Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam

DSPAM v2.10 Released 234

Nuclear Elephant writes "DSPAM v2.10 is finally available, after four months of development. This is the first stable release to include Bayesian Noise Reduction which was recently mentioned on Slashdot and in Wired News as an algorithm providing accuracy levels as high as 10x that of a human. Some other new features include Neural Networking - which finds nodes in a network that are contextually similar to form a decision matrix, Global Filtering - which provides SpamAssassin-like out-of-the-box type filtering for new users until they build up their own wordlist, Automatic Whitelisting - which automatically learns who your trusted senders are, and many other optimizations and enhancements. Head on over and download the latest tar ball."
This discussion has been archived. No new comments can be posted.

DSPAM v2.10 Released

Comments Filter:
  • Cool! (Score:5, Funny)

    by Anonymous Coward on Saturday March 13, 2004 @11:05PM (#8559233)
    I've always wanted a spam filter with 1000% accuracy!
    • Re:Cool! (Score:5, Informative)

      by Monx ( 742514 ) <[moc.seitilibiss ... [ta] [hsalSxnoM]> on Saturday March 13, 2004 @11:31PM (#8559347) Journal
      IIRC, the "10x better" means 10x lower failure rate. The wording almost seems meant to deceive. The idea is that if you misidentify 10 messages out of 100, the filter would only misidentify 1. Since you made 10x as many mistakes, the filter was 10x as accurate as you were.
      • Similarly, if one product is advertised as '90% fat free' and another as '99% fat free' then the second is ten times more 'fat free' than the first.
      • the "10x better" means 10x lower failure rate. The wording almost seems meant to deceive. The idea is that if you misidentify 10 messages out of 100, the filter would only misidentify 1. Since you made 10x as many mistakes, the filter was 10x as accurate as you were.

        The problem with that is that "Spam" is defined by humans and not computers. "Anti-Spam" software is programmed to *try to* filter out what the human would consider Spam..

        So if a human says Email X is Spam, then it is that human's Spam.

        • Re:Problem is ... (Score:4, Interesting)

          by Shisha ( 145964 ) on Sunday March 14, 2004 @05:34AM (#8560397) Homepage
          The bottom line is, "No software can ever be better than a human in defining Spam".

          That is true if the human is looking at a single email. Now give the same human a mailbox with 2000 messages, 1000 of which are spam (by his standards). He won't be thinking twice about calling the message spam and getting rid of it, so he's bound to makea couple of mistakes (happend to me a while ago, one of my friends has her email @ladymail.com and the Subject was in Latin - random to me. I called it spam befere even reading Hello,...).

          The claim that is being made is that if this poor man overlooks 10 spam emails, dspam will only overlook one. Whether that's true or not is another thing, and would again depend on the circumstances, but I believe it would apply to me.
      • There's still something wrong with this, though. Spam is what I say it is. How can any algorithm know whether the message I received is unsolicited or not?

        If I say it's SPAM, it's SPAM. If I say it's not SPAM, it's not SPAM. No filter can possibly be better than I am, and I don't want any filtering software claiming that it knows better than I. A personal message from a friend is still a personal message from a friend even if the subject line is "Hi" or "I love you."
  • The real problem (Score:4, Insightful)

    by Anonymous Coward on Saturday March 13, 2004 @11:08PM (#8559243)
    The real problem is people who actually buy this stuff. If no one was buying things from spam, no one would send spam. We all know this.

    I propose we start spamming. Anyone who responds gets a nice l'il pistol whipping and is returned to their comptuer. After the first news report, people will be afraid to respond to spam.
    • by www.fuckingdie.com ( 759660 ) on Saturday March 13, 2004 @11:20PM (#8559307) Homepage
      Is there somewhere that I can sign up to be a pistol whipper?

    • Spam people, take their money, send them something unpleasant enough to get on the news. Of course, you'd probably end up in jail if you tried this.

      But yeah, that would probably kill the spam market pretty well.
    • by kramer ( 19951 ) on Saturday March 13, 2004 @11:37PM (#8559365) Homepage
      I think the best answer the 'If nobody would by this stuff...' argument was:

      Spam works on the level of 1 in 10,000. The general population contains a far higher rate of mental illness, senility, and retardation.

      You'll never cure spam by 'education' of any sort. There are some people who are just too crazy or too stupid to learn.
      • by r_glen ( 679664 ) on Sunday March 14, 2004 @12:46AM (#8559627)
        But I thought they were the spammers.
      • Yes! You have it!

        Therefore, we can make responding to spam a way that society decides who is an idiot!

