Analyzing AT&T's Anti-Anti-Spam Patent 314
An anonymous reader writes "Dan Gillmor is reporting in his eJournal taken, in turn, from Gregory Aharonian: AT&T has apparently been awarded a patent for circumventing certain spam filters, thereby providing slimeball spammers with yet a bigger hammer!" The patent covers "A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.)", although it's unclear exactly what AT&T want it for.
Obvious value (Score:5, Interesting)
If you look back, at the time AT&T would have been filing the patent they were in the consumer ISP business.
Odds are it was filed as an offensive tool to use against spammers.
A patent such as this could be used as a hammer against spammers using filter evasion approaches. The value of that for an ISP of the size of AT&T far exceeds the cost of filing a patent.
(AT&T are pretty clueless on many levels, but this looks like it was a smart move. It'll be interestng to see what, if anything, they do with it.)
Pink contracts (Score:5, Interesting)
What I suspect that they will do is allow it for their Pink contract holders and go after anyone else.
Wouldn't that be illegal in the US anyway? (Score:5, Interesting)
That's a question, not a statement.
Maybe AT&T is just disorganized (Score:5, Interesting)
I could see a guy inside of AT&T working on something, and having to justify his time to his bosses. The lawyers who filed the patent probably work directly for AT&T, and so they gave it to them, and asked if it could be patented. The patent lawyers filed it, because they're patent lawyers, and that's what they do.
I tend to assume that this situation would fit right into a dilbert storyline. I don't think it's part of a grand strategy.
I can't imagine that AT&T would sell spam technology, because it would be a public relations nightmare. And I can't imagine that they'd try to sue spammers for patent infringment, because that would be expensive, and they wouldn't get anything out of it.
A victory for anti-spam (Score:4, Interesting)
With the patent, AT&T can sue the makers of spamming software for patent infringement, unless SpamCo (or whatever company) makes sure that their mass e-mailer doesn't use any of AT&T's patented methods for avoiding filters. Of course, this will result in a crippled program: AntiSpamCo (or whatever company) knows exactly what SpamCo is not allowed to do, so their anti-spam filters will actually work.
So why is AT&T doing this? One, it could be good PR for them once AntiSpamCo et al. realize the implications. Two, (this is for all you conspiracy freaks out there) the government may have asked them do to it. Governmental agencies cannot hold patents. Only individuals and corporations hold patents.
I'm not trying to claim that AT&T is some benevolent corporation, though. It's entirely possible that, in addition to suing SpamCo, AT&T could also try to sue AntiSpamCo. They might not have as strong a case, but AntiSpamCo would still be using pieces of AT&T patent in their filtering software.
Despite that troublesome possibility, it'll be good to see SpamCo get what's coming to it. A lot (perhaps most) of SpamCos are rather or the sleazy, shoddy side; I'm sure there will be patent infringement. It will be interesting too see how soon and how vigorously AT&T will defend their patent in court.
Re:Hey! Shortsighted people! (Score:2, Interesting)
What about sending a physical junk mail in an envelope designed to look like you've won money? That's arguably circumvention.
Re:PRECISELY! (Score:3, Interesting)
Yeah, probably bad tactics. I applied for a trademark and copy right of one of my screennames for the express reason of maybe someday sueing some of the emails that look like their from me to me. I've always wondered if I could turn them into the FBI for identity theft? Now that would be a question worth finding out...
AT&T has cornered the market (Score:3, Interesting)
Re:Hey! Shortsighted people! (Score:0, Interesting)
Re:Hey! Shortsighted people! (Score:5, Interesting)
Just do a mass spam once a month, or even once a week, to every email address you can find. Do a few spams: one selling Viagra, a few pushing different types of porn, etc. Cover the basic list of things that get spammed for on a regular basis.
Make the offers believable, and direct the recipient to an appropriately believable web site. Take their credit card details (but don't actually charge the card), do the whole lot. Right at the end, though, put up a page and say "hey, this is a scam site. Lucky we didn't really take your money!"
This will make all of those people that actually buy from these emails actually think twice the next time they go to purchase.
