Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam Communications The Internet

The Spam Conference 2005 156

Posted by timothy from the it-seeps-in-the-pores-it-does dept.
dos_dude writes "This year's Spam Conference is over. As usual, the MIT provides low and high bandwidth webcasts. The talks featured a full spectrum of anything possible. From absurd to sound, from boring to entertaining, and from dead-horse-beating to brand-new. Highlights: John Graham-Cumming presented the results of the survey he did with the help of many Slashdot readers, Jon Praed gave the details of the trial against spammer Jeremy Jaynes and friends, Brian McWilliams posed the question what will happen when all spam is finally filtered, and Matthew Prince plugged Project Honeypot in a very entertaining way. Shameless but useful plug: here's the final schedule with links to the webcasts."
This discussion has been archived. No new comments can be posted.

The Spam Conference 2005 More

The Spam Conference 2005

Comments Filter:

  • John Graham-Cumming? (Score:5, Funny)

    by Anonymous Coward on Saturday January 22, 2005 @07:43PM (#11444795)
    How do they get their anti-spam software from filtering off all the mail from someone with such a name?

  • spam will never be gone (Score:3, Insightful)

    by CAIMLAS ( 41445 ) on Saturday January 22, 2005 @07:48PM (#11444812)
    The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam, or for a complete redesign of current mail systems which would require centralized authority.

    The first of those things will likely never happen; instead, the government would simply make it legal to send spam for certain reasons, and likely make it illegal to mess with such "mail" - in the same way the federal mail system works. They'd likely get a fair cut of all profits from that.

    If that were to happen, there'd be little likelyhood that authorized hosts would do any good. Even if we can get such authorization sorted out first, it'll likely have design flaws for a good long while which will be exploitable.

    • Re:spam will never be gone (Score:5, Insightful)

      by northcat ( 827059 ) on Saturday January 22, 2005 @07:50PM (#11444823) Journal
      The only way for spam to go is for the society and current business practices to change. Really, don't you see similarities between spam and today's businesses and marketing?

    • Re:spam will never be gone (Score:5, Informative)

      by SharpFang ( 651121 ) on Saturday January 22, 2005 @07:55PM (#11444845) Homepage Journal
      The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam

      Government of what? Of the Planet Earth?
      Excuse me, but you, Americans, aren't the only nation in the world who sends spam.
      • Invented SPAM [hormel.com]
      • What is this "world" of which you speak ?! Sounds like it needs invadin'!

      • Re:spam will never be gone (Score:1, Informative)

        by Anonymous Coward
        It's already been established that MOST spam comes from the USA. So, if it was in any way possible to enforce laws against spam, which is questionable, it would at least be a good first step. I get spam in english, from presumably from American companies. Maybe the spam gets routed through foreign countries, but I don't give a shit because if the company that paid the spammer to do it gets shut down, I don't get their spam. Don't take this the wrong way, but I don't care if other countries get spam, I ca
      • Government of what? Of the Planet Earth?

        You're either with the New World Order, or you're against us. You aren't chipped, are you, terrorist?

      • The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam

        Government of what? Of the Planet Earth? Excuse me, but you, Americans, aren't the only nation in the world who sends spam.

        I'm getting tired of hearing non-USians complaining about being ignored. Are you telling me that you think the US government outlawing spam would have zero effect on worldwide spam? Or that if the governments of the world outlawed spam it would have no effect outs

        • Are you telling me that you think the US government outlawing spam would have zero effect on worldwide spam?

          No, it would cause a great movement in outsourcing all the spam to Korea, Taiwan etc.

          Or that if the governments of the world outlawed spam it would have no effect outside of America?

          They won't. Not all of them. And even if one doesn't, spam will still exist.

          if all the first world nations declared spam a serious crime ...then all the spam would come from third world.

          Things that affect the Int

    • The first of those things will likely never happen; instead, the government would simply make it legal to send spam for certain reasons, and likely make it illegal to mess with such "mail" - in the same way the federal mail system works.

