Analysis of Spam, and a Proposed Solution 370
2bot_or_not_2bot writes "Spam: The Phenomenon is a detailed analysis of spam: products, scams, viruses, obfuscation methods, etc. Failed, and doomed-to-fail, methods of blocking spam are described. A general solution is proposed that does not: invade privacy, perform wide censorship or blacklisting, or involve payment and cooperation with corporations (beyond the transport and storage of data)." Hmmm.
Boycott of Microsoft's Caller ID for E-mail (Score:5, Informative)
Not a scholoarly article - here's the text (Score:3, Informative)
The web page contains lots of images of SPAM that the author has received.
Here is the text of his proposal:
Wrong (Score:5, Informative)
John.
Have the users pay for it... (Score:5, Informative)
Bandwidth and storage for the ISP (Score:5, Informative)
I administer a mail server for a small ISP. The problem with filtering on the user's end is that my costs are consumed by the time the user deals with the spam. I don't think, as the article suggests, that spammers will slow down if their message is not being read, in fact they will just spew out ever more spam. If a 1/10 of 1% hit rate does not deter them, a smaller hit rate won't either.
I have to put some upper limit to the amount of storage I can give each person (right now I allow 100M, which I think is quite reasonable). But if a user goes on vacation and does not check their e-mail for a month, they could have their inbox filled with spam and viruses (not much difference these days, from a server admin point of view). This will preven legitamate messages from coming through. Therefore, I use the following technical measures to help reduce spam:
Re:Wrong (Score:2, Informative)
Re:Wrong (Score:3, Informative)
The existence of low-scoring or unknown "regular" words would NOT mask the presence of high-scoring spammy words! The Bayesian filter would not be fooled.
Re:IM2000 (Score:3, Informative)
Not entirely true. If a user is running a mail client that allows HTML mail, then the spammer can make the client request something unique from the spammer's server - an image, for example. I've seen spam email with images like this:
When the user previews or opens that mail, their client will request that "image", and the spammer immediately knows that your email is valid.
This is just a less-good PKI solution (Score:3, Informative)
It's essentially just a PKI system, but requires effort on the part of the individuals to manually set up a trusted transmission channel for authentication data for each person, breaks security if an email is exposed, does not provide strong authentication benefits, and seems to be open to forgery containing data from an original email. It still requires the installation of software.
Instead of transmitting each "set of formulas" via a trusted channel, one could hand over an RSA pubkey, and instead of some weird proprietary embedding of secrets, one could simply sign the email. This provides all the benefits of the proposed system, operates in a regular manner, is strong against compromise of a client machine or of sent email, and there are, to some degree, systems in place to handle signing.
I would advise against this solution. It provides no benefits that a conventional email signing system lacks, and has some serious weaknesses.
Re:Is Poster Author? -- YES (Score:1, Informative)
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com [register.com]
Domain Name: colinfahey.com
Created on..............: 23 Oct 2001 12:25:20
Expires on..............: 23 Oct 2004 12:25:20
Registrant Info:
Colin Fahey
Colin Fahey
1068 Stanford
Irvine, CA 92612
US
Phone: 9498239921
Fax..:
Email: cpfahey@earthlink.net
Administrative Info:
Colin Fahey
Colin Fahey
1068 Stanford
Irvine, CA 92612
US
Phone: 9498239921
Fax..:
Email: cpfahey@earthlink.net
Not a full proof solution (Score:2, Informative)
The problem is, that my email is somewhat generic with my first initial, last name, plus a numeric conditioner. This email was assigned by the provider. Unfortunately, many spammers, once they realize how emails are formatted for an ISP, can easily run through a list formatting it with the most common names and values. They will no doubtedly waste some emails to addresses that don't exist, but they also hit a large number of valid addresses without the use of a list.
So you must have a fairly unique address or creative provider. That, and somewhat lucky that your address hasn't gotten out yet. But it will, eventually.
A much better, novel approach that just needs PR.. (Score:2, Informative)
Unsolicited Commando [astrobastards.net]
Everyone says that filtering all the spam in the world isn't going to help if we can't stop users from clicking on it. They're right. So if we can't stop them from clicking, why not do the reverse--flood the SPAMMER'S inbox with false positives of our own?? Basically UC is a little program that goes to companies that spam's websites and fills out their sign up forms with real looking but randomly generated info. At SOME point, there is an opportunity cost to checking up on these false positives. For example, if it costs $0.02 to check up on a false positive, and the companies make $10 for each order they sell from spamming, then we need is a distributed network to put in more than 500 false responses for each positive response they receive. If you've got a distributed network of 1000+ computers, and you put in a false positive every 30 seconds, then in 1 hr that's enough 120,000 false positives or enough to cover for 240 real responses. The beauty of this is that there is no longer any profit for the business using the spammer. It hits them where it hurts most.
But this method requires a large distributed network to work! It could, but nobody seems to know about it! Right now it's just some guy's pet project--if this thing got a serious team and some serious PR, it could really take the spamming world by storm! (Of course you'd have to watch out for abuses--targetting innocent businesses networks--but we already have large blacklists a la spamcop and under an open framework I think it'd be safe enough to use.)
For god's sake people, if we got a large enough network, it could really work!
Check your filter training database (Score:3, Informative)
Re:Boycott of Microsoft's Caller ID for E-mail (Score:3, Informative)
Yes, you're most likely just trolling, but just in case some people don't realize why you're wrong, I figured I should point it out anyway. It's not a philisophical point. It's a very practical point. If Microsoft has a patent on it, then open source software and Microsoft competitors can't adhere to the standard without facing the posibility of lawsuits or large licensing fees. Maybe not right away, but whenever Microsoft feels it would benefit them most (read: after it becomes widely accepted and implemented).
Disposable Email Address Services Review (Score:2, Informative)