SpamArchive.org No More?

IrishMASMS writes "Back on November 21, 2002 Slashdot announced SpamArchive.org had just been launched. I configured my spam filters to submit to these guys. Well, the last few I have sent rejected; giving a 553 (sorry, that domain isn't in my list of allowed rcpthosts) error. Did some digging, and come to find out the SpamArchive.org site is just a placeholder; and the WHOIS shows virtualclicks.com aka PSI-USA, Inc. dba Domain Robot aka a Robert Farris now owns the domain. Some searching on the net indicates the fellow is a domain squatter. Anyone know the story as to what happened, and if the Spam Archive project is now dead? Was the Spam Archive project even a benefit or value added to the fight against spam?"

Fishy...

[inviolet]

I configured my spam filters to submit to these guys.

That sounds like a clever way of:

• finding out which email addresses are 'live', and
• tweaking a new spamification algorithm to see what penetrates the savviest users' filters.

But hey, maybe I'm just being cynical.

Re:Fishy...

[deafpluckin]

I configured my spam filters to submit to these guys.

That sounds like a clever way of:

• finding out which email addresses are 'live', and
• tweaking a new spamification algorithm to see what penetrates the savviest users' filters.

But hey, maybe I'm just being cynical.

I don't think spammers care about clever users. Clever users are more likely to not be taken in by "Buy! V|AGr4 N0W!@" and whatnot so worrying about how to penetrate their defenses is pointless.

Re:Fishy...

[TheThiefMaster]

But if you can penetrate the defences of a savvy user you can penetrate the defences of the kind of person who -would- click on a "Buy! V|AGr4 N0W!@" email.

The problem is...

[Svartalf]

...the cost of penetrating the defenses of the savvy user is much higher than just spooging "Buy! V|AGr4 N0W!@" emails all over the place, hoping some of them 'stick'...

So the odds of them bothering are lower, though not completely out of the picture. They just keep upping the ante once the clever ones pass down effective answers to block/bounce the damn stuff to the less clever people because it's not gotten too expensive for these monkeys to stop flinging the electronic poo around.

Re:The problem is...

[Anonymous Coward]

All this talk about penetrating and Viagra is making me feel uncomfortable...

Re:

[discogravy]

Well, consider reading /. before taking viagra...

Re:

[TheOldFart]

Well, consider reading /. before taking viagra...

What is that... something like buying a lawnmower in Iceland?

Re:Fishy...

[Aladrin]

Not entirely true, because these 'clever users' are actually 'clever system admins' that are creating new ways to make sure SPAM doesn't get to their users. So the SPAMmers really do care about them quite a lot.

Pet peeve

[Schraegstrichpunkt]

"SPAM" is food; "spam" is deliberately-generated noise on our communications systems.

Re:

[ninjaadmin]

You obviously have never eaten SPAM, otherwise you'd never have classified it as "food".

Re:

[JoGlo]

Oh, I dunno. As a poor student living in Cambridge (England - town, not gown), spam fritters were quite a good Saturday night supper, provided you also had mushy peas and lots of dead horse.

Re:

[AaronLawrence]

This is a very good point. The admins of email systems and ISPs know that the majority of their users want spam filtering as good as possible. A few users are the dummies who keep on buying from spam, but there is no way for the admins to tell who they are and they aren't clueful enough to turn off spam filtering (if it's even an option).

If we could figure out some way to hook up the dummies who buy directly with the spammers, then they could go play with each other without bothering the rest of us.

Of cours

Re:

[PFI_Optix]

As I understand it, professional spammers get paid per e-mail, so the more legitimate e-mails they can spam the more they get paid.

Re:

[Anonymous Coward]

> As I understand it, professional spammers get paid per e-mail

Not anymore. At best they get a fee per click-through (and the clickthrough rate must really suck these days with all the obfu they have to do). But the usual structure nowadays is commission. Yes, people are still buying from spam.

Re:Fishy...

[FuzzyDaddy]

Because the person configuring the filter may not be the same person using email?

Makes no difference anyway....

[Joce640k]

None of these anti-spam projects is ever going to work.

Nobody is EVER going to make some kind of magic filter to distinguish spam from real mail.

The reason is obvious - it's the exact same reason there's no vaccine for the common cold - the mal adapts to the anti-mal.

The only thing that will ever stop spam is:

a) Get rid of POP mail protocol.

b) If it costs the spammer money.

c) Users can retaliate.

(a) Could be done over the next six months of only people would get working on it and do it for the good of human

Re:

[Chris Mattern]

> (c) Something like the defunct "Blue Frog", but with teeth. I
> need a program which goes to spamvertised web sites and sucks
> their bandwidth. Bandwidth isn't free.

You're behind the times. A lot of spam these days, instead of providing a soft target with a site to go to, simply touts rigged penny stocks.

Chris Mattern

Re:

[Anonymous Coward]

Well if a spam archive is to be any good, it needs to have no false positives in it at all. Configuring a filter to send to the archive might seem like a good idea, but then it's not a spam archive, it's a spam filter output archive. Historically interesting to someone, no doubt, but it can't help improve spam filters if spam filters feed it.

Maybe that's what killed the idea?

Re:

[montyzooooma]

Or use the domain to generate a lot of traffic to make it more attractive to sell on as an ad-portal eventually.

Was it a benefit? Don't know, never heard of it.

[garcia]

Considering this is the first time I've heard of it, probably not as much as it should have been. Did it help SpamAssassin? If so, then yes, it was.

If it's yet another site that finally went by the wayside because no one was using it, maintaining it, or interested in it; then it might have already served its purpose and has been retired.

The Internet moves fast and new things come along all the time to replace those things that are outdated and old. Some might say that about digg and Slashdot though ;)

Re:Was it a benefit? Don't know, never heard of it

[Kelson]

Considering this is the first time I've heard of it, probably not as much as it should have been. Did it help SpamAssassin

According to Justin Mason, it didn't help SpamAssassin much [taint.org], at least where testing the effectiveness of rules was concerned. The main problems were that (1) the data was too anonymized to be able to properly test header checks and (2) submissions weren't verified, meaning someone would have to go through the archive and check to make sure there wasn't any legit mail that had accidentally been dropped into the wrong folder. (And, of course, unless you're the original recipient, you can't be absolutely certain whether something was solicited or not.)

Re:

[grandargh]

He's unlikely to do anything but disparage the mini-projects of a corporation competitive with his own. Perhaps it was only useful to researchers and academics. In the grand scheme of things, it was free, so if you think it was the most worthless thing ever, you can change the frikkin channel.

--adam

Spam archive? I've got your archive right here

[Anonymous Coward]

Just provide your email address, and I'll be happy to provide you with a FREE feed of my spam archive. No need to thank me, just a little service I provide.

Spam Archive of limited use

[gvc]

Spam filters do a differential comparision between ham and spam. If the ham and spam are taken from different places, the difference between the source of the messages overwhelms the difference between the ham and the spam.

A second issue is that you want current spam; the global characteristics of spam change from week to week. So what's the use of an ancient archive?

And perhaps the biggest problem is that SpamArchive is a hodge-podge of mail from different sources, vetted only by the people who send it in. It isn't a sample of spam in any statistical sense.

Finally, there is no scarcity of spam. Ham is what people don't want to share.

So a collection of spam, particularly an old one sent in by self-selected volunteers, is of little practical use. The hard thing to get is a collection of spam and ham from a common place.

The TREC tests use private corpora that have legitimate mixes of ham and spam. They also use public corpora [nist.gov] in which the spam has been carefully spoofed [www.ceas.cc] to make it appear to have been sent to the same recipients as the ham. Collecting the spam for the corpus was easy; spoofing was not.

Re:

[Anonymous Coward]

Ham has been used as the opposite of spam for quite a while. It is not a new thing.
Not to mention it quite effectively shows the difference between the two types quickly.

Re:

[dangitman]

Ummm, SPAM is made out of ham. It's just spiced and canned ham. So, how is spam not ham? I am.

Re:

[SuiteSisterMary]

I always liked the theory that SPAM, in terms of unsolicted bulk email, stands for Self-Propelled Advertising Material.

Re:

[RealGrouchy]

Spam filters do a differential comparision between ham and spam...

Unfortunately, Congress can't use these spam filters, because they need to let the pork through.

- RG>

Re:

[Antique Geekmeister]

That is precisely what makes such a site useful: the variety of spam. If you've only tended to get Viagra spam, your filters will not be trained to detect phishing spam, or multi-level-marketing spam, or penny stock spam. A large and varied body of spam to test with is thus very useful, just as the world's most powerful immune system is often useless against a germ it's never been vaccinated for.

It's also useful to compare and train sitewide filters against a large body of spam, to make sure your filters ar

Re:

[gvc]

But if you never get penny stock spam, there's no need to filter against it, is there? And if you're a penny stock trader, such training may well hurt the performance of your filter.

While you might imagine a filter being able to harness this information, real filters are instead distracted by it. Just like your immune system would be distracted were you to be vaccinated against all sorts of human and animal diseases that you would be unlikely to contract. Exactly the reason why Americans are not routinel

Re:

[Antique Geekmeister]

How are you going to set your first pass at filters? Do you have to wait and collect several thousand spam messages yourself? And some of the spam is much less likely than others, either because your address is not yet known to that community of spammers or because it's less frequent. Why not filter against all the available types, rather than relying on your own efforts to calibrate or guild a new feature when you first get it?

This is especially true if you want to set up sitewide filters, rather than tuni

Spam Archive

[saskboy]

Was it a little bit like Archive.org?

I know I'd be interested in finding out how badly people needed more inches and V!agr4 in the good ol' days.

Re:

[Cervantes]

I know I'd be interested in finding out how badly people needed more inches and V!agr4 in the good ol' days.

In the old days, they didn't bother. My dad said he just patiently explained to a girl that her foot was 1 foot long, an inch was 1/12 of her foot, and left it up to her to figure out the rest. Apparently, it was a great way to get a good reputation.

