IBM Unveils Anti-Spam Services to Stop Spammers 443
bblazer writes "CNN Money is running a story about a new IBM service that spams the spammers. The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. From the article, ""We're doing it to shut this guy down," Stuart McIrvine, IBM's director of corporate security strategy, told the paper. "Every time he tries to send, he gets slammed again."""
Now the teeth come out. (Score:2, Interesting)
What about the zombie PCs (Score:4, Interesting)
Any idea what this actually means? (Score:3, Interesting)
Great... (Score:3, Interesting)
Can RSS Solve The Spam Problem? (Score:3, Interesting)
Interesting that the figure has dropped so significantly in a year's time. The mere fact that email has been so thoroughly polluted as a medium by spamvertisers prompts me to think that RSS could be a way to circumvent email and its problems entirely. Imagine if people had pass-protected RSS feeds for all their contacts, as well as group feeds and a public feed. Then, when it's time to email someone, you just insert a new entry in that person's feed. A mechanism that checks feeds 10 times an hour should be sufficient. In terms of end-user interface, it would be identical to email in every significant way. Just seems to me that there's no room for spammers in a system like that, since in order to be "spammed" you'd have to subscribe specifically to a spammers feed.
There would be a lot of traffic overhead with a system like that, but it couldn't possibly be worse than the 75% spam overhead of email.
Yes, but what about the network traffic? (Score:2, Interesting)
Doesn' this just... (Score:2, Interesting)
Nevermind the fact that most spammers don't use a real e-mail address (shocker) -- but my IT department doesn't have funds to waste attacking spammers.
Re:Any idea what this actually means? (Score:4, Interesting)
More me too bullshit (Score:3, Interesting)
1. Not use SMTP, sounds like a shocker but like the doctor says "if it hurts don't do it".
2. honeypots can be used to waste spammers time
3. Absolutely don't reply to spam in any form
But the real problem is SMTP is not a reliable or robust protocol for the problem it tries to solve. The fact that people keep pushing it shows they're lazy.
But you don't have to abandon SMTP completely. Something as simple as hashcash could essentially eliminate spam.
Just nobody wants to actually implement it [re: think about a mozilla/thunderbird plugin that uses X-HEADERS to put/read hashcashes].
Tom
agreed (Score:3, Interesting)
Isn't that sort of like cutting off your legs to run faster?
Re:jokes writing themselves... (Score:2, Interesting)
I know that this was supposed to be a joke, but it's worth some thinking. Are anti-spam services really always meant to stop spam? IMHO, this isn't redundant, but a strange business model if you really think about it.
We've got this new product here and if it suceeds it will be completely superflous!
Re:works great for honest spammers (Score:3, Interesting)
Now what if the collective zombie PCs are instructed to spam the anti-spam service?
Smurf (Score:4, Interesting)
Re:works great for honest spammers (Score:3, Interesting)
Re:e-mails coming from a computer on the spam list (Score:2, Interesting)
That article is completely wrong (Score:3, Interesting)
The net result is quite similar (Score:4, Interesting)
Re:works great for honest spammers (Score:1, Interesting)
The CNN story is rather light on detail. Like how do you send an email back to a machine that is unlikely to be listening on port 25 (as most zombies are)?
Re:Can RSS Solve The Spam Problem? (Score:1, Interesting)
Re:agreed (Score:5, Interesting)
I went through chemo and radiation last year. The idea of chemo is that it kills cancerous cells, but it's completely untargetted, so you end up poisoning the whole body.
Without the chemo, I'd likely be dead now. I traded a few months of extreme weakness in exchange for near perfect health now.
Re:agreed (Score:2, Interesting)
So to you my bestfriend and soulmate, I wish for the best, and so wish you have the strengt to enjoy the summer.
Re:Can RSS Solve The Spam Problem? (Score:2, Interesting)
As for the problem of having to subscribe to the feed, I only really see this as a problem in a public e-mail address such as site admin or some other such thing. If these were the only addresses that worked, though, spam would likely reduce greatly. Hell, look at Hotmail. By default, it bounces anybody not whitelisted (in your addressbook).
