Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam

Spam Conference in Boston 241

bpfinn writes "Are you working on your own anti-spam solution? Would you like to compare notes with other coders? You'll get your chance at the Spam Conference in Cambridge on January 17, 2003. Among the speakers are: Paul Graham (of "a plan for spam" fame), ESR, John Graham-Cumming (of "POPFile" fame), and Matt Sergeant from MessageLabs. According to the homepage, this conference will be very informal: "no fees, sponsorships, proceedings, luncheons, contests, etc. Just a series of quick, concentrated talks, and then we all go off and get Chinese food." Slashdotters who are peeved about spam can register here."
This discussion has been archived. No new comments can be posted.

Spam Conference in Boston

Comments Filter:
  • by brejc8 ( 223089 ) on Friday December 27, 2002 @07:00PM (#4969783) Homepage Journal
    What they should do is to advertise the event using popups.
  • Heh (Score:5, Funny)

    by Em Emalb ( 452530 ) <ememalb@gm a i l . com> on Friday December 27, 2002 @07:00PM (#4969786) Homepage Journal
    "Are you working on your own anti-spam solution? Would you like to compare notes with other coders?"

    If you are, and would like the NATIONAL EXPOSURE only email can get you, call the number listed below. You will be giving MILLIONS the opportunity to receive your amazing breakthrough via email.

    To unsubscribe (suckers!!) please click the link below.
  • Sweet! (Score:5, Insightful)

    by intermodal ( 534361 ) on Friday December 27, 2002 @07:00PM (#4969787) Homepage Journal
    A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.
    • Re:Sweet! (Score:3, Insightful)

      by Zeinfeld ( 263942 )
      A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.

      Well that is pretty much how conferences start. They begin as a technical session with 5 experts talking and 50 people in the audience, then the next year there are more people and the program gets longer. The year after that there is an exhibition which the year after becomes an exhibition floor. After that the whole thing goes downhill and turns into a trade show.

      That is exactly how the RSA Conference and Interop began.

      I am somewhat disappointed by the means of choosing the papers, basically the first people to propose a talk. As a result the spam conference will only be discussing filtering approaches based on identifying the spam. The alternative approaches based on authenticating the genuine signal simply won't get a hearing.

      The problem with filtering approaches is that they only work as long as the attacker does not have access to the filter. If the attacker does have access to the filter they can repeatedly test and modify their spam until it gets through. That is why the filtering built into Outlook fails, the attackers have access to the filter and can use countermeasures.

      Filtering techniques are a hacker solution, they only solve the problem for the small community of hackers that use them. Once they are used generally they fail.

      • "I am somewhat disappointed by the means of choosing the papers, basically the first people to propose a talk. As a result the spam conference will only be discussing filtering approaches based on identifying the spam. The alternative approaches based on authenticating the genuine signal simply won't get a hearing. "

        That's where the "confer" portion comes in. If that's your concern, go and say it over Chinese, or see if you can't get ahold of someone who is going to bring it up for you.
  • security? (Score:3, Funny)

    by 2MuchC0ffeeMan ( 201987 ) on Friday December 27, 2002 @07:02PM (#4969793) Homepage
    umm...

    since spammers and advertisers always stay one step ahead of technology, shouldn't users register to get in?

    i know there's a few spam artists out there i'd like to keep out. any open source software or ideas they come up with and speak about may be directly spoken to the enemy.

    granted, this is worst case scenerio, but oh well
    • Yeah, but then you've got the whole "security thru obscurity" thing working. It's no good to come up with a spam-fighting technology that doesn't work if spammers know about it. That's why we have tools like SpamAssassin [spamassassin.org], where it doesn't matter if they're aware your're using it.
    • Someone 4 posts down was modded +4 Insightful for saying the same damn thing. Geez, wake up..

      Anyway, this is correct. Spammers already troll anti-spam lists looking for information on new anti-spam techniques just so they can slip around them.
  • Whatever happened to that idea where any message sender (with a white list to op certain ones out) would have to make a nummerically intensive calculation before delivering the message? Easy for single messages, but hard for a million.
    • I'm sure someone came up with this idea already. But these spammers have lists of E-mail adresses, mostly coming from automatic E-mail harvesters.

      If everyone put a couple of pages with a few hundred thousand fake E-mail adresses (automatically generated) wouldn't that make these lists less valuable.

