eWEEK Labs Aug. 19 Special Report on spam—titled, subtly, “How to Slam Spam”—was borne of our own frustrations with the sometimes-blush-inducing junk increasingly crowding our in-boxes. As we suspected, we are not alone, and following are just a few of the responses we received to the report.
It Takes a Village
I checked out the maps site, and its points are valid enough. But I also checked out profitmall.sysop.com/maps_for_disaster.htm (the BBS response to MAPS) to see what a marketer had to say in response.
From my perspective, I feel that sysop.com (or any other marketer) could avoid the problem of being a source of spam by a carefully worded agreement with its customers—that is, if you are deemed to be spamming by, say, MAPS, your connection will be terminated.
Another thought would be reverse spamming: a coordinated effort to clog the arteries of spammers. As the e-mail from a known spammer starts to flow out, why not have it trigger an automated response to flood the spammer with unsolicited replies?
Despite the above, anybody can set up a mail server and go nuts. All the legislation in the world isnt going to resolve the issue. However, framing a worldwide anti-spam parameter of compliance for ISPs would not be an unreasonable start.
— Sim Brigden
Traditional content filtering will never work, for the reasons you note (constantly evolving spammer tactics and the unacceptable chance of false positives). For a novel anti-spam approach that has some real potential, check out www.paulgraham.com/spam.html. A fellow named Paul Graham has come up with a new (at least to me) approach to spam filtering that is based on statistical probability rather than traditional content filtering and that could potentially render elaborate content filtering services unnecessary.
He assembled collections of spam and nonspam messages and ran them through an algorithm that calculates a “Bayesian combination of the spam probabilities of individual words.” He claims that his Bayesian filter misses only five spams per 1,000, with zero false positives. As an example, a message containing an innocent occurrence of “sex” (such as “please send me a copy of the sex offender study”) is delivered, whereas porn solicitations are zapped.
Its not a product but rather an experimental concept he has developed to exercise his primary work with LISP. But it seems to have great potential. If it becomes a product, Ill sign up.
— Lance Groth, Director of IT Services, Minnesota Office of the Legislative Auditor
: Bounce-Back Bugaboo”>
I just read your article in eWeek where you said, “When using a black hole list, some e-mail administrators may also choose to bounce blocked e-mail back to the sender. This, of course, sends a confirmation to spammers that they have a legitimate e-mail address, making it likely that the e-mail address will receive more junk mail, but it also has the benefit of letting legitimate senders know that their e-mail has been blocked.”
I disagree. Most of the junk e-mail messages have faked return addresses, so bouncing them is making the problem worse. Just drop them on the floor and sweep them away.
The latest trend Ive seen is spammers using legitimate, harvested return addresses. Ive had mine used a lot recently. One instance left me with about 300 messages from Hotmail, bounced from messages I never sent.
Faking a return address is legal as far as SMTP goes and makes sense if youre sending mail from home and want to use your work address. Maybe if servers bounced mail back to the original mail server instead of to a specific user-specified e-mail address, bouncing would make sense. Right now, it just doesnt.
Thanks for an interesting article.
— Sander Wolf
Make It Go Away
The three tools you reviewed (“Trio Take Different Tacks in Fighting Spam,” Page 34) arent broadly useful. Did you ever try to get Mail Abuse [Prevention System] to sell you the MAPS service? I tried for a couple of months and never got more than auto-responses from them. Kind of like, “We value your business; please hold for the next available. …”
Brightmail doesnt even want to talk to you if you have fewer than 100,000 users. Of course, it doesnt want spam to go away. If everyone had access to competent anti-spam measures, spammers would move on to something else, and Brightmail would be out of business.
SpamAssassin for Outlook is probably a great product, but what if you dont use Outlook? Once you throw in a couple of less common things like IMAP or another mail client, the number of available desktop anti-spam products drops precipitously.
As an ISP, I could probably eliminate 100 percent of the spam delivered to our users. But there would very likely be valuable e-mail thrown away, too. So you have to back off a bit.
But there are people who dont want any filtering or blocking. They want everything filtered except for mail from one place that has an open relay, but they dont want spam from that open relay, either. And they start off the dialogue by threatening legal action if you dont let all their wanted mail through.
So, now we see that what is really important is an interface where the user can control what is blocked, whether its deleted or saved, etc. Making sure that the user can control things rather than having a policy enforced by the ISP may be more important than the method of filtering.
Ah, but now we have people who dont want to be bothered with using the user interface. They just want you to make their spam go away. They may never even say anything; theyll just cancel their service and go elsewhere.
— Stuart Krivis, Hostmaster and Purchasing manager, APK Net Inc., Cleveland
: Guilty as Charged?”>
Guilty as Charged?
I found it quite humorous that the eWeek Enterprise Update [e-mail newsletter] containing your article on “How to slam spam” was caught by my system as spam. It seems that the mail server address 188.8.131.52 in the message headers is being reported by SpamCop as being blacklisted. The entire range 205.150.6.* appears to belong to DoubleClick, a source of much spam.
On the bright side, the article was well-written, with much useful information. However, maybe eWeek should reconsider how it is delivering that information.
— Jeff Young, MD/Win Corp.
We installed spamassassin pro about a month ago and are extremely pleased with it. Most of the people in our organization have finished “training” their installation, and the amount of spam that makes it to our in-boxes is on the order of two or fewer messages per day, which is down from 60-plus per day.
You listed “no central management” and “hodgepodge of sorting policies” as cons for the product. Actually, to us, these were deciding pro factors. I subscribe to many programming lists (a lot from eWeek), and a universal policy would and did block these newsletters, eWeeks included. But with my version of the hodgepodge, I can let them in, while the normal user doesnt have to worry about anything.
— Paul M. Nations, Senior Systems Programmer, Arkansas Department of Higher Education, Little Rock, Ark.
Links to Related Articles: