Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

Trustic Anti-Spam Service To Close 173

Posted by simoniker from the people-can't-be-trusted? dept.
An anonymous reader writes "I recently received an email from the anti-spam service Trustic saying: "We have decided to close the Trustic service. We have determined that the system as it currently is designed will not achieve the level of accuracy that we require, and an inaccurate system is worse than no system."" We covered Trustic's anti-spam service, which billed itself as "a community-based block list that prevents untrusted servers from sending spam", as recently as a couple of weeks ago.
This discussion has been archived. No new comments can be posted.

Trustic Anti-Spam Service To Close More

Trustic Anti-Spam Service To Close

Comments Filter:

  • On blocking spam (Score:5, Informative)

    by Anonymous Coward on Monday August 04, 2003 @04:59PM (#6609515)
    Say what you want about statistical anti-spam methods implemented server-side or locally, but they work. Either SpamAssassin or SpamPal do their job at above average level.

    • Re:On blocking spam (Score:5, Informative)

      by OMEGA Power ( 651936 ) on Monday August 04, 2003 @05:29PM (#6609768) Journal
      Either SpamAssassin or SpamPal do their job at above average level.

      Agreed, I've been using SpamAssassin and would say it averages about 2 missed spams per 1,000 messages and almost no flase positives (I don't have a exact number but I would estimate about 1 in 20,000)

      • SpamAssassin (Score:2, Interesting)

        by aclarke ( 307017 )
        Agreed. SpamAssassin with the Bayes filtering turned on (and properly trained) is a wonderful thing. It is amazingly accurate and the other good thing is that it's not obnoxiously intrusive like IP blacklists.

        Of course, it's not exactly a trivial install for your typical Windows/Outlook user, but the fetchmail/procmail/spamassassin/IMAP combo I have running now is hard to beat for a well oraganized email system.

    • Agreed. I use mozilla's built-in spam filter, and even though I get from 80-100 spam every day, I seem to see one of them in my inbox less than once a week.

      I also believe it's been over two months since I got a false positive.

    • Re:On blocking spam (Score:5, Insightful)

      by mumblestheclown ( 569987 ) on Monday August 04, 2003 @07:36PM (#6610798)
      Shortsighted, shortsighted, shortsighted.

      Statistical anti-spam methods work NOW because they are at the bleeding edge of the spam game. Only a few of us have bayesian filters going, and so the spammers haven't caught up.

      Meanwhile, when the spammers catch on, that is to say, once enough ISPs or individuals install bayesian filters that they notice that their spam isn't getting through, they'll compensate, just like they have with EVERY other anti-spam "technology" out there. In fact, I suspect it's already happening - my SpamBayes Outlook add-in is catching less now than ever before. It still does a good job, yet, but false positives are up as are uncaught spam--all this despite 100,000+ "training" spams (I get about 700-1000 spams a day). Why? Spammers catch on. Email looks more innocuous. There are more clever tricks.

      I suggest, therefore, that statistical methods are EXACTLY THE WRONG SOLUTION in the long run, therefore, because their net effect is that SPAM will look more like regular email, thus disrupting email service in the long run even more. Yes, it makes sense for an individual on the bleeding edge like you or me to run statistical stuff, but the ultimate answer to SPAM is:

      Law, litigation, jail, and accountability.

      that's it. it works in other countries, and it could work in yours and mine too. yes, there's that sticky problem that the internet is global, but fortunately there is no government in the world that is ideologically "pro spam." At best, there are ignorant governments that can be manipulated into stupid net tricks as tuvalu and turkmenistan were with their country suffixes, but that's a temporary thing.

      SENSIBLE REGULATION OF THE NET TODAY, PLEASE.

      not big brother, not slashdot-esque slippery-slope arguments of how once a government gets their hand on anything they can't stop, just reasonable law enforcement and law. if you show a stranger's 7 year old a picture of a man sucking off a donkey in almost any city in the world, you will go to jail. Yet on the internet this happens daily and nobody is punished OR EVEN SOUGHT.

      • The problem with the law is that then you have to define what you mean by 'spam', legally. Then you're right back to the same statistical problems, and the "winners" figure out how to spam without actually violating the laws, just like they're currently figuring out how to spam without tripping off the filters.

        • Re:On blocking spam (Score:2, Insightful)

          by MS ( 18681 )
          You don't need to define 'spam' *.

          In the EU, privacy laws protect people's privacy by forbidding to use personal information (e-mail address included) about persons which didn't give explicit written consent to do so, or which do not already have a business-relationship with you. The privacy-laws were not written to protect against spam, but they work perfectly in stopping spam.