      This is true, the same way the US govt screwed up the federal Do-Not-Call list. The DNC list dealt with phones, and even an idiot politician knows what those are, yet they still put in loopholes. Yeah good job there - my answering machine still fills up with the same cr

    • The only way for spam to finally be filtered and gone would be for the government to make it a felony to send spam

      Excuse me? What country do you live in? In America, a lot of things are felonies and they still occur. Fraud, Insider trading, Tax Evasion, Extortion, etc.

      To make spam stop is much easier than you think. Educate the moron sheep out there that their penis is big enough, their breasts are large enough, they don't need generic v14gr4, and that some Nigerian prince will not send them a Gazil
    • What if people started responding to spam in droves, would it be possible to cost the companies that use spam as a marketing strategy real money and resources to the point where it was no longer worth their time ? I would think so, but then again the NYTimes still requires registration, and I know how valuable that dataset must be to them.

  • White List (Score:1, Informative)

    by CypherXero ( 798440 )
    The only way to truely stop spam is build a white list, in which you can only recieve e-mail from the addresses on the white list. The downfall is that you cannot recieve e-mail from people that aren't on the list.

    But if you only send and recieve e-mail from a few select people on your e-mail account, then a white list may be a good option for you.

  • Kind of sad... (Score:5, Insightful)

    by linolium ( 713219 ) on Saturday January 22, 2005 @07:57PM (#11444852)
    SPAM: Stupid Pointless Annoying Messages

    Does anyone else agree with me that it is kind of sad that it has gotten to this point, where we need a conference just to battle these messages?
    Especially when it's only a small core group of individuals which accounts for most of the spam...

    Will there always be people that abuse systems in any possible way?

  • The biggest spam-enabler... (Score:5, Insightful)

    by Puma_Concolor ( 842998 ) on Saturday January 22, 2005 @08:09PM (#11444903)
    Is when ISPs keep sigining pink contracts. We can filter untill we are blue in the face, but as long as spammers still have unfettered access to 'bullet-proof' hosting we will never win this war. What we need is for ISPs to actually ENFORCE thier AUP/TOS and the problem is solved. Of course the big problem is GREED and MONEY, and ISPs love to rake in spammer money without ANY reguard to consequences to the rest of the net community.

  • John Graham-Cumming (Score:1, Funny)

    by Anonymous Coward
    How did John Graham-Cumming get through High School with a name like that?

  • At a certain point... (Score:5, Funny)

    by Glowing Fish ( 155236 ) on Saturday January 22, 2005 @08:14PM (#11444922) Homepage
    At a certain point, we will spend more time reading about anti-Spam measures than we will be reading about Spam.

    Since there is a Slashdot article about Spam every day, and I usually spend about 5-10 minutes deleting spam, we might have already reached this point.
    • Dude, I don't know what you use for an email client, but have you looked at Spambayes? I don't read spam. It filters it. All of it. Any sort of bayesian filtering scheme, given enough sample "good" and "bad" mail of your own, is almost flawless.

      In a year and half of using spambayes, I get almost no spam, and scan the "spam" folder once a month can only recall a few false positive.

  • Antispam trap (Score:4, Interesting)

    by Doc Ruby ( 173196 ) on Saturday January 22, 2005 @08:22PM (#11444965) Homepage Journal
    I learned around Election Day last year that lots of my friends' corporate mail servers were filtering my personal messages mentioning politics as "spam". Though they weren't commercial, weren't unsolicited, my name is in their address books, and political email (even if unsolicited) is excluded from at least legal definitions of spam. Many of my friends complained they weren't getting these messages they heard about from other friends (though I don't know whether any were forwarded into spamtraps). Will spam destroy the Internet by raising our guards so much that some messages never get through, though we want to exchange them? How much political and commercial power do these spam filter companies have now?

    • Re:Antispam trap (Score:3, Informative)

      by rjkimble ( 97437 )
      My guess is that the corporations who filtered your email's just didn't want political stuff floating around their networks because of the potential for complaints of harassment from their employees and/or for productivity reasons (too many people wasting company time discussing politics and not getting their work done). I doubt they were filtering you specifically. I try to use personal email accounts for such correspondence.
      • One of the friends whose spamfilter tagged me is a producer at CBS (network) News. They exchange email with similar and greater political content all the time. This kind of automated decision about what's unacceptable is dangerous.

