Curiouser and Curiouser! on spam

SpamNet

Mon, 19 Aug 2002 15:30:18 +0100

I've been trialling DeerSoft SpamAssassin Pro for two weeks now. For those unfamiliar with it, SpamAssassin is a collaborative spam filtering application that leverages the power of it's users to help fight spam.

However the DeerSoft plugin for Outlook XP does not handle the HotMail inbox yet and this is where my spam comes from. My novissio address is still shiny enough not to get any spam. But I don't imagine that will last for long!

Unfortunately the DeerSoft trial is only 14 days so I don't really feel I've seen it in action (although it did file a number of legitimate but likely messages as spam) and can't justify the $30.

However, reading Michael Alderete's weblog I came across his notes about SpamNet which is another collaborative spam filter and available as a free download. If it can access the hotmail inbox that would be great, otherwise I guess it gives me more time to play with this technology before having to commit and maybe pay for SpamAssassin.

The only downside is that it's only available for Outlook on Windows.

A sad event...

Tue, 27 Aug 2002 12:05:44 +0100

It's a sad day. I knew it would come though. I guess a month isn't too bad.

My new Novissio email account received it's first piece of confirmed spam!

Luckily SpamNet was there to catch it :-)

One for PingBack

Wed, 25 Sep 2002 16:29:02 +0100

I agree with Ray. I don't want pingback, trackback, or refererback. I get enough feedback with comments, spam free e-mail, and links to IM. If I wanted to host a discussion group, that is what I would have instead of a weblog. [John Robb's Radio Weblog]

» Quite frankly I do more than scan my referrer lists "once in a while" as Ray puts it. I am always scanning them, looking for the breadcrumbs of someone or something interesting that has passed by. Always on the lookout for that connection that could have value for me or my business. I get as much spam as anyone, but I'll put up with a future of pingbots right now if it means I make the connections that helps my business to succeed. Just like I put up with spam to use email today. I can't afford to pull up the draw bridge.

PingBack may not be good for John, Ray, and others on the path well trodden. But I think there are lots of people like myself who see things differently. I want to know when someone is talking about what I am talking about and especially when they are talking about something I've written.

I don't know all the answers to the path I'm on, it's only through shared dialogue and the connections that I am making that I have a hope of moving forward. I see PingBack as a valuable way of making those extra connections that I need, of closing the loops, and getting the feedback. If Ray & John don't want to come to that party that's fine, but I hope that, their not turning up, doesn't mean that there isn't a party at all.

To put it another way my blog isn't the government emergency broadcast system, it's The Frasier Crane show.

So go ahead and ping me.

I'm listening.

What a crock of shit

Thu, 26 Sep 2002 14:57:23 +0100

So, ever since I installed Service Pack 1 for Windows XP

Outlook 2002 runs painfully slowly. Where it used to be fine, now it takes 4-5 seconds after I click a message before it appears in the preview pane. Clicking multiple messages to delete spam also takes 2-3 seconds each.
My start bar menus now flicker. Even when the mouse is stationary I can see it flickering like it's constantly redrawing the menu.
Same thing for all my context menus.. Bah!
My QuickCam software crashes and I can't undock any more because "Your camera cannot be stopped. Please try later" Yeah, right.

So the net result of my upgrade?

I have a new, more invasive license
I have a machine that is slower and less reliable

Well thanks for fucking nothing you M$crosoft shitheads.

I declare XP1 to be spam!

The darker side of blacklists

Fri, 01 Nov 2002 14:40:55 +0000

Amy Wohl on the agony of blacklists. [Scripting News]

» Yep. I am afflicted by the same problem. My hosting company are also brutally uninterested in helping out.

No spam in this tin

Thu, 01 May 2003 22:50:04 +0100

REDUCE Spam Act. Congresswoman Zoe Lofgren today introduced her REDUCE Spam Act. That Act is in part based upon the idea that I have bet my job on. This has led some friends to write that they hope the law is not passed -- some because they believe it won't work, some because they don't like this or any regulation. To the first group, I appreciate the concern, but remain unworried. To the second, I understand the concerns, but remain convinced. The general idea of the statute is that spammers must label UCE, and if they don't, then the law enables a bounty system to pay people who hunt down those who fail properly to label. I've been getting lots of questions about how this would work, and as many are similar, it would obviously help to post a FAQ. It would be great to get more questions beyond the first wave, and a FAQ would certainly help. This final draft does have a nice modification that was suggested by a particularly skeptical friend. The label requirement initially is a simple ADV: in the subject line. There are obvious problems with mandated protocols, and so the modification requires either an ADV: or "an identification that complies with the standards adopted by the Internet Engineering Task Force for identification of unsolicited commercial electronic mail messages." This is a nice modification that both creates an incentive for the development of other protocols, but vests that process within a body that so far has resisted capture. I was originally worried that any industry standards group would be open to capture. But I have lots of confidence that the IETF will be able to suss out spammers. The key to this idea is, as Congresswoman Lofgren puts it, that the Act would enlist a bunch of 18 year olds in the battle against non-complying spammers. "Between the 18 year olds and the spamsters," as she puts it, "I'll bet on the 18 year olds." Me too. [Lessig Blog]

Sounds like a good idea and, most importantly, progress in the right direction. How will this work if spam originates outside the US though? A good follow-up step will be to drum up support in the UK and Europe generally.

Radio Userland comment spam begins?

Sun, 07 Mar 2004 11:54:50 +0000

Is this:

GOOD website for ours!Thank you very much! human growth hormone 3/6/04; 7:31:54 PM

the start of automated spamming of Radio Userland comments? This morning I notice two of them on very old posts of mine from nearly 2 years ago. This would be very bad news as Userland offer no tools for managing comments.