          If only those other countries outside Europe would also enact similar laws, spammers would all be fined into oblivion and the In

      • Re:On blocking spam (Score:5, Interesting)

        by the-build-chicken ( 644253 ) on Monday August 04, 2003 @10:21PM (#6611971)
        SENSIBLE REGULATION OF THE NET TODAY, PLEASE.

        I remember reading once that responsibility is the flip side of freedom...when you ask someone to take care of something (e.g. regulation), you give up the responsibility, and therefor have no right to complain about the loss of freedom. Because we are only free to the level that we are willing to take personal repsonsibility for our lives and the society we live in.
        • I remember reading once that responsibility is the flip side of freedom...when you ask someone to take care of something (e.g. regulation), you give up the responsibility, and therefor have no right to complain about the loss of freedom. Because we are only free to the level that we are willing to take personal repsonsibility for our lives and the society we live in.

          And how does this theory relate to spam?

          Your quote is accurate when it comes to consensual issues (drugs, prostituition, gambling, etc.), ho
      • if you show a stranger's 7 year old a picture of a man sucking off a donkey in almost any city in the world, you will go to jail.

        Not to sound like a troll here, but how would your 7-year-old's email address get on the Internet in the first place without him/her violating the Children's Online Privacy Protection Act (COPPA)?

        I think you made some very valid points, though.
        • Because the COPPA doesn't apply in almost city in the world?

        • Re:On blocking spam (Score:3, Insightful)

          by grahamm ( 8844 )
          The address does not have to have already gotten onto the internet in order for it to receive spam. Spammers use dictionary attacks etc to send to 'random' users at a domain, and if one of these happens to be that of a 7-year-old ......

      • I wouldn't be opposed to a simple amendment clarifying that the junk fax law in the US applies to Spam (it seems to me it does anyway, but I understand the courts are for some reason reticent to apply it.) But I fear, with good reason, that any legislation that is realistically going to be passed is going to be something very different. It will not only have the slippery slope type provisions you mention, and set a very bad precedent for the future in that respect, but it will also excempt lots of so-calle

      • The answer is to *make it cost* to send a message. For as long as sending thousands of messages costs next to nothing, spammers will continue to do it.

        There are two reasonable ways to make it cost money to send messages. One is to charge a tiny postage fee (say one cent, or even 0.1 cents) for each message you read. The other is to demand 'payment' in terms of CPU cycles, by getting the spammer to compute something before constructing a valid message.

        Jail for spammers is one way to 'make it cost', but

  • This is really too bad. (Score:3, Interesting)

    by MrLint ( 519792 ) on Monday August 04, 2003 @04:59PM (#6609516) Journal
    This appeared to be really one of the few spam handling i have seen in a long time with a lot of potential. Im hoping that it will comeback in a different form someday.

  • Bad Philosophy (Score:5, Insightful)

    by FortKnox ( 169099 ) on Monday August 04, 2003 @05:01PM (#6609529) Homepage Journal
    inaccurate system is worse than no system

    I think any blocking is better than no blocking. The only 'bad' thing is false-positives. If you lower your blocking to prevernt false-positives, you still have a service that is desired even if you don't catch them all...

    • Re:Bad Philosophy (Score:2, Insightful)

      by diospadre ( 244392 )
      It's possible that by lowering the blocking that Trustic's service would block less spam than other services. Couple this with another possibility, them being unable to justify the resources to fix/improve the service to the level of quality they want, and their best bet is to make available their work to others and axe it.

    • Re:Bad Philosophy (Score:5, Funny)

      by Anonymous Coward on Monday August 04, 2003 @05:13PM (#6609635)
      I think any blocking is better than no blocking.

      Then block all mail from odd-numbered IP addresses. A full half of all spam comes from those addresses!

      The only 'bad' thing is false-positives.

      Oops!

      If you lower your blocking to prevernt false-positives, you still have a service that is desired even if you don't catch them all...

      Ah, change it to only block prime-numbered IP addresses. Much fewer false-positives, and you are still blocking some spam.

      Seriously, I'm really impressed that Trustic had the ethics to back off when they determined that the system didn't work. I hope they'll be back with a better system.

    • Re:Bad Philosophy (Score:5, Funny)

      by kmak ( 692406 ) on Monday August 04, 2003 @05:13PM (#6609638)
      I agree.

      This reminds me of a story:
      A guy was speeding along many others along a highway. He was later pulled over by a policeman. The guy cracked, "But everyone was speeding, why did you get me?" The police then asked, "Have you ever gone fishing?" "Sure.." "Have you ever caught them all?"
    • I'm annoyed with spam-blocking lists because my range of IPs has been blacklisted, even though I'm totally innocent. The blacklists know they have to block lots of non-spamming addresses, they don't seem to mind. But I guess ultimately those who use the lists are to blame rather than the lists themselves.

