Interview With The SpamAssassin

comforteagle writes "Howard Wen has conducted an interview with Daniel Quinlan of SpamAssassin. In it he explores what keeps Daniel motivated in the face of the unrelenting torrent of spam and new spamming techniques, as well as, what is working - what is not, and what he predicts spammers have up their sleeves next for defeating spam detection." From the interview: "If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."

Re:Complain as much as you can!

[dotslasher_sri]

and legally backed way of opting out of spam.

This might be a little difficult to do. Spamming is already is illegal in US. But anyone can spam from other countries. And making the US laws apply over there would be difficult.

in my opinion a fix to spam has to come from the software side, not from the government side.

How to stop spam

[Merdalors]

Two words: Spam Arrest. Zero spam, no filters to nurse, no lost mail.

Re:Complain as much as you can!

[winkydink]

The US and other countries could put pressure on China to get them to clean up their ISPs. If you reduce the number of safe-spamming havens, you should reduce the smount of spam.

Re:Complain as much as you can!

[hawkbug]

Keep dreaming. Most spammers are not in U.S., or if they are, they are untraceable unless your the FBI who has bigger fish to fry. No legal tactic on the planet is going to solve this problem. A technical solution is all you can hope for - which when you think about it, should be very possible and is getting closer all the time.

Re:Complain as much as you can!

[Anonymous Coward]

I'm beginning to wonder what people would pay, as a group, for the heads of spammers on a pike. I mean literally. Hunt down a few of the really bad ones, place their heads on pikes, and put the pikes in public places. They may not last long there, at least only until the police arrive, but that would probably send a pretty powerful message.

Other analogies

[LordOfYourPants]

"If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."

It seems pretty simple to me: complaining leads to awareness, which leads to action. Maybe a bunch of people on Slashdot griping about spam won't amount to jack, but let Oprah or someone else with a grappling hook or two on the office/church/bar water cooler complain about it and they can make a difference in social attitudes.

SpamAssassin is a good step but the real problem is the social system which makes spamming possible. How else can you explain a 60-year-old grandmother 1) using her computer as a spam relay, 2) acknowledging it on television, and 3) not seeing it as a problem because it's "legal" and she's getting regular cheques to do so?

How is it that a social/legal system can be designed to bankrupt and scare the shit out of people who share a few movies or songs but barely put a dent in the people sending out millions of useless, offensive, and content-bordering-on-the-illegal emails? Is there nothing wrong with this?

Re:Am I alone?

[bfline]

I'm with you. I hardly ever get spam. I just don't ever enter a real email address when it asks for one in forms. You know who you are people, who sign up for every contest. This is where you are essentially signing up for spam. I just put a fake address in when I have to fill out a form. I have two addresses, the real one that is just for friends and family and another that I use in cases where I have to use a real address on the web. But I rarely ever use that account.

Re:Am I alone?

[snorklewacker]

> Maybe I'm the lucky minority here, or my mail host has some crazy filters I don't know about, but I very, very rarely recieve any type of spam. Now, I don't go handing out my email address either.

Some of us think that's a really sad state of affairs when you can't have a public email address. I mean yes, there's cranks who might send you flames or whatever, but one shouldn't have to be utterly innundated with crap just for letting everyone know their address.

Sadder still is that this sort of secrecy just becoming the norm now.

(no, I don't put my email on my slashdot account, but I like being pseudonymous for other reasons)

The next frontier in spam fighting

[PurpleFloyd]

As alluded to in the article, the next chapter in the war against spammers is not going to be in blocking open relays [ordb.org] or known spammers. Rather, more and more spammers are using hordes of broadband-connected and spyware/virus-infested zombie hosts to do their dirty business.

This has both good and bad aspects. First, the good news: responsible ISPs will be able to block a good portion of spam at their routers and mailservers; it's not hard to detect and blacklist a PC which is spewing the same email to 20,000 different recipients. Unfortunately, it only takes a few poorly-configured ISPs to provide a great deal of bandwidth to spammers. Couple this with Windows' known security holes, and home users' typical apathy regarding patches and security updates, and you have a large pool of potential spam-hosts which cannot be as easily targeted as open relays or specialized spam-spewing servers. After all, if spammers are using a legitimate ISP's mail server to send spam, a remote admin can't block that mail server without also condemning large amounts of legitimate email to deletion, which may well be unacceptable.

The upshot of all this? The onus of spam filtering is going to be, more and more, on ISPs rather than on recipients. While this has its good side - spam filtered at the source doesn't take up as much precious bandwidth - it also means that filtering will be more difficult for those not close to the source.

Re:How to stop spam

[Anonymous Coward]

Oh yes, challenge-response. Stop spam by spamming everyone else, and making everyone so annoyed with you that they don't bother.