      It would increase the amount of spam at first, but given enough fake adresses, it would come down in the end. It's a number game, to put someone who "owns" 1 million real E-mail adresses out of business, you would need to post some 100 million fake ones for him to harvest. That is no more than 2.5 Gb of HTML and some coordinated effort.

      mmmm...
  • Focus (Score:5, Insightful)

    by The Bungi ( 221687 ) <thebungi@gmail.com> on Friday December 27, 2002 @07:15PM (#4969850) Homepage
    I do hope they focus on the bandwidth problem. We've all seen the recent stories here about the slimeball spammer who's return rate is something to the tune of 0.000001% for 100 million messages. Or some such statistic. And yet he's swimming in $$.

    The better spam filters get, the more horsepower these fuckers are going to put into plying their trade. That 100 million herbal viagra batch didn't work? Oh, OK, let's send out 1 billion messages then.

    Their capacity to add processing power to their operations will grow exponentially as the efficiency of spam blocks increases. But there's only so much bandwidth to go around. Ergo, suffer the ISP (mine and yours, not theirs). Something's gotta give.

    I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

    • Re:Focus (Score:2, Insightful)

      by viscous ( 455489 )

      I happen to agree that the bandwidth eaten by spam is the ultimate problem, and that filtering doesn't really address that. But out of fairness I thought I would mention the counter-argument made by the proponents of filtering:

      If you get enough of the large ISPs and electronic mail services to filter all their customer's mail - enough to eliminate (say) 95% of the spam currently getting delivered - then the spammers will only be making 5% of the sales they are currently making. Which may be enough to drive them out of business.

      I don't believe it will work, but that's the party line I expect you'll be hearing at the conference.

      • Re:Focus (Score:3, Insightful)

        I happen to agree that the bandwidth eaten by spam is the ultimate problem...

        For me personally, bandwidth isn't an issue. I'm on DSL, my servers are locked up tight and not contributing to the problem... for me, the problem is that 95% of the time my "New Mail" alert goes off, it's all SPAM. I don't care about the bandwidth issues; doesn't affect my home connection much, and doesn't affect my server's connection at all. It's my time.

        My solution? Well, I haven't found a perfect solution, but (given that bandwidth isn't my main concert) Mozilla's bayessian (sp?) filtering is working well so far. Hopefully the next major Moz release will handle this better.

        Currently (1.3a) it marks SPAM as "Junk" mail automatically. After only a few days it easily recognized SPAM. After a week there have been NO false positives. After 2 weeks it seems to be dead-on accurate.

        Hopefully the next Moz release will let me do more with it (such as NOT playing my "New Mail" sound, marking them read, moving them to a Junk folder, etc). So far 1.3a is showing serious promise, at least in the filtering part. It uses Bayessian filtering (based on the Plan for Spam article linked above -- a good read if you haven't seen it), and is quite good so far. I would personally be happy if, using the Mozilla current implementation, I could never see mail Mozilla sees as "Junk" mail.

        My point was simply that for me, bandwidth isn't the problem -- and I run several (not open-relay) mail servers -- rather, the problem is the time I spend manually filtering SPAM from real mail (running several domains). Bayessian filtering is perfect, as it's based on the individual user. It's what got me to try Mozilla mail again in the first place (first time since M12), and already, just having it mark them as "Junk", it's saved me a ton of time.
    • Re:Focus (Score:4, Insightful)

      by MacAndrew ( 463832 ) on Friday December 27, 2002 @09:22PM (#4970377) Homepage
      I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

      Yes, but ... the crowd that's buying herbal Viagra is a tough one to reason with by definition. Then there are the "get rich quick" suckers -- just try explaining basic math to them.

      There's an old saying that some people will buy anything. Spamming is about locating them. The rest of us get caught in the overspray.
    • My plan for spam (Score:3, Interesting)

      by gad_zuki! ( 70830 )
      >And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM

      Why the carrot and not the stick? Imagine spam honeypots luring the people who answer spam into giving up their credit cards and posting them publicly. Or listing names of people who visit honeypot sites like animalsexxxxxxx.com through a spam click. Make sure to report them to their employer if this is done during 9-5.

      Then we'll see the obligatory news articles about hackers co-opting spam. Something tells me that all the spam marketers and companies that use spam won't be much of a problem when Joe Blow is worried about hackers and losing his job over spam.
    • Re:Focus (Score:3, Interesting)

      You don't get it. The product being sold by spam isn't Herbal Viagra or College Diplomas -- it's the spam itself.

      It's a pyramid scheme. It's not about selling the product. It's about convincing people to pay you to sell their product through spam, to buy your address lists, or buy your spam software.