        Responding to spam should therefore be punishable by the revocation of the following privileges, which are given specifically because they assume that the average person is NOT an idiot:
        -use of computer networks without direct supervision of someone with an idiot-supervision license.
        -ability to vote
        -ability to work for the public in which responsibilty for others is given to you (so you could be a janito
      • I think we *should* answer spam.

        If *all* of us answered our spam, it would be like a mailbomb or DDOS attack, except they *asked* us to respond. Can they blame us, if we do?

        If there's a secondary incovenience, like the fact that they can't find their one sucker in 10,000, well too bad for them. Maybe they should have worked harder targeting their spam to suckers instead of getting past all of our spam filters.

        Actually, we don't *all* have to respond to spam. I'll bet if even 1% of us did, they'd be burie
    • Re:The real problem (Score:2, Interesting)

      by dillee1 ( 741792 )
      Nice idea.

      Make another email worm like MyDoom(call it MyDick/MyAss etc), with misleading title/body that sounds like those spam mail that enlarge/shrinks various human anatomy.

      People who reply those mails will be activated the virus and make his/her computer unuable. Soon nobody will have the gut to open spam mail anymore.
    • Re:The real problem (Score:2, Interesting)

      by Anonymous Coward
      Actually, there is another solution. Everyone could simply respond to the spam they get. That'd quickly ruin the ecomonics of spammers.
  • Details. (Score:5, Informative)

    by Anonymous Coward on Saturday March 13, 2004 @11:09PM (#8559251)
    Introduction

    DSPAM (as in De-Spam) is an extremely scalable, open-source statistical-algorithmic hybrid anti-spam filter. A majority of users running v2.10+ achieve filtering rates ranging from 99.92% - 99.98+%, DSPAM is currently effective as both a server-side agent for UNIX email servers and a developer's library for mail clients, other anti-spam tools, and similar projects requiring drop-in spam filtering. DSPAM has been implemented on many large and small scale systems with the largest systems being reported at about 125,000 mailboxes.

    What is a Statistical-Algorithmic Hybrid Filter?
    Present-day language classifiers bear the responsibility of maintaining accuracy in the midst of ever-increasing sample complexity. In the setting of spam filtering, many types of intentional attacks have been introduced such as obfuscation, word list injection, sample flooding, and etcetera. As the complexity of classification text continues to multiply rapidly, many filter developers today are left with conflicted feelings between increasing the complexity of their filter and wise teachings from CS class reminding them that computer science is about controlling complexity, not creating it. At the rate complexity is rising, filters will (and have already begun to) become so resource-intensive that they lose scalability, eventually leading to a second conflict of interests: where fighting spam becomes more expensive than managing it.

    DSPAM is the first Statistical-Algorithmic Hybrid filter and in being such boldly suggests that there is a better alternative to increasing the feature set of filters to match the spams they are trying to fight. By employing algorithms designed to increase the quality of existing data rather than the quantity of data with the goal of reducing the feature set rather than increasing it, DSPAM has managed to achieve nearly equal levels of accuracy with present-day Markovian-based filters and other types of filters that employ large feature sets with the added benefit of using a significantly fewer amount of resources. DSPAM presently peaks at 99.984% accuracy, which is ten times more accurate than a human being [1] and is presently being used on implementations as large as 125,000+ mailboxes.

    DSPAM's Focus
    The DSPAM project attempts to go beyond "just another statistical filter" by focusing on the following areas:

    * DSPAM has a strong focus on providing better data to already existing algorithms (Bayesian, Chi-Square, etcetera) Combination algorithms work inherently well, but depend on the quality of data. Some of the approaches deployed in DSPAM towards this goal include Chained Tokens, Inoculation Groups, Classification Groups, advanced de-obfuscation techniques, and a new noise reduction algorithm called Bayesian Noise Reduction. The goal is to incorporate processing algorithms that can withstand the long haul of ever increasing message complexity. So far we're doing a great job.
    * A strong focus on large-scale implementation support. The largest implementation of DSPAM we've heard about to-date involves 125,000 users. DSPAM has been designed to experience a very short execution time (0.03s - 0.10s on average hardware), and has been equipped with a storage driver API allowing several different storage mechanisms to be used. Depending on disk space constraints, accuracy can be traded off for additional disk space or vice-versa.
    * Empty Corpus Support and Global Dictionary Support. It is very important in a large-scale environment to allow users to build their own dictionaries starting from scratch. Why? Because system administrators haven't got the time to create 20,000 seeded dictionaries. On top of this, ISPs require out-of-the-box filtering, which DSPAM's global dictionary feature provides for end-users, with minimal centralized learning. DSPAM provides support for building corpuses from scratch without suffering many fatal training errors (false positives). When these two approaches are combined, we end up with instant-filtering for all u
    • Re:Details. (Score:3, Insightful)

      by sirsnork ( 530512 )
      Fantastic.... Really I would live to try it.