And as for having to give out your new info if you switch ISPs... one, there are ways around that (forwarding and such- which is extremely easy with RSS); two, this is no different from regular old email, or any other contact medium for that matter. If you switch mail servers, you have to give out your new address. If you move, you have to give out your new phone # and address. Either that, or set up forwarding.
Re:Smurf (Score:2, Interesting)
SMTP runs over TCP. Establishment of a TCP connection involves a three-way handshake, i.e. A sends a message to B, B sends a message back to A, A sends a third message to B. Each message includes information from the previous one.
If C tries to spoof a TCP connection to B as though it came from A, B will send the second message in the handshake to A, not C. As a result, unless C is capable of snooping A's traffic, C will not be able to send the third message in the handshake as it will not have sufficient information.
As a result, it will not be possible for spammers to spoof their IP addresses and cause DoS attacks to non-spammers.
The smurf attack works because ICMP is a simpler protocol that does not involve connection establishment.
Incidentally, there are techniques by which TCP connections can be spoofed, but they generally rely on guessing the information in lost packets based on known flaws in TCP implementations. I believe most current implementations have fixed these bugs.
Matt
Re:Can RSS Solve The Spam Problem? (Score:5, Interesting)
http://cr.yp.to/im2000.html [cr.yp.to]
The basic idea is to reverse the concept of how mail is handled today. If you want to send an email, you store it on your site until someone comes and picks it up from you. It is never delivered, all mail must be picked up. Instead of pulling your mail from a single Inbox, you pull your incoming mail from hundreds of repositories, depending on who is mailing you.
One advantage is that if someone wants to send out a million emails, it is up to THEM to store it, not you. Blacklisting becomes easier, as does whitelisting, etc.
And for you whiners who love bitching about how Dan Bernstein is behind it so it MUST be bad, please don't bother. That horse has been beaten to death hundreds of times before.
Innocent bystanders? (Score:3, Interesting)
The collateral damage to innocent people will be tremendous.. If a spammer is stupid enough to use his own machine, he would drop off line instantly after he broadcasts.. IBM's packets have to go somewhere, flooding out neighbors..
Plus, what if the person spamming has been infected with a virus and isn't knowingly spamming, or IBM's system misidentifies the offending machine? There would be hell to pay..
Yes, spam sux, and it needs to stop, but we need to do it properly..
egress filtering! where the hell is egress filters (Score:1, Interesting)
and its NEVER been done...
EGRESS FILTERING!
hey guys, get a freaking clue...
it works. use it.
do you know *WHY* it will never be used?
why would AT&T (example) filter a customer who is paying them $100,000 a MONTH to send their spam?!?
yeah, you got that right, spammers are paying that much just so the ISPs WILL carry their trafic. if all that money suddenly went away. well... you know the rest...
PS-I work for a MAJOR ISP that does this. I think I mentioned their name in this article....
IBM... Mother of innovation (Score:1, Interesting)
No real performance testing has been done, but speed is expected. The code basically consists of a few if/then statements and some DNS look-ups (which are cached in memory as well as on the DNS server). The mail server will probably bog down before FairUCE does.
Wow... sounds like the developers don't even consider this to be a substantial piece of software.
Re:Can RSS Solve The Spam Problem? (Score:2, Interesting)
IM2000 sounds like it'd work fine on a small intranet, but seems pretty much useless on a large scale network.
easy workaround? (Score:2, Interesting)
and I set the sending email address of my spam payload to be
"user@generic-isp.example.net", it sounds like FairUCE may let the spam
fly unmolested.
Re:agreed (Score:1, Interesting)
boba fett (Score:2, Interesting)
Re:works great for honest spammers (Score:3, Interesting)
Frankly, when you get down to the REAL details, this system addresses MOST of my complaints about C/R systems.
