a single IP address.

Form letter (5, Funny)

Anonymous Coward | more than 6 years ago | (#21567847)

My first attempt at doing this, please feel free to ammend/critique:

Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Form letter (1)

Pollardito (781263) | more than 6 years ago | (#21568109)

Specifically, your plan fails to account for

(X) Asshats
(X) Extreme stupidity on the part of people who do business with spammers
actually this is one of the first methods i've seen that turns asshats and stupid people who do business with spammers into a part of the solution

Re:Form letter (0)

Anonymous Coward | more than 6 years ago | (#21568199)

This is ranked "Funny"!!!!!!!!!!!!!!!!!!!

Must be a whole lot of stupid moderators around.

These weren't even funny the first time they appeared and that was well over ten years ago.

Anyone who would moderate this "Funny" doesn't need a pet parakeet - they already are one.

I guess they are one way to sort out the twerps from those who are actually have something to contribute.

10-100x better than what? (1)

Temporal (96070) | more than 6 years ago | (#21567851)

From the web site [abaca.com] :

Unprecedented accuracy. Over 99 percent spam blocking means fewer than one mistake in every 100 messages processed. That's 10 to 100 times fewer mistakes than any other available systems.
Uhh. So this system makes 1 mistake in 100, and claims this is 100x fewer than some other system. Apparently this other system they are comparing against gets it wrong every single time. I guess one way to make your products look good is to compare them against the theoretical worst competitor imaginable.

Re:10-100x better than what? (2, Insightful)

MightyYar (622222) | more than 6 years ago | (#21568039)

In TFA, the example is:

"At 99.8 percent you miss two out of 1000," said Mr. Kirsch. "At 95 percent you miss 50 out of 1,000. So other systems give you 25 times as much spam. Who wants that? Nobody we know."
He then goes on to claim that more users will improve the system to where it is 100x better than 95%, or 99.95% effective.

Re:10-100x better than what? (1)

lakeland (218447) | more than 6 years ago | (#21568059)

Er, no.

10 to 100 times more accurate than existing systems means that for every 10 to 100 mistakes that existing systems make, this system will make just one.

For instance if they say current technology is 80% accurate then out of ten thousand emails coming in, 2000 will be incorrectly classified. 100 times more accurate than that means 20 errors, or 99.8% accuracy.

Now, it happens that TFA is peddling snake oil. The top spam blocking programs make one mistake per ten thousand emails processed or 99.99% accuracy. To obtain ten times that accuracy is well beyond belief, and if physically possible, would require a much more detailed data source than is currently being used (perhaps simulating an email client to work out what is actually displayed and running OCR/analysis on that), and/or running semantic/pragmatic understanding of the text rather than just lexical. That's if you care - even with an adequate filter like gmail uses (99.5%), you only spend a minute a day on spam.

That's 200% Accuracy! (1)

sqrt(2) (786011) | more than 6 years ago | (#21567881)

I've never once had a spam message in my Gmail inbox, it all gets caught by their spam filters and ends up in the appropriate folder. There's 150 in the spam folder right now, and they get deleted automatically after 30 days, so I get around 5 a day. That's probably just the ones google thinks are possibly spam, who knows how much they filter out that we never even see. Their filtering tech is pretty close to perfect, but it's always those last few points that are the hardest. So I seriously doubt this as yet unproven tech that claims such substantial increases in accuracy over traditional filtering. But the article was still interesting to learn more about Kirsch, his prior inventions and work, and battle with terminal blood cancer.

Re:That's 200% Accuracy! (1)

Type-E (545257) | more than 6 years ago | (#21567973)

I get around 70 spams a day and gmail would slip one or two every 2 days.

GMail spam filtering has false positives (0)

Anonymous Coward | more than 6 years ago | (#21568057)

Had one, and only one, false positive that I noticed. So they suck, period.
And the false positive? An actual JOB INQUIRY/RATING notification for an application with the Dept. of Labor. How the fuck you can be so stupid to filter the HR systems of a .gov is beyond me.