      I'm assuming you are linked to the project, forgive me for the rant if thats incorrect.

      Might I suggest you get a webserver/ISP that is somewhat reliable. I've been trying to get a copy of this software since it was alst mentioned on Slashdot. The site was slashdotted when I first tried, cool I thought, I'll check again tomorrow. Still down the next day, OK I think maybe there's still an effect. I wait a week and check again thinking maybe they went over their
  • cool (Score:3, Interesting)

    by adamruck ( 638131 ) on Saturday March 13, 2004 @11:10PM (#8559252)
    now the question is.. how hard is it to get it to work with cpanel
  • by wmspringer ( 569211 ) on Saturday March 13, 2004 @11:11PM (#8559260) Homepage Journal
    Right now the only spam getting through my Mozilla filter is stuff that starts with one or two unrelated sentences, then goes into the advertising with any spam-type words (viagra, etc) horribly mispelled.
  • funny faq (Score:5, Funny)

    by adamruck ( 638131 ) on Saturday March 13, 2004 @11:12PM (#8559268)
    this is from the faq...

    In real-world scenarios, false positives have ranged anywhere from 0% (none) to 0.10% depending on both implementation and user's mail behavior. Users with relatively predictable mail behavior (such as geeks, dweebs, and freaks) have generally received very few false positives (less than 1 in 10,000 messages).
  • by NanoGator ( 522640 ) on Saturday March 13, 2004 @11:15PM (#8559287) Homepage Journal
    This may work for a little while, but the creative peeps will find a way around it.

    I say forget the filtering shit and force email to evolve. Part of the reason that spam happens is that there is no real authentication going on. No requesting permission to be on your white list. No real strong way to block anybody you don't want to hear from. No real way to verify the sender is legit. etc.

    I don't claim to have all the answers, but I do know that I've been using ICQ for years and haven't seen a Spam from there since I turned on the 'require authorization' feature.
    • Well I haven't used it in a year or two. But I had require authorization on from day one and still got request for authorization spam. Where some pr0n/webcam botperson requests authorization with a little ad in the request.

      I don't have any clue what the solution to the spam email problem is but I believe it'd have to be a pretty major evolution.
    • by Enahs ( 1606 ) on Saturday March 13, 2004 @11:28PM (#8559341) Journal
    • by tftp ( 111690 ) on Sunday March 14, 2004 @12:38AM (#8559598) Homepage
      Evolution of email is difficult even in theory.

      The authentication is useless even if implemented - you want to receive email from strangers, that's what all businesses are doing. If you are not one of them and only converse with your buddies, make a whitelist and be done - no spammer will guess your friends' emails.

      Permissions to send email are also troublesome. If they are automated, then spam robots will be written to ask for permission first. If they are not automated... but how would you know if some random "John X. Frisby" <jfrisby@big.provider.net> is really who he is, and the matter he wants to discuss with you is not a bug in your Loafizer 0.99 script for your bread making machine, but a placebo enlargement pill. Additionally, permissions delay the mail exchange, which is bad for business.

      There are ways to block anyone you don't want, and all other senders are legit (until they spam you, that is.)

      So the problem is quite different, as you can see. There is a free channel of marketing, and spammers will be using it until it remains a) free and b) channel. Remove any one of those two, and they will close up the shop.

    • Ah, but every now and then I get a "User has requested to add you to their contact list..." in my ICQ and they just put the spam in the notification reason box. I see the same thing with automated request system; they'll use the request process to pass the advertisements in to you.

      Call me a cynic, but I think we're dealing with an inherantly unsecure system. As long as you have one mail server out there forging message headers, you can't trust the path back to the sender. Like abstinance, Whitelisting m
  • by Anonymous Coward on Saturday March 13, 2004 @11:15PM (#8559290)
    I tried several incarnations of dspam over a period of about 6 months. It was a pain in the butt to install, required a massive amount of training, and required you run a web server in order to have the point and click training capability.

    I eventually gave up and tried the CRM114 Discriminator:

    http://crm114.sourceforge.net/

    It was MUCH easier to install, MUCH easier to maintain, and has the same or better level of accuracy. I used to get 100+ spam messages a day and now I'll get maybe 1 or 2 a week that sneak through (after only a few weeks of training on errors only).

    • Fantastic. I've been looking for something exactly like this for syslog monitoring! I thought I was going to have to write something myself.

      When you've got several hundred systems from different OS platforms all logging to a central log server the conventional log monitoring software is just not up to the task of discriminating important logged messages from unimportant.