      It's not about the people stupid enough to buy, it's about the people stupid enough to think "With all this spam, someone out there must be buying."

      A large percentage of spam doesn't even have a valid contact address/url/phone. It's purely about claiming to prospective clients that you can deliver X messages or have Y valid addresses.

      So, go ahead and convince grandma not to buy any spam prodcuts. Great. Meanwhile these guys are on a sales arms-race that will eventually render standard netmail useless.
  • Spam Conference... (Score:5, Insightful)

    by VistaBoy ( 570995 ) on Friday December 27, 2002 @07:18PM (#4969867)
    Because we're having a conference on spam to begin with already means that the spammers have won. Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?
    • that would be a bad thing how? the more time they spend trying to figure out ways around, the less time they have to actually send spam.
    • by glwtta ( 532858 ) on Friday December 27, 2002 @07:54PM (#4970048) Homepage
      Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?

      We'll all talk really quietly.

    • > Because we're having a conference on spam to begin >with already means that the spammers have won. >Besides, what keeps spammers from attending the >conference and figuring out how all the spam >guarding stuff works?

      What do you suggest? That we ignore a very real problem because we don't like it? Spam isn't going to go away if we pretend it doesn't exist! This conference isn't about secret techniques that spammers can't know about - it is about designing better protocals and gateways which are more immune to spam - stuff they'd learn about anyway. It's about *colaboration*, not giving out secret spam info
    • Let them attend, I say. Let them heckle from the back of the room, saying "aw hell that won't work, if you do $this then I can just do $that." Hey presto, the researchers get a better awareness of the failure points, and the solutions ultimately developed are that much more robust.

      Think about it -- this is exactly the same argument that favors open source software over proprietary equivalents. "With enough eyes all bugs/security holes are shallow." Without exposure to real life spam & spammers, how is anyone ever going to know if new techniques work? If the conference is attended by both pro- and anti- spam advocates, we'll all get to the meat of the issues that much faster -- you might as well be confronted with the problems while a bunch of experts are in the same room to hash out a solution...

    • by bugbear ( 448726 )
      A good spam solution will have to work even if the spammers know how it works. I believe that Bayesian filtering, which is what a lot of the speakers at the conference will be talking about, is such a solution. Spammers can't outweight the incriminating words they need to use in their sales pitches with innocent words, because the very innocent words (names of friends, terms used in one's work, etc.) are unique to each user.
    • "Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?"

      A lot of anti spam tools are already open source for easy dissection. Besides, a good anti spam routine should be the same as strong encryption: A knowledge of exactly how it works should only prove that there is no optimised, 'most efficient' attack.

      Until anti spam techniques reach this level (bayesian filters like in the new mozilla, perhaps?) then we will be on the defence.

    • I don't agree that it means that spammers have won. It only means that they are enough of a pain in the ass to warrent holding a conference.

      Let them attend. The only real solution is one that even if they are fully aware they still can't do anything about it.

  • by 8BitWimp ( 603191 ) on Friday December 27, 2002 @07:21PM (#4969884)
    Its ironic that this conference (and other discussion groups) are focusing on dealing with, filtering, and otherwise trapping SPAM. It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email which would simply not provide mechanisms for the broadcast of SPAM, and the hijacking of mail servers. Spammers are just as ingenious as the folks valiantly trying to filter it. Until we consider a new approach, we will just be battling an ever growing volume of SPAM mail.
    • I've been promoting this notion for a couple years at least, while at the same time offering a spam filtering tutorial for Pegasus users [just-stuart.com]. I've seen others also promoting the same general concept, sometimes with more details. However...

      "One's feelings waste themselves in words; they ought all to be distilled into action[s]... which bring results."

      Florence Nightingale

      To see this happen, somebody needs to do it rather than talking about it. A technical demonstration, at the very least. And if I'm missing something and there's something like this in the works, it needs publicity, development support, testing, etc. to take it "out of the lab" and moving toward common use.

    • It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email...

      Not true. The simplest solution is economic. If raise the cost of sending e-mail by as little as one penny / thousand e-mails, most spam becomes uneconomical. Poof, the spammers go out of business.
    • It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email which would simply not provide mechanisms for the broadcast of SPAM, and the hijacking of mail servers.

      How about just properly configuring the existing mailservers?

      The hijacking problem is mainly with mail servers misconfigured as open relays.

      No switchover needed.

      As was pointed out in the last round of spam-article comments, you can't eliminate the header-forging problem, as at some point you have to trust the server that's supplying you with mail. So a new scheme would not help with this.