Subverting comment spam

Fri, 14 May 2004 13:07:23 +0100

I had an idea about comment spam and I'm wondering if I've had a flash of the blindingly obvious.

As I understand it the most problematic spam is bot-generated. If not then my idea is probably useless, however it goes like this:

To sign up for Yahoo groups and some web sites you are required to enter a special word in the sign-up form. That word is contained in an image which is displayed in the form. A spam-bot is presumed to be unable to read the image, so if it submits the form it won't work.

Is it practical to have weblog comment forms duplicate this approach? It should only add a couple of seconds to the time taken to write a comment. I don't think it would put me off.

Thoughts?

Not the end, not even the beginning of the end, but, maybe...

Wed, 19 May 2004 18:48:20 +0100

DomainKeys draft specification. Jeremy Zawodny notes that Yahoo's DomainKeys proposal is now public. Here's the Internet-Draft; here's the blog chatter as seen by Technorati. ... [Jon's Radio]

Looks interesting, workable, and Yahoo! seemed to have done the right thing in making it open and freely implementable.

Mail accounts come in six-packs now

Sat, 07 Aug 2004 10:33:31 +0100

Mailinator. I love this service. Mailinator Get enough SPAM lately? Have you ever gone to a website that asks for your email address for no reason (other than they are going to sell it to the highest bidder so you get... [Get Real]

Very handy.

Pure visceral pleasure

Thu, 07 Apr 2005 14:53:43 +0100

Like most people I am becoming actively concerned about identity theft. Research shows that it's still mostly about giving your credit card to cloners or putting credit card bills in the bin. Yesterday I bought a £10 paper shredder from PC World and vowed never to bin anything unshredded again.

However I've discovered a much better use for it: Shredding junk mail.

Junk mail used to be a cause of a sort of mild pain and irritability to me, possibly something about the inevitableness of it. Then I put some through the shredder and, well, it was fun. I put some more through, and some more and found myself laughing as I shredded them and their loan offers and tacky product adverts.

Some foolish companies even enclose return addressed envelopes. I do hope they enjoy receiving a handful of their shredded offerings. As much as I enjoyed sending them! :-)

Tar'n'feather spammers

Sun, 10 Apr 2005 10:24:10 +0100

I've been looking for a good corpus to train a Bayesian classifier on (still looking). In my quest I've come across some interesting ideas and work. Today I came across one which I thought was pretty good indeed.

Marty Lamb of Martian Software (who seem to be a small Java software house) has published an idea to use statistics to cause spammers pain.

Philosophically the idea strikes me as quite similar to HashCash which is a system for preventing denial of service attacks by forcing a client to do work before it can use resources. For normal users this work has little impact but when mounting a DoS attack it (theoretically) becomes prohibitive.

Marty's idea is to bake a Bayesian filter into SMTP servers and have them analyze a message token-by-token as it arrives. With each token a spam probability is calculated and used to vary the the speed of the connection. As the server reaches the conclusion that a message is spam the connection slows to a crawl and it takes the spammer longer and longer to deliver the message. Marty describe it thus:

If an incoming message looks like spam, the connection could be slowed dramatically, consuming the spammer's resources and wasting their time. This would transform the server into a sort of dynamic tarpit, in which the spamminess of the incoming message affects the viscosity of the tar. As the spam probability goes up, the socket speed goes down.

If enough of these dynamic tarpits were in place (or just a handful were placed in the right places), the spammers' mail software would bog down, reducing the rate at which they can send messages, in turn reducing the fees they can charge their customers. If these tarpits were ubiquitous, they could completely change the economics of spam, creating a scarcity of bandwidth experienced only by spammers.

Ouch. :)

Of course, this doesn't eliminate the problem presented by careless or uninformed sysadmins who provide open relays; spammers going through open relays wouldn't feel a thing. But the sysadmins that provide those services certainly would. It isn't too far-fetched to imagine that they might start to notice the effect on their server when all of its outbound SMTP connections are slowed to a crawl.

If this works then all we need to do is add feathers!

TrustRank

Tue, 26 Apr 2005 22:29:09 +0100

The ProBlogger reports that Google have trademarked TrustRank. A search for TrustRank turns up a paper discussing semi-automatable techniques for separating reputable web content from Spam.

First Skype spam

Mon, 27 Jun 2005 14:36:39 +0100

I've received my first Skype-In spam. When I signed on today I had a voicemail from unknown number telling me about a wonderful holiday package to Florida including a trip to the Bahama's all for the unmissable price of £199. Why do I think it's targetted to SkypeIn? Because the price was in pounds even though the voice was American (it sounded like a voice synthesizer to me).

I wonder where they got my Skype-In number from? Since Skype is not telephony am I protected by the same regulations as phone? Hmm...

Crocodile: New antidote found.

Mon, 09 Jan 2006 21:18:19 +0000

Just one of the many excellent spam titles I have read this evening as I wade through recently imported email archives from 2002-2004 sorting the wheat from the chaff which, apparently, I can't figure out how to make Mail.App do for me.

For the record: however long it takes to import about 30,000 emails into Mail.App it takes much longer to index them afterwards (the last batch of 10,000 took about 5 hours of 100% CPU!)

Also exposing yourself to that many spam... maybe I am not feeling quite as clean as I did when I started...

Where the hell is the opt out?

Wed, 24 May 2006 18:08:00 +0100

Where the hell is the option to tell Plaxo to get stuffed? I want an option so that if someone tries to add me to their Plaxo contact book they get a message to say I hate Plaxo and a URL to where I manage my own contact details.