        • One of the friends whose spamfilter tagged me is a producer at CBS (network) News. They exchange email with similar and greater political content all the time. This kind of automated decision about what's unacceptable is dangerous.

          If it is Bayesian, then it isn't the content, it's the strings.

          Which means that some spam was learned that had that string so any messages with that string are flagged as likely spam.

          During specific times (elections, disasters, etc), the spammers will attempt to poison Bayes d

          • I'm even more concerned if people at companies like CBS News are getting their emails screened out by political "content" if it's happening to everyone, not just me. I have other ways of contacting my friends. People sending political stories to the news, and law firms, and the government, etc, need those messages to get through. And we need their messages to get through. Our our sanitized society will collapse (even more/faster).

            • I'm even more concerned if people at companies like CBS News are getting their emails screened out by political "content" if it's happening to everyone, not just me.

              With Bayes, it isn't about content. I'm trying to tell you that.

              It's about strings.

              And spammers know that.

              So the spammers include those strings in their spam.

              Someone sees the spam and has Bayes "learn" it. Now those "political" strings are learned as spam.

              You receive an email with those strings, but it is flagged as spam because of the Ba

              • I understand what you said. You're being opaque about "content": strings like "bush", "kerry", "election", "vote", "ballot", etc are all content, all political, and all catchable by bayesian filters. I agree that those filters will stop messages without a political analysis or preference. But what about filtering on "fraud", or "cheat" in a message with those other strings? That's a way to use bayesian filtering for a political analysis, even if nonpartisan; stopping "bush" and "cheat" more often than "kerr

                • I understand what you said.

                  That is demonstratably false. You do not have any clue what I'm talking about. Here's the proof.

                  You're being opaque about "content": strings like "bush", "kerry", "election", "vote", "ballot", etc are all content, all political, and all catchable by bayesian filters.

                  No. They are strings.

                  "Bush" is political when used in political context.

                  "Bush" is sexual when used in a sexual context.

                  "Bush" refers to plants when used in that context.

                  "Bush" can be used in one context to make

                  • I'm afraid it's you who has completely misunderstood; the technology is irrelevant here, and the issue would be the same whether or not the filter is Bayesian, keyword based, random, or whatever.

                    The filters have false positives. These false positives include mail that is very similar to stuff that CBS News should be reporting on; if I discover a scandal about a politician, CBS News do not want to be ignoring it if there's a good story there.

                    I fully understand the technology; I know why there are false pos

                    • I'm afraid it's you who has completely misunderstood; the technology is irrelevant here, and the issue would be the same whether or not the filter is Bayesian, keyword based, random, or whatever.

                      No one ever said that there weren't false positives. The issue was whether they were political.

                      The filters have false positives. These false positives include mail that is very similar to stuff that CBS News should be reporting on; if I discover a scandal about a politician, CBS News do not want to be ignoring it

        • I must say that you do have a point. It's pretty amazing that a news organization is engaged in that kind of behavior, especially when you consider some of the egregious stuff they put on the air.
          • Of course they should be dealing consciously with all of this political content, in email and otherwise, and presenting an accurate picture of the stories on the air. Especially when the stories are egregious. I'd think that this political spamtrap story itself would be an interesting one to tell on air, if told well.
    • Get a respected aol account for your political communications. And focus on work at work.
      • As I mentioned in another post [slashdot.org], this is what at least one of my friends does at work. And I own my company, in which I do what I want. Besides, what's a "respected account", and how could an AOL one possibly qualify?

    • Why are you sending political emails (which tend to get verbose and require thoughtful replies) while you are at work? Are you a politician or do you just have a lot of spare time while you're at the office.

      Maybe I misread the intent of your post.
      • I own my own company, I'm semiretired, and yes, I work with the NY City Council. Why do half the responses to my post care only that I'm sending political emails to friends while we're at work? What do you do when you take a break? I don't smoke, I email. And I expect my friends to give thoughtful replies, even verbosity. We're smart, and we type fast.
    • it may be because the political interest groups sent out way too many emails asking you to donate, vote, get the vote our or whatever. I remember getting at least an email a day from a certain political activist group

    • Many of my friends complained they weren't getting these messages they heard about from other friends (though I don't know whether any were forwarded into spamtraps). Will spam destroy the Internet by raising our guards so much that some messages never get through, though we want to exchange them? How much political and commercial power do these spam filter companies have now?