      • Re:Bad Philosophy (Score:2, Insightful)

        by dissy ( 172727 )
        > I'm annoyed with spam-blocking lists because my range of IPs has been
        > blacklisted, even though I'm totally innocent.

        You are giving money to an ISP that is spam friendly.
        You are directly at fault for them being in business still.
        You are not at all innocent.

        Change ISPs. Tell your current ISP why you are changing.
        Give your money to an ISP that actually cares about the spam problem, and isnt itself the spam problem.

        The blame falls not just on the spammers, but the people that keep spammers in busi

        • Re:Bad Philosophy (Score:2, Troll)

          by Kaa ( 21510 )
          You are giving money to an ISP that is spam friendly.
          You are directly at fault for them being in business still.
          You are not at all innocent

          Riiiight.

          You are smoking a joint, so you support terrorism, correct? "Directly at fault" I would say...

          So, dissy, tell me, do you take upon yourself all the sins of corporations the products of which you use?

          • I do support Columbian death squads. So I only buy pot from Columbia.
          • > You are smoking a joint, so you support terrorism, correct? "Directly at fault" I
            > would say...

            If my dealer was a terrorist, then yea.
            But no dealer i know is a terrorist.. They are usually just some dude that likes to smoke to the point they buy in bulk and wanna make a buck on the side.

            Maybe higher up dealers have that problem, but I dont know, I never met one.

            If i knew a dealer i bought drugs from turned around and bought guns to do war shit with, then no, i would not buy from that person.

            You

        • Re:Bad Philosophy (Score:2, Insightful)

          by Czmyt ( 689032 )
          Dropping your ISP is not an option when they are the only affordable high-speed Internet provider in the area. I'm guessing that the people at AOL Time Warner/Roadrunner care more about ridding their network of spammers than they care about losing a few customers who don't want to be associated with the same netblock as bunch of spammers who have already moved on. I think lists like SPEWS Level 2 give blocklists a bad name.

          • Re:Bad Philosophy (Score:3, Informative)

            by Tackhead ( 54550 )
            > I'm guessing that the people at AOL Time Warner/Roadrunner care more about ridding their network of spammers than they care about losing a few customers who don't want to be associated with the same netblock as bunch of spammers who have already moved on.

            I think we'll have to agree to disagree here.

            You see, judging from the metric fuckloads of spam coming from 24.0.0.0/8, I'd guess that AOL-TW cares more about the pubic hair on Ted Turner's soap bar than ridding their network of (clueless re

        • Re:Bad Philosophy (Score:3, Interesting)

          by sjames ( 1099 )

          Change ISPs

          If only it were all that simple. Some blacklists make an honest effort, others are far too broad. In cases I have seen, people have found themselves on a blacklist because:

          1. A long time ago, in a galaxy far away, a spammer used the block, but got terminated the same day
          2. ISP has strict no spam policy, but has had several spammers come onboard (and get quickly terminated), they're more than willing, and quite strict, but it's like playing whack-a-mole.
          3. A dialup bank exists in the same
      • "The blacklists know they have to block lots of non-spamming addresses, they don't seem to mind."

        Blacklists don't mind, being simply a list, and not having a mind. People choose to implement the lists of their own free will. If you don't like that, write to them to try to change their mind, or use another ISP which doesn't implement the blacklists, if you can. But don't take it out on the poor lists - they never done nothing.

    • Re:Bad Philosophy (Score:5, Insightful)

      by Frymaster ( 171343 ) on Monday August 04, 2003 @05:53PM (#6609967) Homepage Journal
      these are the ways we can stop spam:
      1. at the source: make it unprofitable for the spam to be sent in the first place. this can be done by either:
        1. fines or other state sanctions.
        2. lack of market.
        1. is faster in the short term - but as long as spam is profitable, there will be those willing to risk sanctions. 2. takes longer and is a bit pie-in-the-sky, but eliminating the market is the only permanent solution.
      2. at the tansmissionn level: get rid of those relays! if it is technically too difficult to send spam, the amount will drop accordingly.
      3. at the recipient level: this is where filtering fits. really this is just a subset of 1.1 - removing the market. if no one sees the spam because of the filter, they won't buy and spam becomes unprofitable.
      looking at this analysis, it seems that 3. is the best option because it helps acheive a lack of market and profitiablity which is the only permananent solution...

      however, an imperfect filtering system defeats this formula. consider: if a filtering system can be bypassed with some effort on behalf of the spammer then those spammers who have the kung fu to get their mail through acheive a distinct competitive advantage over their competitors. if there are 10 spammers sending you 10 messages a week, you have 100 spams. that's a lot of "noise". if you filter these spams but one spammer can get through the filter, you are only getting 10 spams. that's "good" but - and this is a big but - that spammer now has way less competition. the signal to noise ratio goes way up for that one spammer and his/her individual messages become more effective because there are no competitors in the inbox!

      the result is that imperfect filtering may put nine spammers out of business, but the one remaining will make a killing. eventually that one spammer will pick up the other nine's contracts and, boom, you're back to 100 spams. new spam agencies will rise to the new level to cash in on this profitable venture and the cycle starts all over again.

      and that's bad.