      In summary, I don't see how switching to a new scheme would help.
    • Again and again it's been proposed, and every time it is calmly explained to the proponent why it's totally unworkable. What's your idea, micropayments, public key authentication, etc.? People are always glad to hear someone's solution to all spam, but understand it's probably been posted and debunked already.
    • > only solution to eliminating SPAM is to develop a completely new architecture

      Take a look at DJB's im2000 concept

      http://cr.yp.to/im2000.html

      LL
  • by Lucas Membrane ( 524640 ) on Friday December 27, 2002 @07:21PM (#4969885)
    There is no such thing as anti-spam, thank goodness. If there were, and if the spammers sent it spam, the spam would be gone, but copious gamma rays and neutrinos would result, and the bystanders would all die from the radiation.
  • by MillionthMonkey ( 240664 ) on Friday December 27, 2002 @07:21PM (#4969887)
    This problem is not difficult to solve. All you need is a "conference" of enraged global villagers marching up the road to Alan Ralsky's [2mbit.com] house equipped with dynamite, pitchforks, Bayesian filters, and burning torches! We could bring some diplomas from prestigious nonaccredited universities to get the fire going. And afterwards everyone gets Chinese food.

    OK, maybe it wouldn't solve the problem, but it would make great reality TV. Wouldn't you rather watch a spammer get lynched than sit through yet another gold digger beauty pageant on FOX?

  • by Dylan_t_p ( 630258 ) on Friday December 27, 2002 @07:22PM (#4969889) Homepage Journal

    could it be here?? here? [slashdot.org]

    oh well since it's about spam only makes sense to post it more than once.
  • by NineNine ( 235196 ) on Friday December 27, 2002 @07:23PM (#4969896)
    Doesn't this seem just a bit fishy to anybody else?
  • My spam solution (Score:4, Informative)

    by archnerd ( 450052 ) <nonce+slashdot...org@@@dfranke...us> on Friday December 27, 2002 @07:26PM (#4969916) Homepage
    I use SpamAssassin [spamassassin.org], combined with some scripts available here [linuxfromscratch.org]. Since I implemented this system last month, I have gotten exactly one piece of spam, and it got through because the body contained nothing except a URL.
  • by mark_space2001 ( 570644 ) on Friday December 27, 2002 @07:28PM (#4969926)
    1. Declare Spammers are terrorists.

    2. Fly a C130 "Ghost" Gunship over their house.

    3. Open Fire.

    4. Enjoy "Miller" brand beer in a Spam Free world.

  • What is so difficult about blocking spam and e-mail worms? Just have a shared word that must be in the subject line (or else it gets filered out) and give that word to anyone you want to allow to contact you. Here on slashdot you could tell people about it in your sig, and never get a single piece of spam again, and what makes it better than whitelisting, even your friends, if infected with an e-mail worm, will not pass it to you, as the worm has no way of knowing the shared word.

    And people are spending millions to block spam and worms why?
    • If you propose to include your magic word in slashdot programs, the spammers will soon write scripts to find such magic words and spam you anyway.

      Don't underestimate the intelligence of the enemy. For example, does not currently parse base64-encoded MIME attachments, so suddenly spammers are all base64-encoding their spam. [sourceforge.net]

      • How would they know what the word is? They can't very well include the entire text of you slasdot post in an e-mail...

        It would be far easier for spamers to work around slashdot's e-mail obfustication than for them to pull one word out of a sig.

        There really is no way speammers can get around this one... Which is in stark contrast to EVERY OTHER SPAM FILTERING OPTION.
    • Sure, and then the spammers will figure a way to 'sniff' smtp traffic for nefarious purposes -- how about 'inserting' spam in legitimate e-mail automatically. How you like them spam filters now?

      And sure, this _might_ require hacking into some high-security NOC. On the other hand, it might just be a simple dns poisoning attack and a rogue smtp server that forwards mail after altering it.

      Ultimately no victory against spam can be had until we have one of:
      1: Fundamental change to how SMTP/e-mail works, and get everyone to switch (unlikely).
      2: Grassroots movement to boycott the businesses that profit from spam, to the point of putting them out of business. (unlikely until _everyone_ is 'online' and disgusted with spam)
      3: New legislation that causes massive fines for businesses that profit from spam. (unlikely in the U.S. given the political corruption we suffer from).
      4: Vigilante gangs rampaging through businesses that profit from spam, lynching spammers (or at least giving them a good thrashing), and massive correctly targeted cracking attacks against their computer systems.
      • You make it seem like it is trivial for spamers to take over secured servers and routers. It's not.