  • by grmoc ( 57943 ) on Saturday March 13, 2004 @11:21PM (#8559313)
    That would be ideal.
    (since then the 'casual' user could benefit from using it, without undue difficulty in configuration of mail delivery programs, which are notorious in general..)
  • now only if.. (Score:2, Insightful)

    by crache ( 654516 )
    it could be used in html rendering [slashdot.org]
    • Re:now only if.. (Score:2, Interesting)

      by hotchai ( 72816 )
      Exactly my thoughts! Can we include something in Slashcode that automatically filters the GNAA and goatse trolls? Perhaps as a user-configurable option.

      Some Bayesian approach ought to do it ... I wouldn't want jokes based on the "$PROJECT is dying - Netcraft confirms it!" troll to be filtered out!
  • by www.fuckingdie.com ( 759660 ) on Saturday March 13, 2004 @11:30PM (#8559346) Homepage
    Computer manufacturers will begin including a Hammer type device into PCs beginning immediately. This device will, when its associated software detects a user attempting to sign up for free porn, hammer the user to death.

    Computer manufacturers are also investigating whether this device will be able to deal with the so-called "Stupid User Problem" which plagues so many IT professionals world wide.

  • by VoidEngineer ( 633446 ) on Saturday March 13, 2004 @11:31PM (#8559349)
    FYI, modern MRI scanners use bayesian noise reduction during image processing. I used to work in a MRI research laboratory, and our director had pioneered the application of Bayesian noise-filtering algorithms in post-processing of image data.

    Oddly enough, our director of research was notoriously difficult person to schedule a meeting with. Makes me wonder about 'unsupervised learning'...
  • by Percent Man ( 756972 ) on Saturday March 13, 2004 @11:42PM (#8559385) Homepage
    accuracy levels as high as 10x that of a human...

    So, let me get this straight - my spam filter will know better than I do which emails I want to read, and which ones I don't?
    "No, trust me man, you really want a bigger johnson. Read it!"
    • yes it can. A human can be 100% accurate when dealing with only a few emails, but when you are dealing with tens or hundreds you will sometimes make mistakes.
    • by devphil ( 51341 ) on Sunday March 14, 2004 @12:34AM (#8559581) Homepage


      except that my article history is truncated in a futile attempt to get me to subscribe. So I can't point to the writeup I did.

      The increased accuracy comes from the emails that will slip under your mental radar. You are a human, and you make mistakes. You wouldn't deliberately choose to read the email, but one day the subject line looks plausible, and so you bring it up. Three-quarters of a second later, you're glaring at the monitor and hitting "delete", but DSPAM wouldn't have let that slip by in the first place.

    • So, let me get this straight - my spam filter will know better than I do which emails I want to read, and which ones I don't?

      Yes, it will. When I'm faced with 100 new messages in my inbox and probably only one or two are legitimate, I often delete messages that look like spam without opening them, and other times, I have to open them just to double check that it really is spam. I have accidentally deleted more than one legitimate message this way, and have wasted more time that I care to contemplate openi
    • Most likely, it'll make less errors than the number of mistakes you're going to make because you're flooded in spam. Given a mailbox with 1000 spam and 1000 ham, I'm pretty sure I'll mess up a couple times while trying to delete only the spam.
    • No. But it'll less often accidentally delete stuff you really want than you would yourself if you manually waded thorough 1000 spams a day, attempting to find the dozen or so legitime email in between, and also trying to avoid wasting *Too* much time sorting the spam away.
  • by michaelmalak ( 91262 ) <michael@michaelmalak.com> on Saturday March 13, 2004 @11:43PM (#8559390) Homepage
    algorithm providing accuracy levels as high as 10x that of a human
    Is this to say I can't tell when I'm being spammed? I thought the ultimate definition of spam was mail unwanted by a person. How can a computer decide a piece of mail is bad for a person if that person really wanted it? One could digress way off with this on Asimov's Laws and the politics of Socialism/Fascism vs. Libertarianism (that e-mail is just no good for you, you oughtn't read it).
    • You miss the point. You teach dspam what you do and don't want to see, so ultimately you decide.

      Outlook is like what you fear; Microsoft decides what you will and won't see. I can add specific senders to the black and white lists (you click to add to the blacklist, but you have to type in an address to add it to the whitelist -- stupid MS shits), but Microsoft decides if I can see that attachment (if they think it's bad, it's gone and I can't recover it) or if this email's spam (it regularly discarded stuff from IBM Developer Works until I added them to my whitelist). With a tool like dspam I can regain control over what gets filtered (although I've found no way to turn off Outlook's attachment blocking).

      • Didn't look very hard did you?

