Plan for Spam, Version 2 464
bugbear writes "I just posted a new version of the Plan for
Spam Bayesian filtering algorithm. The big change is to mark tokens by context. The new version decreases spams missed by 50%, to 2.5 per 1000, even though spam has gotten harder to filter since the summer. I also talk about how spam will evolve, and what to do about it."
How is spam that big of a problem? (Score:-1, Informative)
Use another account for regular everyday things, and make sure it sin't something simple like abc123@hotmail.com. I do that and never get spam to my real accounts. This whole spam thing is way overblown.
hopeless (Score:-1, Informative)
For those coming late to the story, Joel Sponsky demonstrated in his well known column [joelonsoftware.com] recently that Bayesian filtering of spam is an intractible problem. Until we have quantum computers, we're stuck with black lists, which work pretty well anyway.
But keep plugging away guys. Who knows, maybe Joel's wrong.
Spam of the Future! (Score:2, Informative)
Here is your opt-in FREE! porn! [goatse.cx]
Spamassassin and ENDING spam.... (Score:5, Informative)
As with any other SA test, no single element of the chain is trusted enough to definitively call something spam, but if a message would have squeeked through before, this new filter can put the final nail in its coffin through word analysis against previous spam.
So, why did I use a subject about "ENDING spam"? Because one of the tools that spammers have is SA itself. They can use it to score their messages and determine how "spamish" it is. The problem now is that each SA installation will have subtly different scoring, and the message may be "ok" according to the spammer's version, but my version has a better sense of the mail that *I* get.
SpamAssassin is definitely a tool worth checking out if you have not already. Install it in daemon mode (spamd) and then use "spamc -f" in your procmailrc or the equiv for your MTA.
Very nice tool, and a real time-saver for me.
Obligatory plug for TMDA (Score:5, Informative)
Re:Stop spam? (Score:2, Informative)
Spam Archive (Score:4, Informative)
Re:base64 encoded emails....or images (Score:5, Informative)
Content-Type: text/html (or text/plain)
Content-Transfer-Encoding: base64
Because a lot of filters don't know how to decipher this. For me, this makes it a lot easier to filter, though. I get no legitimate e-mail encoded this way, so I just have procmail dump any e-mail encoded this way. Problem solved, and without the CPU burden of decoding or running expensive spam filters.
popfile URL (Score:5, Informative)
The url for the project is popfile.sourceforge.net [sourceforge.net]
I didn't try it yet, but it I will try it really soon now!
Re:Spam needs a global solution (Global Solution) (Score:5, Informative)
What if, in effect, a similar distinction held for spam in the transmission channel - that spam by itself selected a pathway to the recipient that was never used by the signal? Block that pathway and the spam never gets through.
Spam doesn't select a pathway but spammers do. If you could block relay spam at the open relays it would be dead. You can't, of course - the open relays are controlled by people who don't know the need to block spam. You know that, I know that. If you can't change the people then change the open relays (from the spammers' points of view.) Set up a system that looks like an open relay and stop the spam. An open relay honeypot.
I asked an operator of such a honeypot how he did last year:
> How did 2002 end?
From March 7 to December 26 2002, the total was:
235,624,232
Using one Pentium 90 he stopped spam to 235 million recipients. Think about that number when you see filter people reporting what they stop just for their own domains. This was spam to recipients all over, not simply to the honeypot operators domain: he operates at the relay level. He stopped 100% of the spam, no deception deceived him, no tuning was needed, no valid email was caught - it is perfect filtering. Perfect filtering - who else has that?
And you can do it at home on your DSL or cable connection (the guy above uses sendmail -bd, but Windows users have a program they can use):
http://jackpot.uk.net/
Yeah, I know, spammers are switching to open proxies. So, write an open proxy honeypot. That, too, will be 100% efficient. In addition you now are giving spammers reason to fear every open relay and every open proxy they detect. FEAR. The SPAMMERS have to scramble. They have to scramble and they have to show everything they do to overcome the technique - there is no stealth way to look for open relays and open proxies.
The problem is solved, it is a matter of implementation and of getting active systems everywhere in the net space (so there's no safe IP space for the spammers anywhere.)
Remember: A single Pentium 90, 235 million spam messages stopped in 10 months.
Difference with MacOS X 10.2's Mail.app? (Score:3, Informative)
It doesn't catch all the spam, and it occasionally has a false positive. This will be true of any spam filter we implement, because spam continues to change. SpamAssassin runs on some of the mailservers I connect to, but it tends to perform worse than Mail.app. So until we can get each user's spam filter customized at the server, spam identification is going to have to stay client-based. It sounds like Paul Graham's tools are getting a little more efficient, but does any of this make a big difference for the end user?