        These types of attacks you mention have far more serious implications than the ability to read your e-mail. If someone could accomplish them, they would already be doing so.

        1. There's nothing wrong with SMTP (when it comes to spam)
        2. So competitors can spend out loads of spam under the guise of their own competitor, and get record business.
        3. There are enough laws. And they don't help when anyone can route their traffic through anonymous proxies, and send it from out of the country.
        4. Sounds like fun, but not too likely.
  • Darn (Score:4, Funny)

    by anotherone ( 132088 ) on Friday December 27, 2002 @07:32PM (#4969947)
    I was hoping that this would be a conference for spammers rather than anti-spam coders...


    Then we could destroy them all in one place.


    Finally a cause the entire internet community could rally around.

  • Been running this for a few months now on MS Outlook (I know, I know) and it does work.

    www.cloudmark.com [cloudmark.com]

    It uses a moderation system not dissimilar to Slashdot (but maybe without the weird 2+2=5 maths) and in my experience DOES work. YMMV. I've yet to have it filter a legitimate message, and it picks up about 70% of spam into my Inbox...

  • by toupsie ( 88295 ) on Friday December 27, 2002 @07:45PM (#4970001) Homepage
    What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months. I would be on the look out for people wearing too many gold chains reaking of hottub clorine wanting to make your penis larger in less than 7 days while offering you a Micro RC Car.
    • What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months.

      How would this help them? People have known how the RBL, for instance, works for years, and yet it's still quite effective.

      Likewise, filtering based on content still works despite being around for a while because spam mails ... have to contain spam.

      In summary, I don't see what they'd learn that would be of use to them.
  • ... an anti-spam conference. Nobody would want to exchange business cards at pro-spam conference.
  • Now if they could just get Bernard Shifman [petemoss.com] to show up...
  • I actually publicize my email address to get more spam now, just to watch PF smack it!

    • "I actually publicize my email address to get more spam now, just to watch PF smack it!"

      Actually I thought of a better thing to do:

      Whenever I get a spam where they have some sort on 'confirmation tag' in it using a URL with my e-mail address, I extract it, change my address to uce@ftc.gov (which is the FTC's spam collection address) and THEN load it in my browser.

      Basically I am getting the automated system to send spam to the authorities.

  • Ding!

    Get out those AOL CDs and bags of dog poo! [slashdot.org]

    hehe...

    Happy New Year Ralsky.
  • I would watch out for spammers crashing the party and trying to cause serious problems. If you read some of the rants from these people on nanae, you can see how they would be capable of causing trouble for the anti-spammers gathered at the convention. There are a ton of spammers and it only takes a few of them to file false police reports, harass attendeees, etc. They've shown again and again that they are immature. Just look at how Ralsky harassed that guy who took pictures of his house. Many prominent anti-spammers have received death threats, this shows the level of hatred that some spammers have.
  • > Slashdotters who are peeved about spam can register here.

    For which they want your email address--and add that it shouldn't be too heavily shielded against spam. Hmmm....

    Chris Mattern
  • I'm using AGMSBayesianSpam [bebits.com] under BeOS to filter out spams from my email and it does a really nice job -- but my poor benighted Windows/Outlook using friends want to use a nice Bayesian Spam filter too, and I don't know what to recommend to them.


    Can anyone recommend a Bayesian Spam filter that (a) works with Outlook and Outlook Express, (b) is dead simple to install and use, and (c) works really well? I'd love to be able to point them at a URL.

  • Well, the first test [slashdot.org] message worked, and so did this second one. Now we'll get thousands of attendees for the Spam Workshop, using the time-tested approach of automatically posting an announcement in a public forum every few days. If only there was a reg fee --- $$$ Profit!

  • by Anonymous Coward on Friday December 27, 2002 @09:37PM (#4970411)
    The biggest barrier to just about any method of eliminating spam is the prospect of having to basically re-do every mail server on the internet to comply with some new spec. Client filtering is nice but doesn't cut it. People find ways around it, and you still have to deal with all the bandwidth.

    SMTP needs to go cold turkey. Someone writes out a new spec, that specifically doesn't hook into existing SMTP. Jam in whatever you need to eliminate the problem (whatever that would be, I don't have a proposal for that).