    • In an end user system, you're right, but I've got a friend whose business is regularly put in jeopardy by spews because they take a shotgun approach and screw any collateral damage and hell no we won't be held accountable for our mistakes.

      They're putting a number of legitimate people between a rock and a hard place because it's very expensive to change providers when you're providing high-bandwidth connectivity, but at risk of losing customers who can't send the email they need to because their customers

  • One can dream! (Score:5, Funny)

    by borgdows ( 599861 ) on Monday August 04, 2003 @05:01PM (#6609531)
    I recently received an email from Microsoft saying:
    "We have decided to stop distributing Windows. We have determined that the system as it currently is designed will not achieve the level of reliability and security that we require, and an unreliable and insecure system is worse than a non-MS system like Linux or MacOSX."
  • Anyone with experience with this system and the Bayesian filtering know how they rate against each other? Can one conceivably combined the two?
    • He(or she) has a good point here. With enough time and money, we could build a damn nice spam-filter system. The problem here is the time that it would take to integrate the two together, without them fighting overly much. I believe that if AOL and Microsoft were really serious about fighting spam, they could spend a bit of their hard-earned(yeah right) money on this, which could actually gain windows some points in many geeks' eyes. If there was a cheap application to stop this, I'd definitely give it a lo
    • Sure you can combine them, as you can see here http://www.trustic.com/help/dns You could set up spam assasin (among others) to use the Trustic DNS block list.

  • Why technology alone is not the answer (Score:5, Insightful)

    by Rathian ( 187923 ) on Monday August 04, 2003 @05:03PM (#6609550)
    Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them. All too often they find ways.

    Even Earthlink's vaunted SpamBlocker is not bullet proof, in spite of using it, I still get some spam that slips in through it.

    This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.
    • This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.

      This is one of the reasons why we need to get to the root of the problem so we can neuter parents to preclude them from having these children.

      Seriously, there's a problem with attitudes. What the hell happened in their childhood that promotes these people to ignore their conscience and annoy millions of people for the name of $? Once they're in their adulthood, no laws o
      • What the hell happened in their childhood that promotes these people to ignore their conscience and annoy millions of people for the name of $?

        I agree with you, and I'd really like to know the answer to your question. Unfortunately, here in the United States this attribute seems to be the rule rather than the exception.

      • That's right. Invading Iraq and killing those damn Iraqi's in the name of cheap oil is one thing, but sending me spam. Those kids cross the line there.
    • I have a system that would completely eliminate spam. It would not be based on filtering, would not cause any false positives, and would prevent 99% of what you think of as spam.

      It would also have other benefits.

      Problem? I couldn't get venture capital funding to build it. I've still got a business partner who is looking for money. If we get money, I'll build it. Unfortunately no one wants to put money into something that would compete with Microsoft's system. (They are working on a stupid, fatally flawed
    • If you outlaw spam, only outlaws will have spam

    • Re:Why technology alone is not the answer (Score:5, Insightful)

      by Arker ( 91948 ) on Monday August 04, 2003 @05:48PM (#6609927) Homepage

      Technology alone isn't the answer.

      Getting government involved won't help, however. You're going to kill the good and let the bad live going that road.

      Spam can be stopped, with the current technology (with 10-15 year old technology, actually) with a little social and economic help.

      Ask yourself, how do spammers make any money out of being pains in the ass?

      Mostly by scamming their employers, of course. They tell regular small business folk they'll do 'legitimate marketing' and get them to pay for it before the results of that marketing, a swarm or pissed off people who want the poor folk to die and will certainly never buy from them, appear. Those sources won't last forever, people wise up after getting burned like that.

      No, to have a stable source of income. The serious spammers are hooked up with contracts with BIG ISPs. Small ones won't work, because when we find out who they are we threaten them with the black hole and they fold quick.

      But there are a handful of really huge providers that threat doesn't work on. It's just not realistic to blackhole someone that provides backbone service, someone that has so many legitimate users you do more harm than good when you cut them off. They know that, so if a spamhaus offers them a sizeable premium they feel safe hosting them. That is the big reason that current efforts like MAPS haven't practically eliminated spam already.

      The key is to distribute the infrastructure. If there weren't any companies owning a large enough chunk of the infrastructure to fancy themselves immune to consequences, spammers would never be able to make a reliable profit and they would die out.

    • Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them... This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.

      Spam filtering has always been a catch-up game in the past. However, with Bayesian filtering it seems that anti-spammers have deployed a solution p

    • Filtering technology alone is not the answer. But an authentication scheme where the sender demonstrates the ability to use the From address would eliminate almost all of the spam that forges that information and make filtering or litigating the rest easy.

      The issue is that, while weak recipient authentication was built into SMTP, corresponding sender authentication was not; this means that everyone is always anonymous (except for name tags they write themselves), there is no accountability, and people beha

  • It takes Balls to admit that you're wrong. (Score:5, Interesting)

    by _Sambo ( 153114 ) on Monday August 04, 2003 @05:04PM (#6609553)
    These folks had a dream. They tried to make it work. When it became apparent that their solution was not viable, they had the honor to admit to it.

    The hope of finding a solution to spam is expressed in the final line of their current site welcome screen:
    We remain confident that the problem of spam is a solvable problem. Thank you for your help with this great experiment.

    God bless them for trying.
    • Maybe their solution WAS viable, but they would rather not be just a half-assed anti-spam service.

      Maybe all the mediocre hardware manufacturers should give up too. "Who needs another low-cost motherboard?"
      Or maybe Red Hat and Mandrake should just give up because Debian is obviously better?
      Maybe Yahoo and AltaVista should shut down their seach engines because we already have Google.
      It would be sad if this was a trend in today's economy. Companies just give up because they think they can't make money.....

  • Whitlisting alternative (Score:4, Interesting)

    by Marcus Green ( 34723 ) on Monday August 04, 2003 @05:04PM (#6609556) Homepage
    I have been using an outfit that supplies a whitelisting service (port995.com). The idea being that the first time anyone sends you an email, it gets put into a queue and they get a response asking them to reply. Once they reply they get put on the whitelist, the message goes through and all future messages pass through without further messing.

    As only a teeny tiny percentage of spammers supply genuine return addressess or read the responses the upshot in my case seems to be "new spray on no more spam"..

    Inevitably some people don't read the first response or cannot be bothered to respond, but I guess those folks didn't want to contact me that badly anyway, so I don't want to read their messages that badly.

    Marcus

    • Re:Whitlisting alternative (Score:5, Insightful)

      by grogglefroth ( 461680 ) on Monday August 04, 2003 @05:12PM (#6609617) Homepage
      The problem wtih this solution is that legitimate mail from new contacts never reaches you - because it was a machine that sent it in the first place. Bill notifications and software registration keys etc would all fall victim to this, as you will often not know ahead of time what to whitelist. The greylisting approach seems *safer* in this regard than the challenge/response systems like port995.
      • If you had looked at the service, you would have noticed that you can also manually add emails to the list without requiring a reply. So if you just signed up for a new service, then whitelist the email address.
        • Bzzzzt! Wrong!

          Try reading the comment again:

          "Bill notifications and software registration keys etc would all fall victim to this, as you will often not know ahead of time what to whitelist."

          The problem illustrated here is that often times you don't know what address to whitelist, and hence can't add it ahead of time.
          • The problem illustrated here is that often times you don't know what address to whitelist, and hence can't add it ahead of time.

            And before someone says "just whitelist their domain", often times messages come from a completely different domain than the one you've signed up on. Personally that pisses me off, but it's a fact of life of outsourcing I suppose.

          • May be you guys should look at a simpler solution. Most whitelist email provides a "junk mail" folder where you can view all the emails that you do have not whitelisted. If an email comes from a new source, you can always catch it. And it is a LOT easier to catch 1 recognizable email address (or title) from 100 junk then to have your inbox full of junk and good all mixed together.
            • Maybe...however part of the problem now is that people get a lot more junk than legitamit messages.

              Seems to me that wadding through a junk folder to find messages the spam filter missed, isn't a whole lot better than having the junk sent to you in the first place. You still have to wade through the same amount of junk...doesn't matter if it's one legit message or 100.
              • The thing is, with the whitelist vast majority of your legitimate emails come through without any effort (in my case, it has been 99%). Only email that I have to check is from a new e-biz vendor. The way our brain works, it is MUCH easier to find the message header (or address) that you recognize from random text than the otherway around. So even if a legit email is the junk folder, you can find it very quickly. And since vast majority of your email comes through without any problems, you don't have to che
                • What about the situation where you didn't whitelist them because you didn't know the sender? Might be hard to know what to look for in the list. Sometimes you can scan the subjects, sure, but often the subjects aren't very descriptive. Spammers also have a tendency to use subjects like "About your order..."

                  I personally would be more likely to miss the one legit message in the junk folder...I suppose it's all about which method works best for you. I personally use dnsbls and spamassassin...gets almost a
          • The solution to this is tagged addresses. This is what TMDA [tmda.net] uses (dunno anything about port995.com).