Re:It won't work (Score:3, Interesting)
an idea a lot of people have done is: reject ALL first attempts and label them. reject all incomings from that identity for x minutes. then open the gate and let them thru next time.
a valid sender WILL retry and queue up messages. a spammer will rarely queue up and retry.
this also works. downside is that you delay receipt of mail. but most companies are doing this, more and more.
It's either a DNSBL or something very like it... (Score:2, Interesting)
The CNN article says "IBM is not concerned about liability, even in cases where innocent senders might be misidentified as spammers, because all the technology does is bounce back the e-mails, said Gail." The WSJ article posted by someone above [slashdot.org] says "based on a new IBM technology called FairUCE, that uses a giant database to identify computers that are sending spam. One key feature: E-mails coming from a computer on the spam list are sent directly back to the machine, not just the e-mail account, that sent them." This sounds exactly like the DNSBL FAQ at www.spamhaus.org [spamhaus.org] which reads "Doing a DNSBL lookup on a message at SMTP connect time is cheap in hardware cycles and system time. Your DNS server may even have it cached from the last time the spammer tried. If your MTA already knows the incoming message is spam it can deny a spam message before having to pass it to mail-scanner (medium cost), through the virus scanner (medium to expensive), bayesian filtering (medium), spamassassin network tests: blacklists, DCC, pyzor, razor, etc. (medium - high). Mail rejected by a DNSBL does not disappear into the bit bucket. A DNSBL realtime rejection creates a delivery status notification (DSN) to the sender identifying the cause of the rejection, therebye allowing troubleshooting on the sender's end. Realtime rejection avoids the "backscatter" problem of some spam filters which accept delivery, close the connection, and then try to return the mail after it is determined to be spam. Of course, as we all know, most spam and all viruses have forged sender addresses, and so the "bounce" goes back to an innocent third party (if it is deliverable at all). Using the SBL-XBL lists together (recommended) rejects a very large amount of spam and virus mail with very low "false positive" rejections of legitimate mail. And remember, all those rejected legitimate mails are instantly reported to the sender with a DSN. "
The IBM page [ibm.com] says "FairUCE (which stands for "Fair use of Unsolicited Commercial Email") is a spam filter that stops spam by verifying sender identity instead of filtering content." "Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail." This suggests that the receiving mail server does a DNS lookup "at SMTP connect time" verifying that the from address is related to the owner of the IP address the mail is coming from i.e. email from joe@yahoo.com originating from www.msn.com "bad" email from me@myisp.net originating from www.myisp.net "good" or something like this. If the cash is of WHOIS lookups so what? IP addresses do not change hands very often (do they?), I may have a different IP every time I log on to the internet, but that IP is always comes up on a WHOIS as being assigned to my ISP.
Re:Well, duh... (Score:4, Interesting)
The general form of a "checklist" response is really old. I first saw such a form on USENET more than ten years ago. It originally appeared in in this rec.humor.funny post from December 1994 [google.com] whose author claims to have gotten it from a VAX conferencing system. The general idea of a standardized checklist for blowing someone off is probably even older than that.
I got tired of explaining to people why their cockeyed spam solutions wouldn't work, so I wrote this particular one about spam one evening and posted it here [slashdot.org] and here [slashdot.org]. I'm surprised it took off, actually. Now in every thread about spam I do a search for "technical legislative vigilante" to see if it's reappeared and it's there half the time. I only wish I had included a little dig for challenge-response schemes!
The part at the end about burning your house down is there because someone in the original thread proposed a solution to spam that was so abysmally bad that the poster was suspected to be a spammer himself- hence the "( )spammers could easily use it to harvest email addresses" item.
Judging from Google searches, [google.com] spam researchers seem to have mixed feelings about it. The form wears out its welcome all the time but keeps reappearing. Some like it and use it a lot to quickly dispatch stupid ideas from the peanut gallery. Others hate the form because it gets presented to them all the time when they present their proposals. It has actually appeared in a number of anti-spam research papers. One group of researchers, when proposing their solution, actually prepared a preemptive response to refute each form item.