        Tools, Options, Security, uncheck "Do not Allow attachments to be Opened that cound potentially contain a virus".
        • I looked everywhere I could think to look. When I look in Tools, Options, Security I do NOT see "Do not Allow attachments to be Opened that cound potentially contain a virus". Oh, if it were only that easy. I see:

          Encrypted e-mail

          Encrypt contents and attachments for outgoing messages

          Add ditigal signature to outgoing messages

          Send clear text signed message when sending signed messages

          Request S/MIME reciept for all S/MIME signed messages

          Security Zones

          Zone: [Zone Settings...] (I looked, but there's nothing about

    • by Snowmit ( 704081 ) on Sunday March 14, 2004 @12:40AM (#8559606) Homepage
      Is this to say I can't tell when I'm being spammed?

      Leaving aside the part where you barely avoid the paranoid rantings of a madman, yes, there are times when you can't tell if you're being spammed. Like, how many times have you accidentally deleted an email that you thought was spam but was really from a long-lost friend? Or how many times have you opened Spam because you weren't sure that it was Spam or something from your ISP (or whatever).

      Say you've done it 10 times in 10 000 messages. If this program only did it once in 10 000 messages (false positive or missing negative) then it was 10x as accurate as you.
      • Like, how many times have you accidentally deleted an email that you thought was spam but was really from a long-lost friend? Or how many times have you opened Spam because you weren't sure that it was Spam or something from your ISP (or whatever).

        It seems as though you're defining "human" as "person who is time-constrained". I suspect that the author of the original article had something like this in mind, but without defining the time constraint, a measure like "10x" is meaningless. E.g., as spam cont

  • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday March 13, 2004 @11:44PM (#8559395)

    DSPAM is one of these statistical filters (like spamprobe and CRM114) that can perform virtually perfect filtering of spam/non-spam you receive.

    Now that you are free of spam yourself, may I suggest that you take it one step further and share your data with the anti-spam community; the WPBL project [pc9.org] lets many users report the IPs sending them spam and non-spam in realtime using a couple simple scripts installed in procmail.

    Our central database then publishes a real-time list of spam sources (the IP blocklist). Unlike spamcop, WPBL is entirely based upon automatic decisions made by statistical filters, 24/7. The resulting blocklist is already used by many ISPs; and you can also use it to block spamming IPs at your own server.

    • And how exactly do you keep the spammers from submitting their own IPs as "good" or from submitting real ISPs as "bad"? I didn't see anything on that website to indicate how you're managing potential liars making submissions, which will kill this system pretty quickly if it ever becomes commonly used.
  • by DarkHelmet ( 120004 ) * <mark AT seventhcycle DOT net> on Saturday March 13, 2004 @11:44PM (#8559397) Homepage
    But will it keep all those GNAA posts out of slashdot? ;)
  • Okay, I'll admit it. I run windows. I like to play games other than quake3 and neverwinter nights (though I like those games too). If it weren't for games, I wouldn't bother with Windows. As it is, I actually paid for it, and run it as my primary.

    I see all my fellow slashdotters saying (over and over again) that spam filters should be server side, because otherwise you are still paying for the wasted bandwidth. This is a very powerful argument, and I tend to agree.

    However, there are two things that make

    • Popfile [sourceforge.net]. It's fantastic. It has a great UI (it's web based, you just open http://localhost:8080 in a broswer), it works with all E-Mail clients that use POP (it might work with others too). It supports multiple accounts, is easy to use, and is very very accurate. Best of all, it's free! Check it out.

      It is a little thing that sits in your system tray. That said, it's just perl modules (I think) so it runs on other OSes too. That said, best thing I've found on Windows.

      • Popfile. It's fantastic. It has a great UI (it's web based, you just open http://localhost:8080 in a broswer), it works with all E-Mail clients that use POP (it might work with others too).

        I've looked into popfile. Isn't it pretty much just bayesian filtering (with more than the basic two spam and non-spam corpuses)? Is it better than mozilla mail? Mozilla mail is a hell of a lot better than nothing at all, but my experience has been a lot less perfect than some others have reported. I suspect popfile w

  • The solution to the spam problem is simple yet elegant - gambling.

    Every time you send an email you place a small wager on the line that the recipient wants to read your message. Something like 1 cent. If the recipient doesn't mind your message then they don't redeem your offer and it doesn't cost you a thing. However, if you're sending spam then the recipient cashes it in (or perhaps it is used to cover overhead costs of this system).

    If you send a legitimate email and somebody decides to be a jerk and cas
    • My better idea: A network of pissed-off spam recipients. If I get a spam I contact someone on the network who lives near the spammer, and they go over and beat the shit out of them. Likewise, if there's a spammer in my area I'll go beat the shit out of them for you if you're on the network. Call us eMail Agents For Independent Action.
    • This wouldn't replace SMTP, it would just be a layer on top.