            The basic deal is that you tell amazon.com that your email address is someuser-amazon-cryptochecksum@foo.net instead of someuser@foo.net. Any mail sent to that address gets right through to your mailbox. If Amazon ever starts spamming you, you revoke the address. TMDA has some front-end tools to make generating the addresses (handling the crypto) pretty painless.
            • Not a bad idea, but it seems like it might be a bit of pain. The question is, is it worth all this effort to block spam? If the blocking methods are just as intrusive as the spam, then what's the point?
              • I used to get about 50-100 spams/day. I now don't get ANY spam (using TMDA). It took a fair amount of work to set up but in daily use it's transparent. Any outgoing mail automatically gets added to the whitelist so no one replying to your mail has to know that you're doing any of this.

                I used to run a variety of filter-based anti-spam stuff (homegrown and SpamAssassin) and the occasional false-positives kept me constantly checking my "spamtrap" filter. Major PITA.

                What I've found since using TMDA is tha
      • read my reply below

        http://slashdot.org/comments.pl?sid=73536&cid=66 09 900
    • Now if they would just develop something like this for telemarketing calls...

      "Hello. You have reached my house automated answering filter service. Please leave your name and number and a brief message and I will call you back if I feel like it. Once I call you then you will be able to freely call me from this number at any time."

    • That'd only be reasonable if you get a hight enough number of spams.

      Up to now, I'm lucky - currently, spam accounts for less than 10% of my incoming mail and most of that comes in via the alternate freemailer account that's victim to brute force spamming every other day. (I don't leave my main mail address at many places across the net.)

      It's such a small amount that I could almost ignore it, but instead i use it to train my POPFile installation which is already very good at sorting not only spam, but all

  • It really wasn't very accurate (Score:5, Informative)

    by sgifford ( 9982 ) <sgifford@suspectclass.com> on Monday August 04, 2003 @05:14PM (#6609643) Homepage Journal

    I've been doing some research about the accuracy of different spam-blocking solutions, and Trustic had a huge false-positive rate. It misidentified 8% of my personal non-spam mail as spam, including mail from my Mom (it blocked our local cable ISP completely), my aunt (it blocked some AOL MX's), my insurance company (who the hell knows why), security warnings from CERT, and the NANOG mailing list.

    It did have a good blocking rate---65%---but using a combination of other RBLs (the most optimal I found was DSBL + SpamHaus + Blitzed) it's possible to block nearly 75% of spam with only a .02% false positive rate (a single mailing list correspondent with an Argentinian ISP that has open relays was blocked).

    It really is probably best that they laid this project to rest.

    • Re:It really wasn't very accurate (Score:5, Interesting)

      by Hayzeus ( 596826 ) on Monday August 04, 2003 @05:23PM (#6609710) Homepage
      65%? Seems low compared to something that scans content, like spamassassin. I get around 90% blocked, with a relatively low (maybe 1% false positive after a week of tweaking on and off).

      The biggest problem spam assassin has as far as false positives appears to occur when people attach text from a commercial web page rather than a URL pointer. This invariably causes the email to get identified as spam, particularly if the page text contains any references to commerce.

      • 65%? Seems low compared to something that scans content, like spamassassin. I get around 90% blocked, with a relatively low (maybe 1% false positive after a week of tweaking on and off).

        I'll take Mozilla's filter over that. By now, I have over 98% spam tagging rate, and I've only ever had 1 false positive, and it was an autorespond from a company (hardly counts). It has seen about 1500 spams or so.

        What we need is a massive spam repository to train those Bayes filters.

    • I had very similar results when I tried it last Friday. I ran it for about an hour before deciding that what it did block (AOL) was going to cause a lot of false positives.
    • Thanks a lot for the tip; after several false positives in the company's SMTP server, I had decided to solely allow bayesian filter to handle the separation. Unfortunately the thing is still in "training" and it lets flow tons of garbage.

      RBLing from guys like osirusoft did a great job until i figured that they had practically black listed every single IP in Mexico (and we get like 30% incoming mail from here).

      Would you be kind enought to share the figures you arrived to with the rest of us?
    • you can do better then that.

      try
      relays.osirusoft.org +
      bl.spamcop.net +
      blackholes.easynet.nl +
      dynablock.easynet.nl

      and you'll nail 97-99% of the spam upfront and not waste bandwidth accepting their crap

      • osirusoft was very slow in my tests (sorry, not quantified yet, but the tests took about 3 times longer to finish than other RBLs), had a higher-than-average false positive rate (0.26%), and it lost important messages---from a former boss from whom I needed a letter of recommendation, my insurance company, a prospective consulting client, and my MozillaZine welcome message.

        bl.spamcop.net was better, but it still had a false-positive rate of 0.16%, about 8 times higher than others. None of the messages I l

  • Just needed more customers... (Score:5, Funny)

    by Anonymous Coward on Monday August 04, 2003 @05:14PM (#6609649)
    If they had only had more customers, I'm sure they could have held on longer.