I thought that too... (Score:3, Informative)
Re:How is spam that big of a problem? (Score:3, Informative)
spews.org problems need to be addressed (Score:2, Informative)
This was a minor setback, but now other services are starting to use bulk email sources as deny lists for their offerings. My free dns provider, zoneedit [zonedit.com] now prohibits me from adding / modifying any of my zones. This is simply not acceptible to me. The way spews is set up, it is not easy for my ip to get off the list. My ISP cannot just call them up and take me off. There has to be a way to avoid this, and eliminating spam at a higher level would be a good start.
sneakemail.com (Score:2, Informative)
ifile (Score:1, Informative)
Re:Treating the symptoms, not the problem... (Score:3, Informative)
been using spamassassin all this month (Score:3, Informative)
I have been very impressed with SA and am writing scripts to track the stats even better (I love seeing what it has pulled out everyday).
So far I have had zero false positives out of about 1-2megs of mail being filtered everyday for nearly a month now.
SA has multiple different ways of searching the mail - any one of them can be easily bypassed by any given e-mail - but all of them together are really damn good at getting rid of spam.
I'm very impressed with it and how well it learns (although straight "out of the box" - or perhaps I should say "straight out of the tar.gz" it brought me down from 500+ spam to 5-10 a day and then I tweaked how my accounts were filtering into SA and that fixed the rest.
Re:Bayesian filtering (Score:3, Informative)
I initially trained on about 200 emails. At first, I got 1 spam per day, or so. There have not yet been any false positives (good mail classified as spam).
A week later, I get 1 spam in my inbox every 3-4 days, and no good mail has been classified as spam. All I need to do it take the false identifications and re-classify them. That means, every 3-4 days I take the spam in my inbox and re-scan it through bogofilter (cat SPAM | bogofilter -S). That is all. It is not any effort, really, after the initial training. Then, the filter does all the work, and you don't need to worry about blacklisting or whitelisting or anything.
The really important thing is that the filter statistically optimizes YOUR manual email classification. The best source of email classifying is YOU looking at an email, and Bayesian filtering is the only method that is optimized to do that.
Re:I shall crush your filter! (Score:2, Informative)
Re:Great Stuff! Hope to see more (Score:1, Informative)
Another POP Proxy program, SpamPal (Score:3, Informative)
Re:popfile URL (Score:2, Informative)
Fairly Simple Spam Mail reduction tips. (Score:3, Informative)
1. Change your e-mail address and drop the old one. (This way you are starting off with a clean slate and not on any mailing lists.)
2. Make sure your ISP dosent post or sell your e-mail address.
3. Make your email address simple for people to rember but hard for a computer to crack example m1nam3@isp.com. Use simular methods as you would in making a password. That prevents common name email address.
4. On your webpage make a CGI/PHP/ASP whatever form to send you an e-mail. When you want people to e-mail you give them the link to that page. Make sure that there are no prameters that can make your program e-mail others, and also that your e-mail address is not listed in any of the source that is visable to the web user.
5. Only give your e-mail to people you can relitvly trust. If you cant trust them then give them a link to you weppage.
6. When filling out forms on the network asking for your e-mail ether use an alternate e-mail or read the companies privicy clames and make sure that you do not check or uncheck something stating that they will send you e-mail or adds.
7. Use spamassasan or other email filtering on your system.
8. Forward all spam to ucs@ftc.gov with all the headers.
9. See if your email client has a automatic bounce back. If so bounce the message back to sender.
10. if you want to post your e-mail address then I would make a graphical jpg, png as your e-mail. That way it slows down most computers from reading it.
Vipul's Razor is the equivalent (Score:3, Informative)
One of my ISPs's implementation of SpamAssassin seems to be using it as part of their rating heuristic.
Re:Spamassassin and ENDING spam.... (Score:3, Informative)
However, in the next release of SA (and I'm currently running it out of CVS, so it's hardly vapor), they will *also* be using full word scoring heuristics. That scoring will result in a boolean "spamishness" which will in turn be assigned a score centrally (whihc users can override, of course).