      My guess is the emails you're referring too were mass-mailings about "give money to blah" or "political candidate X did this, Don
      • You're guessing wrong. I wrote all my messages from scratch, without cliches, slogans, or more than a few URLs, all of which I contributed myself, rather than passing along. Nothing was forwarded.
    • Of course there are problems in the filters. Duh!

      And, at the same time, any mail system operator HAS to filter today.

      The biggest cost of SPAM is not the wasted time on the delete key. The biggest cost of SPAM is the loss of reliability of email.

      We used to be able to depend on email getting through. Now, I'm afraid that good email practice is to reply "Yes, I received your mail..." to any significant piece of email. What a waste!

      -- Sally

  • What works for me... (Score:2, Interesting)

    by Neduz ( 713874 )
    This is a setup that filters the mail of me and my family, and works very well (only 1 false negative in 200 spam messages, and no false positives so far). I filter all my messages through spammassassin, with bayesian filtering enabled. Bayesian filtering causes a lot of CPU load when a message is scanned, but it's worth it. And URL blacklisting . That URL blacklisting is really important, since a lot of spam today only contains one image, with a link to a site, but that one link, makes it very easy for bl
  • (1) All spam is finally filtered.
    (2) Buy first snowplow dealership in Hell.
    (3) Profit!

  • What the hell is 'ram' format (Score:3, Informative)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday January 22, 2005 @08:30PM (#11445000)
    Who in their right mind decides to publish media in RealMedia format?? Seriously? I'm really, really sick of that real stuff. Anyway, I found a decent solution... use Real Alternative [hccnet.nl] on Windows (contains a simple media player and real codecs!) or the heavenly RealPlayer [freshmeat.net] for Linux.
  • I have two stages of email account -- the first-level account, and then a second-level account. All non-friend/family email goes to the first, and everything from people with close ties or sensitive information goes to my second-level (personal) account.

    So far, I've been able to cordon off 99.5% of my spam just like this. One or two may slip by from time to time, but so far it's been surprisingly effective.

    Of course this isn't a solution for the fact that spam clogs up internet traffic like a cotton ball
    • I have two stages of email account -- the first-level account, and then a second-level account. All non-friend/family email goes to the first, and everything from people with close ties or sensitive information goes to my second-level (personal) account.
      If everyone had the same needs with respect to e-mail, the spam problem would have been a lot easier to solve. You have an advantage because you don't have any need to receive e-mail from people you don't know. A business doesn't have that luxury.

      There ar

  • As John states in his presentation, he is not a real pollster and his data is awfully skewed, so I can't have one look at it without doubts.
    • Agreed that it's not representative of the population as a whole, but don't you think it's scary that 1% of the people who were driven to the poll from sites like /. and admitted to 10+ years of computer use say that they have bought from spam?

      John.

  • Spam is on the way out (Score:5, Interesting)

    by Animats ( 122034 ) on Saturday January 22, 2005 @08:35PM (#11445019) Homepage
    Spam, as an advertising vehicle, is dying out. If it's an obvious ad, it gets filtered out, and if it's a fake, it's a CAN-SPAM act violation. Either way, it's useless to an even vaguely legitimate business. There's still plenty of spam being sent, but the amount being read by anybody is down.

    Spam for fraud schemes is growing. But even there, some kinds of frauds are dying out. We don't see many stock pump-and-dump spams any more. This is partly due to action by the SEC, but it's mostly due to lack of investor ignorance. Spamming about a stock doesn't affect stock prices much any more.

    Fraud schemes are a law enforcement problem, and we're seeing more action there, because the "phishing" thing has grown to be such a big problem.

    Between lawsuits by Microsoft and AOL, enforcement by the SEC, banks watching for phishing schemes, and, finally, some activity by the FBI and FTC, being a spammer is becoming more hazardous. We've seen a few spammers go to jail, which should have some deterrent effect.