Even one false positive can cause significant financial damage to an individual, make gmail of questionable value for even small business, and greatly increase the costs of using their service. I mean what's the point if I have to check the spam folder for legitimate emails every two days?

Re:GMail spam filtering has false positives (0)

Anonymous Coward | more than 6 years ago | (#21568173)

No shit. Any remotely aggressive spam-filtering system is going to have false positives. Which is why they don't just dump the messages, but encourage you to peek in your spam folder every once in a while. You're free to go back to deleting your spam manually. Me, I'll pass. You can bitch and moan about how the technology isn't absolutely perfect, or you can realize that you need to change your habits.

They'd better have a helluva lot of revenue (1)

The Master Control P (655590) | more than 6 years ago | (#21567959)

Because they're going to be needing an OC-256 or the fucking spammers will be able to ddos the servers that compute aggregate scores off the 'Net and break the system.

Sidestepping the arms race (2, Interesting)

whamett (917546) | more than 6 years ago | (#21567961)

This is clever: filtering spam by exploiting properties of spam pumps in general, vs. straight content analysis. The competition of ever-more-sophisticated content scanning techniques on one side, and spammers' escalating workarounds and huge botnets on the other side, is an arms race that shows no sign of abating.

Of course, this approach does still depend on something—probably content analysis—to determine which messages are spam and which are not, so that receivers' spam statistics can be computed.

The smartest (and reportedly most effective) anti-spam technique I know is spamd [linux.com] , which completely sidesteps content analysis. In a nutshell, it's an SMTP proxy that issues a temporary error code to unknown senders; legitimate MTAs retry delivery (at which point spamd lets the message through), while spam pumps don't bother. Voilà—spam gets stopped before it's ever received. A friend of mine reports that spam volume has dropped to zero since he set up spamd for his department.

If I understand the "receiver reputation" approach correctly, it could use spamd (rather than content analysis) to identify spam; similarly, content analysis can supplement spamd [benzedrine.cx] . The two are potentially complementary.

Re:Sidestepping the arms race (1)

whamett (917546) | more than 6 years ago | (#21568181)

Oops, one correction: spamd is not actually an SMTP proxy. Rather, the firewall takes care of directing the sender's TCP packets to either (a) spamd or (b) the real MTA, as appropriate. Spamd, meanwhile, updates a firewall state table on the fly; for example, spamd may determine that a particular sender is legitimate, then update the firewall state table such that the sender's next mail delivery attempt goes to the real MTA, not to spamd again. Sorry for the mixup.

Thank you! (1)

cheesecake23 (1110663) | more than 6 years ago | (#21567979)

The article wanders off into human-interest territory as the inventor, Steven T. Kirsch, has an incurable disease and an engineer's approach to fighting it. But a description of the anti-spam tech, based on the reputation of the receiver and not the sender, is worth a read.
Thank you for warning us about the nasty human-interest traps in the article. Because [Spirit]God[21] knows we Slashdotters aren't interested in humans. Especially fluff about an inventor using an engineer's approach to fight an incurable disease.

obligatory (0, Redundant)

SurturZ (54334) | more than 6 years ago | (#21567999)

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
(x) Good original thinking for a change

Patented Technology (1)

CustomDesigned (250089) | more than 6 years ago | (#21568115)

While this is a rare case of the algorithm actually being original (as opposed to rehashing an old idea "on the web"), it is yet another software patent. I'll lump it with RSA - the kind of software patent you might actually want to read if all software patents were that original.

Human! (1)

fm6 (162816) | more than 6 years ago | (#21568127)

The article wanders off into human-interest territory
"Wanders?" The human interest part is most of the article! Not everybody thinks that a new spam filter is more interesting than a person's struggle to survive.