By way of example, here's a recent summary of one of my pieces of spam:
Content analysis details: (12.50 points, 4 required)
NO_REAL_NAME (1.3 points) From: does not include a real name
INVALID_DATE (1.6 points) Invalid Date: header (not RFC 2822)
BAYES_90 (2.0 points) BODY: Bayesian classifier says spam probability is 90 to 99%
[score: 0.9645]
RAZOR2_CF_RANGE_91_100 (0.0 points) BODY: Razor2 gives a spam confidence level between 91 and 100
[cf: 100]
RAZOR2_CHECK (3.9 points) Listed in Razor2, see http://razor.sf.net/
DATE_IN_PAST_03_06 (0.2 points) Date: is 3 to 6 hours before Received: date
MSG_ID_ADDED_BY_MTA_3 (2.0 points) 'Message-Id' was added by a relay (3)
FORGED_MUA_OUTLOOK (1.0 points) Forged mail pretending to be from MS Outlook
MISSING_MIMEOLE (0.5 points) Message has X-MSMail-Priority, but no X-MimeOLE
As I said previously, the interesting part here is not the word-analysis, but the fact that the database for that word analysis is generated dynamically by looking at your mail, and applying SA's other rules. Self-training of this sort has proven highly successful in tests, and may yield the next quantum of spam-filtering effectiveness.
Notice also that while that 2.0 points from Bayes is a big push to this spam's score, it's not enough to mark it as spam on it's own. This is the power of SpamAssassin. No one test says, "this is spam", and so no one test is trusted on its own.
Re:Why can't we have legal restrictions on spam? (Score:5, Informative)
Praed argued, very eloquoently & persuasively (hey, he's a lawyer :) that there are laws on the books banning spam in nearly every state. All you have to do is find a way to bring those laws to your assistance. In particular, note that:
As a lawyer that has successfully prosecuted a number of spammers, Praed was able to talk about all of this with some authority. He cautioned everyone though that laws will never eradicate spam -- as he put it, "people still rob banks since that's where the money is". But legislation & prosecution can still be a very valuable tool in fighting spam, and an important supplement to things like better mail filters. This is a big problem, and is going to need a variety of tiered solutions to control it.
Re:better than legislation (Score:4, Informative)
Hi, that was me [slashdot.org] . Unfortunately this only works for Outlook (not even Outlook Express), but it's been working great for me.
As others have pointed out, Vipul's Razor [sourceforge.net] is a great open-source solution.
Checking SourceForge [sourceforge.net] , I found the following additional packages:
BogoFilter [sourceforge.net]
SpamAssassin [sourceforge.net]
JoeEmail [sourceforge.net]
Bayesian anti-spam classifier [sourceforge.net]
Anti-Spam SMTP Proxy Server [sourceforge.net]
Bayesian Mail Filter [sourceforge.net]
JunkFilter [sourceforge.net]
SpamProbe - fast bayesian spam filter [sourceforge.net]
Mailfilter [sourceforge.net]
IMAPAssassin [sourceforge.net]
That's just from the first page of search results. If you'd like to see all the results (I did a search for "spam" from their search box), click here [sourceforge.net] .
Re:Fairly Simple Spam Mail reduction tips. (Score:2, Informative)
Without using filtering software.
1. Change your e-mail address and drop the old one.
Off to an ugly start. Joe Average will abort on your list before he's even begun
2. Make sure your ISP dosent post or sell your e-mail address.
I'd love to know how you're going to ensure this
5. Only give your e-mail to people you can relitvly trust. If you cant trust them then give them a link to you weppage.
"No mom, you can't have my email address. You just use it to send me e-greetings and I hate getting those from you..."
6. When filling out forms on the network asking for your e-mail ... read the companies privicy clames and make sure that you do not check or uncheck something stating that they will send you e-mail or adds.
Spammers lie. We wouldn't have all these problems if spammers were truthful
7. Use spamassasan or other email filtering on your system
How do I do that "without using filtering software" ?
8. Forward all spam to ucs@ftc.gov with all the headers.
You mean uce@ftc.gov. Also note that (depending on the email client) just forwarding a message usually destroys the headers of interest.
9. See if your email client has a automatic bounce back. If so bounce the message back to sender.
How exactly does sending a response to an address that either (a) doesn't exist, (b) exists, but is irrelevant (joe-job), or (c) is an address-validation mechanism, help anything?
10. if you want to post your e-mail address then I would make a graphical jpg, png as your e-mail. That way it slows down most computers from reading it
This one I can't find fault with :) (but note there will be some people get confused/annoyed when they can't just click on a mailto: link, I'm just not of them).
Re:Why can't we have legal restrictions on spam? (Score:2, Informative)
Furthermore, the US American conception of law has, as far as I know, the principle of being applicable exterritorially, which is in general quite controversial, but could be useful here - it would probably be possible to forbid any companies that do business in the US to send spam, even if the spam is only sent from other countries and only to people living outside the United States.