      This "simple yet elegant" layer would require far more work than the underlying SMTP servers do. How exactly -- no handwaving, no fluff -- do you propose to implement this? You need to either tie bank account details to email account information, or maintain a separate "online only" bank. You need to find some unforagable, unbreakable, untappable method of identifying individual emails to make your one penny claim. You need to retrofit all

    • by Julian Morrison ( 5575 ) on Sunday March 14, 2004 @12:52AM (#8559636)
      Everyone would fudge refusals and pocket the cash.

      Scumbags would use billions of zombied PCs to send themselves mails, aggregate and pocket the cash. Or to spam you gratis.

      There are transaction costs for generating, checking, and accumulating digital cash. Your paypal bills would be huge.

      Everybody hates micropayments.

      It's a dumb idea and it simply isn't gonna happen.
    • There are several scenarios where your proposal would be bad for the Internet. Say I want to put my competitor out of business, or at least raise his costs. I simply use a bot to sign up for a couple hundred thousand email addresses, sign up for his newsletters, then ask for all those 1 cents back. The financial powers that be might also foresee too much liability and risk in ventures that depend on email (since it is, as you say, gambling). Thus the end of any free service that depends on e-mail for verifying accounts including newsletters, bulletin boards, online banking, and online auctions among others.

      Furthermore, you'd have to have a foolproof system to pay for those cents. Fraud could be much more rampant: If you pay via credit card, the other guy (or gal) has your number and could overcharge a corporation by a twenty or so dollars. Furthermore, micropayments aren't economical unless many many many people pay. If most people play by the rules, then the costs of credit companies or banks or other institutions would either put most of these services out-of-business or into subscription only domains. Not to mention some companies might have "you agree not to ask for those cents" in addition to "I can send you spam" legal clauses - negating your proposal!

    • "Anybody have a better idea? I didn't think so. :)"

      Yeah, I have an idea. Howabout you handle distribution of the NANOG mailing list after your "pay-to-send" idea gets implemented.

    • "Something like 1 cent. If the recipient doesn't mind your message then they don't redeem your offer and it doesn't cost you a thing. However, if you're sending spam then the recipient cashes it in"

      Problem: Enough people give money to spammers that it becomes possible to profit from abusing the system, tricking or defrauding people.

      Solution: Put even more money into the email system, and hope that all of these new flows of cash don't end up in the hands of spammers and criminals.
  • by Gldm ( 600518 ) on Sunday March 14, 2004 @12:13AM (#8559502)
    If you check the footnotes on the DSPAM page, it says "According to a study by Bill Yerazunis of CRM114."

    If you then check the link to CRM114's project, you'll find this: "I measured my own accuracy to be around 99.84%, by classifying the same set of 3000ish messages twice over a period of about a week, reading each message from the top until I feel "confident" of the message status, (one message per screen unless I want more than one screen to decide on a message.) and doing the classification in small batches with plenty of breaks and other office tasks to avoid fatigue. Then I diff()ed the two passes to generate a result. Assuming I never duplicate the same mistake, I, as an unassisted human, under nearly optimal conditions, am 99.84% accurate.)."

    Given the amount of people who even read the article on slashdot I doubt anyone else is going to check the tiny [1] footnote and find this.

    • The magic number 99.84% is one that is sometimes invented as an arbitrary example, meaning roughly "very close to all." It's a sort of joke about false precision. Whether or not Bill Yerazunis is using this number in this fictive sense, it is IMPOSSIBLE for his diff() to actually be exactly 99.84%!

      If one message out of 3000 messages differs in classification, that's 0.0333%. Or 99.9666% accurate. Working down, we find that four or five misclassifications are either 99.8666% or 99.8333% respectively. B
  • Why can't I get this to run on my WXP machine? I have XP Pro installed....
    You linux geeks get all the good toyz!!
    Darn you, Darn you to Redmond!

    What do I get?

    Well.. I guess I do get all the neat patches.
  • by dsanfte ( 443781 ) on Sunday March 14, 2004 @12:22AM (#8559534) Journal
    By the looks of the Intel story below, Slashdot sure needs a good Bayesian spam filter. I recommend this. Or a baseball bat. Because you can go over to anti-slash and really pound some skulls with a baseball bat, and it would probably be more satisfying. But filters are good too, don't get me wrong.
  • Bah... (Score:4, Interesting)

    by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Sunday March 14, 2004 @12:24AM (#8559544) Journal
    It's STILL just an " automated press-deleter".