    Then you say "After Jan 20th 2003, we will no longer accept SMTP mail, you must have l33tSMTP (or whatever). If you want to continue to send us email you must install a l33tSMTP server"

    Then of course, you need the 'critical mass' factor. You have to have a bunch of the major players (AOL?) actaully agree to go along with this. Since if only a handful of sites install l33tSMTP then it'll be about as useful as AlterNIC.

    Then you sit back and wait for the bitching. Lots of people will whine and whine and whine, and you tell them "Too fuckin bad, upgrade or be lost".

    Then, backbone providers start rejecting SMTP traffic. "Sorry, no more SMTP, you must send all your mail l33tSMTP to travel on our backbone".

    It'll really hurt, and in the end things will be fixed. Then in a year's time we'll all look back on this and laugh and say "ha ha, remember when hotmail refused to upgrade? Where are they now? ha ha".

    Now if we could clean up USENET too.

    • There's no point in rewriting SMTP. Spam is not a technical problem. It's a content problem.

      Actually there's a pretty simple way to eliminate spamming. Just add spam detection rules to mail servers. Then make sure every spam message takes 5 seconds to send or receive.

      This way legitimate mail is not harmed and even spam gets delivered. However, it takes ages to send a million spam messages -> less spam -> no profit for spammers.

  • by Maskirovka ( 255712 ) on Friday December 27, 2002 @10:02PM (#4970483)
    I receive about four spams per day, but as opposed to deleting them, I look at their headers, run a trace tool, and notify the service providers and upstream ISPs. This usually limits the amount of spam I get from a specific asshole for a while. There's one that keep bugging me however: exprodmx15.postini.com (the 15 changes to diff numbers periodically).

    According to the website, postini is a spam filtering company. Doesn't it seem a little bit strange that they'd host a spam relay? Exodus (postini's primary provider) doesn't seem to care too much, since postini is a well to do business. Postini sends an automated response that says "this message is only passing through postini's mailserver. it's not our problem". My first thought would be that postini is running open mail relays as a form of gaurilla advertising to spam busters, but it seems a little bit far fetched. I don't keep a list of addresses or domains, but postini is the only one that i've noticed for about a month that keeps reacuring.Is this sort of thing normal?

    • Some spammers have realized that the outrage that follows their mailings is a resource that they can use against their enemies.

      They do this by forging the headers in such a way that it appears that a "white hat" has actually been responsible for the spam in some way.

      Then when the zealous, but unsuspecting user examines the headers, they end up directing their perfectly understandable opprobrium towards the spammer's enemies (anti-spam groups and companies, usually) instead of the spammer themselves.

      It's called a "Joe Job" and it's the new price of admission for anti-spam activists.

  • I started playing with procmail and grep and the whitelist idea, and after a day or three I cooked up this monstrosity. [sourceforge.net]

    If you email me, and you're not in my whitelist, you get a message from my "secretary" asking you to confirm your email address. If you're a spammer, you never see that message. If you're a human being, you either reply to the confirmation request (if the message was important) or you ignore it (if the message wasn't important, in which case I'm happy not to hear from you).

    The only problem is those damn Nigerian bank scammers. They actually read their replies. i've heard from two of them in the six or seven months I've been running this whitelist contraption.

    But anyhow, spam is no longer the annoyance it once was. I still look forward to strong laws against spam, because I know my bandwidth is being wasted (and other peoples' too), but at least I don't have to see it.

    I used to look down on the whitelist approach, because in a sense it is admitting defeat - they're still out there burning up bandwidth, and this doesn't help catch them. But, I'm so glad to be free of spam... Every time I check my email and find no spam, it feels like victory. For me, the great annoyance of time wasted dealing with spam far outweighs the minor inconvenience of increased bandwidth consumption.

    Y'all can play games with spam and spammers if you want to, but for me, for now, it's yesterday's problem.

  • City by the sea
    Cradle of revolution
    All spam overboard
  • If there is going to be a Spam conference there has got to be a representative from Hormel, the makers of Spam. They even have a Spam Museum [hormel.com], Spam Recipes [hormel.com] and much more on their Website [hormel.com]. You can even order online [c-els.com], if you don't want anyone to know you are a closet Spam Freak, or read Spam Trivia [hormel.com].

    Regardless of what you think of Spam, someones eating those 6 BILLION cans they have produced since 1937.
  • http://spamprobe.sourceforge.net/ [sourceforge.net]

    I've installed 3 weeks ago, and only 1 spam went through, and I've got only 1 false positive, out of over 700 messages received in that time.

Your own mileage may vary.

Working...