    • ... it's useless to an even vaguely legitimate business. There's still plenty of spam being sent, but the amount being read by anybody is down.
      Spam does not have to be related to any legitimate business, or even any illicit one. Spam costs zero to send. You don't have to have an actual business to supply the zero money to send it, or any expectation of profit in order to justify the zero investment.

      Likewise, it doesn't matter if anybody reads it, or clicks on its links. If the percentage of people who re

    • "We don't see many stock pump-and-dump spams any more"

      What internet are you using? I've gotten more spam about h0t st0cks in the past week than in the previous 6 months.
    • You wrote, "Spam, as an advertising vehicle, is dying out."

      Yes, it's dying for legit businesses. That's another of the costs of SPAM. I don't mind marketing messages from legit messages so much. Promotional emails from identifyable businesses with legit web sites and domain registrations. If I don't want their mail, I write them politely. I really hope our spam solutions still enable legit businesses to send promotional email. I want to do so at times, and I don't want my mail to trigger anger, SpamCop com
  • I would have attended this, if I would have known about it. Does anyone know of a place that has a list (not just spam, but short, sweet and to the point IT-related) of these types of conferences coming up?

  • Internet Mail 2000 (Score:5, Interesting)

    by fossa ( 212602 ) <pat7.gmx@net> on Saturday January 22, 2005 @09:03PM (#11445129) Journal

    Just today I ran across Internet Mail 2000 [im2000.org], a concept apparently initially conceived by Dan Bernstein. I haven't read all or even most of the information on that page, finding it somewhat difficult to wrap my head around. The big difference from it and SMTP is that it is a pull rather than push protocol. For Alice to send a message to Bob, Alice puts the message on an IM2000 server (replaces the originating SMTP server) which sends Bob a note "hey, I've got a message for you". Bob's email client then downloads the message from the server.

    The big advantage here is that the note is small, and Bob need not download the message at all if he believes it is spam, reducing the spam bandwidth usage. Also, the sender must make an effort to have a permanent server so the receiver may even get the message. Not really a burden for legit mails that already need a permanent server somewhere for receiving mails (right?). Forgeries are also prevented, because the note necessarily contains correct information about how to find the message.

    Aside from the usual reply to anti-spam solutions (this one requires mass participation and won't happen, yadda yadda), and the lame name (shouldn't they change that to IM3000 now?), have others looked at this? What are your opinions on it?

    • Re:Internet Mail 2000 (Score:3, Interesting)

      by fossa ( 212602 )
      I guess this message [gmane.org] sums up a lot of problems with IM2000.

      With a push system (SMTP), sending is simple (just connect to a server and dump the message); receiving is complex (run/rent a server with permanent internet connection). In a pull system, sending is complex (run/rent a server with permanent internet connection); receiving however, still requires a server to receive notes. Once these notes are collected, receiving is simple, with no guarantee of robustness (connect to remote message stores and dow

    • Hmm...they discuss its effect on spam here [homepages.tesco.net], but their analysis doesn't really make sense to me. They say, "recipients no longer bear the costs of receiving and storing unwanted mail." Well, all they're really proposing is reducing the amount of resources consumed on the recipient's machine, but resources will still be used. Since spam is capable of growing exponentially, I don't see the point of reducing the recipient's costs by some constant factor. They also seem to be taking this entirely from the point

      • Redesigning the system isn't that hard. What's hard is convincing everybody to start using the new design.

        Well, I'm convinced... show me the design. Are there any projects with any sort of following to design the ideal message exchange system? I'd be very interested in reading about them.

        • Are there any projects with any sort of following to design the ideal message exchange system?
          Designing the whole system is a lot of work, when you get down to the level of writing the protocols, etc. But it's trivially easy to design the general outlines. It's just that all the people working on it seem to be wasting their time trying to fix the current system, which just wasn't designed properly.