    No matter what technology it uses, neural nets, b-trees, recursion, tinkertoy logic [rutgers.edu], smell-emitting diode, leaky junction zener transistor, steam-powered aeolipiles, it only automagically presses delete, which is a pretty lame way of fighting spam.

    It's a lame way of fighting spam, because, we STILL have to pay for the fucking spam bandwitdh; we STILL have to pay for the goddammed disk space used by the spam; we STILL have to pay for the bloody time lost transmitting the spam; we STILL have to pay for the extra ISP infrastructure to carry those spams.

    Naaah. Spammers should be eradicated from the Internet, and the best way to do so is to completely BLOCK networks who host spammers (no matter what service), in order to force the collateral damage to whine to the ISP or simply vote with their feet.

  • by mark-t ( 151149 ) <markt&nerdflat,com> on Sunday March 14, 2004 @12:28AM (#8559558) Journal
    ... if there was some way to plug tools like this into Mozilla directly so that you could expand on its built in junk mail detection with something more powerful.
  • Comment removed based on user account deletion
  • by Avlimator ( 593407 ) on Sunday March 14, 2004 @12:46AM (#8559622)
    I don't get SPAM. I don't have SPAM filters. How is this possible? Simple. I create a different e-mail address for any new untrusted entity that I have to provide one for. In the beginning I took advantage of being able to alias all e-mail for non-existent mailboxes (basically, *) at my domain to my primary account. It seemed to me an obvious and simple approach. Whenever I needed to provide an e-mail address, I just made one up, and it was forwarded to my regular Inbox. In my opinion, at that time my ISP was more "sophisticated" than most. Since then I have moved to hosting all of my domains on my own co-located server which runs Exchange 2000, thus complicating things. Now I have to actually add any new aliases that I want to use into my user account. I know of at least one product out there that can handle non-existent addresses and forward them to a specific account, but it is rather expensive for a feature that should have been built-in from the beginning (althought I'm not aware if the new Exchange can do this out of the box). Not to mention that someone with the proper knowledge and skills could make a similar add-on in relatively short order, but who ever has the time? The point is that you have to consider when and where you give your e-mail address out, and the possible consequences therein. It's not altogether different from giving out your phone number (especially if you are unlisted) or even your SSN.
    • by krray ( 605395 ) * on Sunday March 14, 2004 @02:45AM (#8559984)
      You *WILL* get spam my friend. I've been doing this for almost 20 years (admin) now -- and have specifically used aliased accounts for various reasons over the years as you are doing.

      Wait... You'll be interested to know that the biggest problem with the spam coming in comes from virus infected Windows boxes. They send it. They harvest the users Outlook address book. If you ever end up in somebody's Outlook box ... it only a matter of time before you're screwed.

      I chuckle at the whole Exchange thing. You pay for that?

      I personally pay to have a fixed IP @ home and run a old Linux box. A lot of aliases I've used over the years (and some blatantly used to harvest) all go to some local account that processes the spam. Upon receipt -- mail the wrong account and sorry, but you're blocked (unless white-listed). White-listing can come from valid already received email -- but I work everything based off of IP. My hope is that the registered MX host(s) or any valid listed server by the authenticating DNS server will be the type of scheme that's re-implemented (or more to the point SHOE-horned in real soon :). Bill's idea of email stamps, well, hahahahaha...

      Over the last decade I've now got 380 aliased harvesting spam address' in use -- two valid email accounts @ home (my wife and myself) which is on my own IP with my own domain. I pay $5 extra a month above my broadband (10Mbit [yeah, solid] wireless) -- how much do you pay for that Exchange box?

      I've run this type of setup through many offices scaled to dozens of email servers -- and the beauty is they also talk to each other sharing block/white-listed address' as needed. Wait -- you will get spam. Filtered through my account to I'm seeing 80 something that got in -- 2,164 blocked IP's [today], 380 harvested address', and 48 for various other infractions (attempts to relay through me, from a country where I know nobody, etc :).

      Statistically (yeah, they all get nmap'd back)? 96% Windows based.

      I give my email to friends. I have a work email that anybody that knows how to call me can have it. I even print it on my business card. No, I wouldn't post it to USENET or even here -- but it's still "out there". My unlisted phone number, OTOH, anybody can have. 847.854.0048. It's always busy and one channel of my ISDN home line. The other channel routes to the house for two phone lines (or Internet backup if and as needed) and is automatically unlisted and unpublished (at no cost since it is a "data circuit") -- and no, I'd rather not post that either. :)

      Exchange? Never!
    • Now I have to actually add any new aliases that I want to use into my user account.

      The best solution to this is to use a prefix with an asterisk. I set up david.*@endeavorcomputing.com as one of my addresses. I stuck the applicable site name in place of the * when signing up for accounts. This routed all mail that fits the template to the right address and allows you to create new addresses on the fly without updating your aliases.