Generalization of honeypots (3, Insightful)

CustomDesigned (250089) | more than 6 years ago | (#21568169)

Honeypots have been a published anti-spam technique for a decade. The idea is to publish bogus mailboxes that are not close to any legit mailbox. Any message with a honeypot as any recipient is spam. 100% accurate. (And I blacklist the IP for a week for good measure.) I use a variation, where any message with 3 or more invalid recipients is spam (blacklist IP). That is a little risky since someone may legitimately be trying various mailboxes manually with a telnet session because they forgot the exact name. This technique gives each recipient a score between 0 and 1 that reflects how close to a honeypot that recipient is, with actual honeypots (100% spam) being 1.0.

Re:Generalization of honeypots (1)

bcrowell (177657) | more than 6 years ago | (#21568253)

Yeah, reading the article, I had the same impression, that it was just a honeypot. And in fact, I don't even think it's a useful generalization of a honeypot. A honeypot is an address that receives 100% spam. This method is supposed to look at accounts that receive low levels of spam as well, but how is that useful? I receive essentially 0% spam, mainly because I change my address every year. Even if I was willing to share my data with this company, what would it tell them? I get an email from my wife telling me to pick up milk on the way home from work. Well, nobody else gets that email, so it doesn't do them any good to classify it as non-spam. The technique also seems vulnerable to countermeasures. For instance, the spammer can put random stuff in every email it sends out, so that no two spams are identical. AFAIK the point of a honeypot is that you can build a blacklist of machines that send spam, not that you're trying to build a blacklist of known spam *messages*.

Crackpot in denial. Snake oil to sell. (2, Interesting)

syousef (465911) | more than 6 years ago | (#21568245)

From TFA with commentary:
"he has started four companies, all based on his frustrations with existing products or services"

Unless they're all still in business that's probably 3 failures on record.

"Along the way he has amassed a personal fortune of about $230 million"

But he got out before the ship sank and with a bundle of cash too. I wonder what his ex-employees got...

"This is harder on my wife than it is on me," he said during a recent interview. "I just look at it as a problem. Here's a problem and you have four years to solve it or you don't get to solve any more problems."

How philosophical...So he's going to cure himself single handedly of a rare disease in 4 years, because medical research is as easy (and cheap) as writing software or tinkering with a home engineering project. I think he's been watching Crusade and sniffing glue.

"His perspective on his disease is also clear. Fourth on his list is "Why human beings will be extinct in 90 years." He writes, "My incurable blood cancer is minor compared to what is happening with the planet. We have somewhat more than 90 years before humanity is virtually extinct.""

Don't even know where to start on this one. I can't be bothered reading about his reasoning, but he's not the first person to predict the end of the world just beyond his own lifetime.

Oh and by the way he has a bridge, I mean some anti-spam software to sell you.

Gimme a break! Nothing to see here.

It's been around (and implemented) for years (1)

Arrogant-Bastard (141720) | more than 6 years ago | (#21568285)

This approach is quite similar to that taken by the DCC. Quoting from its home page: "The DCC is based on an idea of Paul Vixie and on fuzzy body matching to reject spam on a corporate firewall operated by Vernon Schryver starting in 1997. The DCC was designed and written at Rhyolite Software starting in 2000. It has been used in production since the winter of 2000/2001."

As is often the case, those who are new to the spam problem frequently believe they are inventing something new, when it's most likely that they're not -- the remaining question being whether it's workable or long-since abandoned as (mostly) useless. Reputation systems like this are presently somewhat useful, but it's worth noting that should they become widely used, spammers might then find it worth the effort to exercise the control they have over the 100M+ hijacked systems out there and thereby poison the reputation system. While this could be done by generating appropriate traffic, and that'd be moderately disruptive, exerting control over a sufficient number of systems participating in reputation assessment would be worse.

This therefore joins a long parade of specious claims (e.g., Spam as a technical problem is solved by SPF") made to announce the mythical "solution" to spam, which of course does not exist. Does it have possible value in mitigation? It would appear so, based on the track record of similar work (see above). Is it The Answer? Not even remotely close.