    If only they had found a quick, easy, inexpensive way to solicit hundreds of thousands of new customers using the Internet they could have stayed alive!

  • Ironic (Score:5, Funny)

    by Root Down ( 208740 ) on Monday August 04, 2003 @05:21PM (#6609687) Homepage
    Alas, it could not even filter out their own mass email...

  • The problem (Score:3, Insightful)

    by Anonymous Coward on Monday August 04, 2003 @05:23PM (#6609715)
    Spammers flooded the system with valid adresses to ruin the system. There was no way to combat this problem.
    • Wow! That's the most interesting thing in the article, if true.

      It's also a problem that will recur in any public cooperative effort. SETI@home has to essentially double their work because they know that it is possible that a large percentage of their results are crap. The problem is guaranteed to be worse if someone profits by poisoning.

      The only answer I know of is validation. As I understand it, SETI@home ensures that any dataset is processed by at least two different nodes. I assume one problem with Tru

  • Vigilantism. (Score:1, Funny)

    by Anonymous Coward
    This is why we need vigilantism. Spammers are less likely to risk spamming if it puts their families' lives at risk! And no, I AM NOT KIDDING HERE.

  • So thats why (Score:3, Insightful)

    by Lemuel ( 2370 ) on Monday August 04, 2003 @05:38PM (#6609846)
    Trustic wasn't replying to my submissions anymore. Now I know why.


    While I did my part to contribute to the Trustic database, I wasn't real sure about their methods. I submitted spam messages as they requested, but I had to tell them which address to consider to be a spam gateway. The addresses above that are marked positive. I always picked the first address outside of rr.com, but for all I know the nearest Roadrunner smtp system is a spam forwarder and I should have flagged it as negative. Pooling lots of people's ignorance won't necessarily provide good information.

  • I don't understand why everyone is so worked up about SPAM filters. There is a simple way to handle SPAM - use whitelist.

    I have been using a whitelist email for over a year and I can honestly say SPAM's don't bother me at all. It takes literally 4 to 5 seconds to look over 40 to 50 unapproved senders' message headers (enough for once a day). It is a LOT easier to sort out names you recognize from a sea of junk then the other way around. And when you get an email in the Inbox, you know it is somebody from y
    • Theres an easier way.

      Use a hotmail/hushmail address to sign up for slashdot and other web forums and porno sites.

      I get maybe a half dozen spams per year on my real account, and a couple hundred people and businesses have the address.
      • Isn't that same as creating a whitelist but using two separate email address to do it? I used to do the same, but I just got tired of switching back and forth since I made many purchases on-line. Now, I just give out my email address without thiking about it twice and I still spend very little time dealing with junkmail.
    • Tell me how I am going to look at the hundreds of senders a day and verify they are OK to let through? I can't. Therefore, something needs to be there to filter it. Are filters tons better? No, but they atleast keep some of the crap out.
      • I do that everyday and it is surprisingly easy. Here is my personal experience. The first month was bit confusing since my Address list didn't cover EVERYONE who regularly sends me email. So, going through the SPAM folder was a pain, but after that, 99% of my legitimate email comes through without any problems. Only new email I get is from new vendors. But when I order something on-line, I know to expect an e-mail from them so I just look for their email in the SPAM folder. Trust me, human pattern recogni

  • Market For Spammers (Score:5, Funny)

    by heli0 ( 659560 ) on Monday August 04, 2003 @05:43PM (#6609885)
    How about we set up a market for spammers, modeled after the Iowa Electronic Markets [uiowa.edu]. Except instead of buying futures in political candidates, you buy futures in a spammer dying. If people stand to make millions from a certain spammer biting the dust then the market forces will apply themselves naturally.
  • Statistical filters (like those that run at the user level, not side-wide) can very effectively filter spam for users without the fear of collateral damage that goes hand-in-hand with blocklists. Although locking IPs and netblocks definitely saves bandwidth, it can result in loss of legitimate mail.

    Statistical filters such as Bayesian filters have the advantage of considering all mail, then filtering out spam based on content. In my testing on over 5000 emails over several months, I have only had 5 "false

  • whitelist servers (Score:1, Redundant)

    by zoloto ( 586738 )
    what we need is white list servers, where only those who are in your contacts list (Addressbook) can be let through to your inbox. A standard Comma Seperated Value (.cvs) document with just addresses at the least will do just fine leaving the server to do the filtering to /dev/null.