      Just make sure that you don't set the dynamic alias as your primary add

    • TMDA.net makes a server to do exactly this: generate one off or expiring email addresses. You can install it on your mail server. May require Linux/Unix.

      SpamGourmet is a free service that generates and handles these email addresses for you (if you do not have your own mail server).

      If you are stuck on MS Windows and want to use your own mail server, MailEnable is free beer and allows catch-all addresses (all mail in a domain that isn't assigned to a specific email account goes to the catch-all account).
  • by Animats ( 122034 ) on Sunday March 14, 2004 @01:14AM (#8559713) Homepage
    Spam filtering needs to be applied to multiple E-mail accounts to work really well. The fundamental characteristic of spam that can't be avoided is that large numbers of similar messages are sent to different people. That's recognizable.

    Looking for spam by content analysis for a single user only works for some people. If, for example, your legitimate E-mail contains many messages about investments, mortgages, and similar financial subjects, it's going to be hard to separate out financial spam by word analysis.

    Spamcop does multiple-user analysis. It works better than most of the single-user systems.

    • If, for example, your legitimate E-mail contains many messages about investments, mortgages, and similar financial subjects, it's going to be hard to separate out financial spam by word analysis.

      The trick is, don't send all your mail to one mailbox. Many/most of us do get email about investments. Many/most of us also have reason for a publically viewable email address.

      But there is no reason why your financial institutions need to have your public email address.

      There is no reason why the public needs t
  • The filter was tested on 6597 messages. So how many messages was it trained on? I sure hope it's not the same 6597 messages, because in that case any accuracy number is meaningless.

    /A

  • Now if they could only make it usable. After reading the last Slashdot article about it I decided to try and move my Amavis/ClamAV/SpamAssassin/Postfix/Courier-IMAP setup to use DSPAM. Good Lord what a configuration nightmare. I couldn't find a decent HOW-TO and no real working example configurations in order to test it out. Sure the README "has all the information I'll ever need" but some of the stuff that it talks about I don't understand and I don't have the patience to configure it through trial and err
  • by eluusive ( 642298 ) on Sunday March 14, 2004 @01:04PM (#8562221)

    What would work well is SSL certified SMTP relays. If every valid SMTP relay needed an SSL certificate then, If spam was sent their SSL certificate could easily be rejected. And hosts that didn't have one at all could just be dropped.

    SSL certificates are costly, and that limits everyone from having one. However, there is no reason the Open Source community could not make up our own root certficate, and have an SMTP SSL certificate signing organization. Where we verify the authenticity of someone before we give them a cert. For a small fee to cover costs. It wouldn't be like we'd have to convince Netscape, Microsoft, Apple and whoever else makes a browser to include the cert. It'd just need to be available for people hosting servers to download.

    Yes, this would mean rejecting massive amounts of email to begin with. Maybe some intern solution could be thought of as people move over to it?

    Ideas? Comments?

  • bogofilter (Score:3, Interesting)

    by tacocat ( 527354 ) <tallison1@twmi.rr . c om> on Sunday March 14, 2004 @07:30PM (#8564563)

    I recently started using bogofilter as a replacement to spamassassin. The reason for doing this was curiousity and the fact that the spamassassin regex process will always be following the spammers, not preceding them. The result is packages supplied by distros are quickly outdated and ineffective.

    I have been using bogofilter for one month and have trained it to such a point that my weekly spam misidentification is well below 0.1% with proper training and configuration. And it's processing time is well below 1 second per message on a VIA EPIA 533 cpu (slow, ok?)

    The net outcome of this is that I have found something which is highly adaptive to new spam techniques, extremely effective, very fast and light on the resources, and is at the point now where if just works.

    The idea that they, DSPAM, will provide you with a pre-defined training set. That's damaging. What if you are an oral surgeon? You'll never get any email!

    I've been working intensively on spam and have come to a few conclusions about spam filtering and such that I just have to share.

    It will never go away. Even if you can proper regulate and control it, spam will never go away. No matter what anyone does. If the US constitution is to remain intact you can't remove spam just as we haven't been able to remove advertisements from radio, telephone, or television. And just like you can't get rid of pornography. It's all Free Speech.

    It's also carrying a lot of money.

    What will happen is that corporations, in the name of reducing spam, will lock up mail servers such that you have to pay them a service fee to send email on top of your connection fees paid today. Microsofts recent movement into the arena shows that thier is a motivation to make money out of spam/email.

    In a few years, we'll pay for our email and we'll still get spam

If I have not seen so far it is because I stood in giant's footsteps.

Working...