"Spam Trap" Claims 10x-100x Accuracy Gain (1)

ls671 (1122017) | more than 6 years ago | (#21568293)

"Spam Trap" Claims 10x-100x Accuracy Gain

The title might give up their secret industrial patented algorithm ;-) A "Spamtrap" [wikipedia.org] is an email account set up only to receive spam mail. That email address is never given to any legitimate user.

So maybe they just setup spamtraps, then publish those email in some honey pot places where spammers scrape email addresses, et voila !

Of course, any emails sent to the spamtraps will be guaranteed to be spam. Now, the Marketing department steps in and says: Let's call this : "The concept of receiver reputation" ;-)

By the way, I already block way more than 99.9% of spam using the following, this was a one-time setup with no need for white/black listing maintenance:
-Spam Assassin
-Real time blacklists
-Greeting delays
-Rate control
-Max senders by message and other various sendmail option You can view the configuration here. [oc9.com]
-Priority 1 and Priority 10 mail servers are always down, Priority 5 mailservers are the real ones
-Spam trap addresses

It is so efficient that I didn't have to resort to graylisting yet but I could always use it to achieve even better results. I am not ready for the downsides of graylisting yet.

Since correctly using available open-source tools already gives better than 99.9% result (1 spam every 1000 forwarded message) I am not sure of the relevance of the advertised product ;-)

Another failure to mention false positives (1)

InakaBoyJoe (687694) | more than 6 years ago | (#21568303)

From TFA:

said Mr. Kirsch. "At 95 percent you miss 50 out of 1,000. So other systems give you 25 times as much spam. Who wants that? Nobody we know."

Um, wait a minute. Given two hypothetical spam filters, one with 99.8% rejection but a nasty habit of discarding legitimate emails, and another with 95% rejection but effectively zero false positives, I'd rather take the 95% filter, thank you!

Here we go, yet again. The New York Times, of all places, reports nothing but the "spam catch rate". But the false positive rate is a far more important indicator of a spam filter's effectiveness than the "spam catch rate". I'd rather have to delete the occasional spam than miss an important email from a long-lost friend.

Why are people still comfortable talking exclusively about the "spam catch rate"? Are we really that gullible to the marketing drivel of anti-spam companies? Shouldn't we be holding the discourse to a higher standard?

What about custom spams? (1)

steveha (103154) | more than 6 years ago | (#21568329)

As I understand it, this method looks at a message and analyzes it based on the users to whom it has been sent. What is not clear to me is how the system would cope with individually customized spams.

Spammers already have systems in place to randomly mutate the spam messages, to defeat systems that block spam based on identity. For example, consider Vipul's Razor, where people cooperate to flag messages as spam. Suppose a spammer sends a message with the subject "Panda Obligate Greenspan" to Joe, and Joe dutifully flags it as spam. But that same spammer sent another spam to Mary with the subject "Goldfish Dutiful Jones".

This new spam trap uses a clever technique, and I believe that if the same message is spammed out to many people, this trap could detect it. But I think that with enough randomness in the spam messages, this won't be able to stop the spam.

Imagine that a spammer has a botnet at his disposal, and the botnet has thousands of servers. He could send a single random spam from each of his servers to each of the users on an email server; each message thus has different gibberish in it, and a different sender.

You could block a bunch of spam by blocking pure gibberish, if you had a reliable gibberish detector. But then the spammers start pulling complete sentences out of any available source texts (Mark Twain novels, news stories, etc.). So I think any content-based spam filtering is also ultimately doomed.

I think the only possible solution to spam will be to create a whitelist system that doesn't suck. Any attempt to guess whether a message can guess wrong. (As the article notes, even humans make errors when classifying messages.) I want digital signatures; then, if I get an email that is correctly signed with my wife's signature, I'm pretty sure that's not spam. But a whitelist system is doomed unless there is an escape mechanism; if my old friend from college suddenly sends me an email message, I want to get it, even if he's not in my whitelist. It's not a trivial problem.

steveha
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?