    When a user sends out to a new address it's automatically added to the white.lst this can also work for domains...

    Another idea... have special filtering options available so if you fill out a form on a webpage, you can add a s

  • Trustic is good (Score:1, Insightful)

    by Anonymous Coward
    Trustic is a good service, The author is trying to save the world and his giving up when he feels he cannot.

    I didn't think his service was all that bad, it just needs some shaping up.

    1) Pos query was a bad idea, since all emails are trusted by default and were overriding negative trust on real spam which results in way too many false positives.

    A good solution would to create multi trust levels with a no status default query.

    Example:

    I enable trustic query on my mail server, then i login, i see all the m

  • Can be a server operators nightmare... (Score:5, Insightful)

    by Sim9 ( 632381 ) on Monday August 04, 2003 @07:28PM (#6610732)
    For small server operators, getting falsely listed in a central blacklist can be a long and painful process. Inheriting a 'bad' IP address (one that was previously used for spamming, and is now recycled to a new owner) or getting banned as part of a range for the datacenter hosting you essentially blocks you permanently. Few people running these are concerned about false-positives, as everyone that tries to get themselves unlisted /must/ be a spammer. Perhaps this isn't true of the majority, but I've had horrible experiences with at least a minority.

    Mod me down if you must, but if there's going to be a central blacklist, there should be checks and balances to its system.
    • simple solution, dont use hosting services that support spammers, like XO, C&W, any of the bell companies, burst, verio, etc. Check www.spamhaus.org/sbl to see if the hosting service your thinking about using is a known spam haus or not. Companies with lots of listings should be avoided.
  • The problem faced by Trustic was a lack of positive recommendations. People were quick to complain about spam, but slow to make any positive recommendations.

    The effect of this was that large mail servers (eg cable gateways, etc) which let through a very small percentage of spam but s detectable quantity, would get a host of negative recommendations and the server would become untrusted.

    I don't think this was an unsolvable problem - it requires dealing with trust, and positive versus negative recommendat

  • Innocent victim of anti-spam systems (Score:5, Interesting)

    by Cogneato ( 600584 ) on Monday August 04, 2003 @10:52PM (#6612175) Homepage
    Over the past few months I have been through a lot fighting anti-spam ip lists, primarily relays.osirusoft.com and spews. For all those saying that false-positives are rare or not that much harm compared to the need to stop spam, I think if you were in my shoes, you would feel differently.

    The whole thing started when a spammer signed up for service at the hosting company that I have been with for several years. I have a server there with many of my clients websites on it (I am a web designer). So, the spammer purchased service at the same host as me, and happened to fall within the same IP block as I did. He was soon discovered and shut down, but the damage had already been done... spews and relays.osirusoft.com both put the ENTIRE ip block in their system.

    Think about it this way: what can the host really do? The spammers come in, pay the setup fees, get one good night of spamming in, and then move on.

    It took me several days to track down why some of my emails were not going through and who I had to contact to get removed from these lists. relays.osirusoft.com had some tools that is supposed to re-check, but it did no good... as far as I know, the thing doesn't even work.

    In reading through these two websites, the self-righteous bastards that put together these lists really don't take any responsibility for their actions. They are quick to add entire IP blocks and take weeks to remove them even after the host has contacted them to inform them that the spammer has been shut down. These anti-spam lists apply fault to the host or to the isp implementing the list, but never to themselves, while at the same time preacing the wonders of the services they provide. If they don't want to take responsibility, then they should print more warnings about the mass amounts of false-positives that actually happen.

    In addition to the anti-spam lists, the isps really need stop relying on these lists as the first defense to stopping spam. I had a chance to talk to one of them that a client of mine was going through and they told me that there was no way they could add me as a trusted ip because the anti-spam list comes in front of the exceptions list as a first line of defense. Even after we finally got removed from the anti-spam lists, many ISPs did not update their copies of the lists for weeks afterwards, causing more blocked emails even after we were off the list.

    So, after hours and hours of frustration, fielding support calls, yelling, long distance phone calls, writing emails, reading page after page of self-righteous dribble, and trying desparately to explain that I just happened to have an IP address that was a coupled dozen numbers off of that of a spammer, as far as I am concerned, the more anti-spam lists that die, the better the place the world will be.

    I hate spam. I cuss every fifth time I have to delete one (making that about 20 or 30 nasty words a day)... but the people who have really cost me the most time, money, and headaches are the anti-spam lists. Good riddance.
  • Interesting, see my earlier post about them.
    http://slashdot.org/comments.pl?sid=72548&cid=6542 483 [slashdot.org]

    Wasn't too impressed, crazy that the O'Reilly people picked them of all folks, looked to me like the author had some connection with the service. Bad form.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close