          Well, I'm convinced... show me the design.
          From (my) grandparent post:

          • For instance, we could have a syst
    • Isn't this called RSS?
  • John Graham-Cumming's conference report [jgc.org] presents a summary of data with the following properties:
    • no attempt at validation
    • no analysis of statistical significance
    • almost[1] no attempt at common-sense analysis
    • irritating typos

    The conference presentations look invited rather than refereed, but doesn't a "scientist" usually have both interest in and obligation to the bases of the scientific method? Why bother to collect data if you intend to apply no analysis?


    [1] There is one solitary mention of possi

    • Hi.

      What analysis would you like me to do? I have the raw data set and would be happy to do it.

      Your overall comment that there is one possible mention is bad data is nonsense. Did you read the slide marked caveats? Did you read the slide where I mentioned how the data was skewed?

      Would be happy to fix the typos, perhaps you can point me to them?

      John.
  • BLOODY VIKINGS!!!
  • I don't sweat it that much because I really *knocks on wood* don't get that much spam. The one exception is that #&%%@ kid in Texas who I'm pretty sure is behind the mortgage spam. Anyway, is there something that'll "que" the spam,so that the recognized addresses go to the top and the ones that meet less and less criteria go further to the bottom of the list?
    • What I did on Mom's machine is setup a rule in OE that basically says, "If the sender is not in my address book, the message goes to the spam box" and it seems to do most of the trick.
      • Which is just a "white list". What I'm talking about is something that would put senders from the address book on top, something that may or may not be from a forum that you read in the middle, and our nigerian benefactor on the bottom or directly to the spam box.

  • oops, wrong one. (Score:4, Funny)

    by supernova87a ( 532540 ) <kepler1@NoSpaM.hotmail.com> on Saturday January 22, 2005 @10:07PM (#11445473)
    oops, I thought the article was talking about the 3rd Annual Nigerian Email conference [j-walk.com].
  • anything about
    -- Viagra RX
    -- Vioxx RX
    -- Levitra
    or
    amy and her web cam ?

  • Netsplit (Score:2, Interesting)

    by kappa ( 104316 )
    One of the problems directly connected to SPAM or better to AntiSPAM measures is that the global email connectivity is severely damaged. Many sysadmins are enabling blind filtering on national IP ranges. And which networks end up in the blacklists most of the time? You name it: chinese, african and eastern european.

    While such measures do really help they also hurt. I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously dis
    • More and more of our hosting companies (they usually provide email services too) suddenly find themselves in different RBLs

      Unfortunately for most Americans, we simply do not know anybody in Russia.

      I have recieved e-mail from the .ru country. Needless to say, it was 100% junk. For me a filter on .ru is a simple and effective filter that only hits spam and has deleted no valid e-mail.

      Unfortunately when the filter is placed further upstream, it does get mail to other users that may be something other th
    • Many sysadmins are enabling blind filtering on national IP ranges. And which networks end up in the blacklists most of the time? You name it: chinese, african and eastern european.

      Yeah, we are, because your ISP's don't follow the rules, don't respond to abuse messages, and don't do anything about the spammers and other scum using your networks to attack ours.

      I block mail from Savvis and SBC/Ameritech and a few other North American ISP's that have the same problem.

      If you want to play on the Internet, fol
    • Kappa wrote, "I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear..."

      A good friend from the Netherlands has exactly the same problem.

      This is a real problem for the people in such countries who do want to be good global citizens.

      You could sign on with a legit provider in one of the "good" countries and work through an SSH tunnel to that server. Then there will be no headers with problematic IPs. Hope this hel
  • My invite to this got filtered out, hence I missed it :/
  • How do you get rid of those mischievous links?... at
    http://GuideToProblematicalLibraryUse.buzzword.com /stats/referers [buzzword.com]

    It's a blog template provided free to bloggers but with not that great support !
  • As I sat in the MIT Spam conference, I had an overwhelming sense of waste. As Barry Shein said last year, "Look at the great minds here working to stop penis enlargement promos!"

    I believe there is SPAM because email is essentially free. The SPAMmer can send millions of messages for $ nil and doesn't have to care about the response rate. Ordinary advertising grates on us a bit, but not as much as SPAM. Why? Ordinary advertising costs money and HAS to be a little bit interesting.

    How do we think about the ri

Slashdot Top Deals

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Close