Not to mention that Spam Arrest are themselves spammers.

remember the economics

[LuxFX]

It depends on how you define "spam-free." If you mean that nobody is sending spam, posting blog spam, sending spam over chat networks, etc. then I think the chances are rather slim. If you mean that most people will rarely see [email] spam, then I think it's possible.

But I think that one would lead to the other. If relatively few people are seeing spam, then suddenly spamming is no longer making money for the spammers, and they would eventually stop actually sending it.

Of course that's an optimistic scenario. It would probably lie somewhere in the middle. Fewer and fewer people see the spam, so spamming itself is less and less cost effective. Fewer and fewer spammers participate, while the remaining ones will have to reduce their fees since there will be fewer views. Fewer spammers and less money mean less innovation. Eventually (hopefully), the entire movement will slow down until spamming is only done by a few recluses targetting only the most oblivious users.

Re:personalized training

[Daniel Quinlan]

(groan)

Someone (the author or some editor) added that comma to my sentence. My original email had no comma there. A clearer phrasing that would not tempt someone into adding punctuation would be:

[The least effective technique is] Any technique that tries to identify "good" mail with neither authentication backing it up nor some form of personalized training.

They also removed the name of the company where I work (IronPort [ironport.com]), which struck me as a bit odd considering how my job allows me to do open source was part of the article. I think my employer deserves some kudos for that. Not to mention implying that I'm more than just one of the developers. There are eight commiters, six of them on the Project Management Committee and two of them (Justin Mason and Theo Van Dinter) write at least as much code as me.

Re:All I can say is...

[wolf-]

For my kids, I use a whitelist only system.
If you aint on the list, you aint gettin through.

While I despise whitelist only systems in the business world, in this specific situation, it is the only way to ensure that only people the kids know, can email them.

We dont drop non whitelisted mail. It sits in a file for a while, and we go through it periodically if someone says "hey, I sent you mail" and they were not whitelisted.

Re:The next frontier in spam fighting

[Linux_ho]

As alluded to in the article, the next chapter in the war against spammers is not going to be in blocking open relays or known spammers. Rather, more and more spammers are using hordes of broadband-connected and spyware/virus-infested zombie hosts to do their dirty business.

Uh, where have you been? Non-malware open relays haven't even been on the radar for the last two years. Practically all spam comes from either virus zombies or known spammers hiring offshore ISPs to provide them with 'legit' relays. This isn't a "new trend." It's changed very little over the past couple years, the only trend I've seen lately is that MORE spam is coming from spam-friendly offshore ISPs, who seem to have a nearly endless supply of unblacklisted IP addresses to cycle through. Hello, APNIC?

Re:Your best choice

[Just Some Guy]

My email address is kirk@strauser.com [mailto], and I approve this message.

If you can't use your own address then your spam filters suck. I will not let spammers decide where and with whom I share my address. It is mine, and I'll do what it takes to defend it.

Re:Complain as much as you can!

[syousef]

"If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."

This fool needs to realize that not everyone is or wants to be a computer expert, or an email specialist just so they can use their email. If every day a barrel of paper junk mail got delivered to your door you'd sure as hell complain, not just arrange to have a paper recycling company sort and collect the rubbish, or learn about the intricacies of the US postal system.

When are we in the IT industry going to stop telling users that they need to be computer experts to run a computer. The RTFM attitude just does not cut it!

Re:A spam "bubble"?

[verbatim_verbose]

The problem with the idea of the spam bubble bursting is that spammers don't have the same economic situation that most companies do. Sending out spam to a million people doesn't cost much more than it does to send it to 10,000 - you can increase the number of customers you get without having to increase your "advertising" fees much at all, or having to hire more employees, etc.

This all means that spammers can be far less successful than any other business, yet still remain in business.

Re:Complain as much as you can!

[soliptic]

Spamming is already is illegal in US. But anyone can spam from other countries.

You're kidding yourself if you think that's the explanation. I reckon 80% of the spam I get is US based. No, I don't know that it's sent from mail servers in the US, probably zombies, but it definitely advertises US products to a US audience. Rx??? Didn't even know what that meant til I got 50 spam a day about it. What the hell is it with you guys and prescription medicine anyway? Approved for a new low rate? Is it really so difficult to find a mortgage via legitimate means?

Anyway, the point is it seems to me that if I WANTED to buy from the vast majority of spammers, then as a non-US citizen they wouldn't be interested in my custom.

From where I'm standing, at least, spam is mostly an American problem. Spanish-language second coming in a fairly distant second. China? Never seen any spam whatsoever advertising Chinese products to a Chinese audience.

And, imho, where the spam is technically sent from is utterly irrelevant. Follow the money!!