I wouldn't mind getting these "spams" as often as other spam if only for the fact that because the goal of these emails is to educate, there would be no reason to try and break through Bayesian filtering (or any other form). That is to say that they would be very easy for me to filter and never see, and hopefully at the same time we would see a reduction in other types of spam as people are educated about the problems associated with it (as it would drive sales down).
Having said that, I know there is no limit to stupidity, so maybe the market will always be big enough...
Re:No, not hash-busting characters. Read the paten (Score:5, Interesting)
Yes it does. Note that while they describe many ways to alter a message, the specific method used is not central to their claim, which is merely that m different versions are created somehow, that recipients are assigned to sublists in which the same ISP does not appear twice, and each sublist gets a different version. While it doesn't mention them specifically, any technique using n random letters in a message will infringe, since it effectively divides all users into m=26^n sublists and sends the same message to all users in a sublist. Use of enough random characters effectively generates such a large m that each recipient lands in their own sublist. Therefore there is no need to "determine if the selected address is substantially similar to an address on the selected sublist" since there are no addresses already in the sublist. Nobody gets the same message, so you don't need to worry about two copies of one version going to users at the same ISP. It is algorithmically equivalent to what they're claiming.
The patent goes on to describe many ways that a message might be altered, like reordering paragraphs, etc. In general many of the techniques they describe are subtle and do not allow as many permutations as you can get from a bunch of random characters, and so they stipulate (as a part of the claim) that care must to be taken that no sublist contains two "similar" email addresses. Meaning, don't send two copies of the same version to two recipients at the same ISP, who will notice the identical message hash. Duh. Any spammer could figure that out for himself. And like I said, if you use a large enough m this part of the patent is irrelevant since you don't need to worry about this problem. All the messages are unique.
If you are too lazy to read the entire patent, and insist on only reading a small part, how about also reading what the claims section says instead of just the abstract?
Yeah, what in the claims section do you think I missed?
Sometimes, you know, patents are allowed that don't actually have prior art, or at least aren't as obvious as the abstract makes them sound.
While true, that's irrelevant in this case because this is an obvious patent with plenty of prior art.
Re:No, not hash-busting characters. Read the paten (Score:2, Interesting)
I hope that you noticed that I said 'If you are too lazy..." not "You are too lazy...". There is, in my mind at least, a large difference between adding "random letters or dictionary words" to break hashes, and using semantically similar but syntactally different paragraphs.
It appears that you think differently.
It is relatively easy to make filters that will ignore 'non-words', which make the random character method less effective, and the method of adding random words to messages would likely detract from the convincingness/power of a message being sent.
The trick of using html comments to hide these hash-busting words/characters is also easy enough to detect.
It would be more complicated to work out that a properly formed, completely valid looking message, with no strange words and no strange comments at all was spam. Having recognizable 'hash busting' sequences would tend to be recognizable, whereas this method would tend not to be.
Just because 'any spammer could figure that out for himself' doesn't mean they have.
Based on the contents of my inbox it seems that none of the spammers about have realized that. Most messages I get arrive in pairs.
Could you show me some of the obvious prior art with respect to this?
I don't mean the 'hash-busting' part, I mean the combination of any one of the claims in the patent?
I'm not meaning to say that you are lying, but do seem to be using the 'Everybody knows it is true' proof.
If it was 'obvious' it would seem that the duplicate filtering method of spam detection wouldn't work even now, woudln't it?
I may be wrong, but if I am, I would like evidence.
Re:Hey! Shortsighted people! (Score:2, Interesting)
Patents are public records, and spammers can read too. Since they are routinely breaking the law anyway, they'll grab a copy of ATT's patent, implement it, and use it against us.
get the spam tool makers (Score:3, Interesting)
Re:Hey! Shortsighted people! (Score:1, Interesting)
He sees absolutely nothing wrong with spamming, he's a salesman, if spam makes any sales for him, then it's good. The only reason he doesn't use spam right now: there is too much of it already. He keeps asking me for new ideas to lure people to his website.
useless patent # 3,454,343 (Score:3, Interesting)