Re:

[lcsjk]

"My dad said he just patiently explained to a girl that her foot was 1 foot long."

That girl had very big feet for a girl.

FYI: A size 12 mens shoe (USA) is about one foot long.

Re:

[geoffspear]

whoosh

Re:

[saskboy]

"whoosh"

A very scary noise, when one talks about penises, and feet, in the same breath.

(kick?)

Re:

[Schraegstrichpunkt]

(kick?)

-!- saskboy was kicked from #slashdot by Schraegstrichpunkt [whoosh]

Re:

[meme_police]

I still don't get it.

What use was an archive?

[gsslay]

No-one cares what spam got through filters last year. No ones cares even what spam got through last week. The spam menace lurches on so quickly that the only thing of interest is what's getting through right now, today. Analysing anything older than that is pointless.

And, as others have pointed out, a big slab of spam is useless for research unless you have equal amounts of real email to compare against.

So no wonder it didn't last.

Re:

[maxume]

I completely agree that spam is very much a problem of the moment. However, I can see where a large corpus of spam, especially one that demonstrated how it changes over time, would be quite useful in figuring out how to best tokenize messages and for evaluating filters for false negative rates. Gmane.org provides(well, really the mailing lists mirrored there) a significant corpus of ham.

Re:

[porn*!]

mmmmmmm...corpus of ham

Re:

[gvc]

Mailing lists are poor examples of ham email. Useful, perhaps for training the filter attached to a mailing list, but not for training a filter that handles individuals' email.

Re:What use was an archive?

[RAMMS+EIN]

``No-one cares what spam got through filters last year. No ones cares even what spam got through last week. The spam menace lurches on so quickly that the only thing of interest is what's getting through right now, today. Analysing anything older than that is pointless.''

You sound so sure, but I think you're wrong. I think at least some filtering techniques benefit from more data points. And, very naively thinking, I would think that it's better to train my filter to recognize _all_ spam and _all_ ham, not just today's.

I know from personal experience that my spam filter (mailvisa) does a good job recognizing next week's spam when I train it with the past month's. This doesn't totally invalidate your point that recent spam differs from old spam, and thus, training with recent spam is better, but it does show that your timeframes are a bit too constrained.

ipfilter too.

[emptybody]

ipfilter.org is similarly going to a domin squatting link page.
i need a filter that notices these bogus pages and blocks them.

Re:

[Dark_Gravity]

ipfilter.org is similarly going to a domin squatting link page.

i need a filter that notices these bogus pages and blocks them.

If you run your own DNS, you can configure an authoritative zone that reports the domain names of squatter sites as nonexistent, thereby effectively preventing you from having to stumble upon many of the squatters' domains.

Netcraft report

[Vivieus]

Considering that the Netcraft uptime list [netcraft.com] shows a change of hosting/ip, chances are they forgot to renew and the domain was immediately squatted.

Re:

[hxnwix]

...netcraft actually confirms it! Netcraft confirmed the death of something!!

Has the coin finally dropped? Is Apple next?

Consider...

[Forgotten00]

We have to take into account that SpamArchive may have gone the way of Blue Security. Perhaps SA was effective enough to frustrate spammers and they took appropriate actions.

WatchMySpam.com - now with RSS feed

[mgkimsal2]

I'm sorry to see the spamarchive gone, but do want to point out that http://www.watchmyspam.com/ [watchmyspam.com] (*) has been going for a few months now. Not trying to one up spamarchive, as I've never heard of them, but WMS provides an RSS feed of current spam, which would make integrating the spam in to your own applications that much easier.

* While it's not fully web 2.0 compliant, it does have a shiny logo, is still in 'beta', and uses some javascript for not much real benefit.

Why the 553?

[hAckz0r]

You would think that any self respecting CyberSquater would be collecting all the email address of the recipiants. After all, only a real person would reject Spam, hence the 'To:" address was a valid one. Most spammers would pay a bundle for a list of valid addresses!

Self Promotion

[iambarry]

Sorry to hear that SpamArchive.org is offline.

However, if you want to read a lot of SPAM, I invite you to visit my site : www.testcompany.com

I've been posting all the email I've received @ testcompany.com for a few years now. If you like SPAM, and feel like you don't get enough, click [testcompany.com] on through :)

Experiences with my spam archive

[Richard W.M. Jones]

I ran a spam archive [annexia.org] for a number of years, with emails dating back to around 1997. It's a lot of trouble - classifying spam isn't 100%, so there ended up being a few personal emails in there. However the big problems were these:

• Spammers or people whose names/company names appeared in spam (actual spam, that this) would send me random legal threats. None of them panned out in the end, but you can never tell.
• Everyone would be downloading the whole archive (gigabytes) to train their filters, at first

Robert Farris?!

[erroneus]

I wonder if he's the same Robert Farris of EFTDatalink.com and AmstarSystems.com? I once knew that Robert Farris. He had been in and out and in the business of ATMs for quite some time and operates using "curious business methods."

the archive

[grandargh]

the original hosting company went under and its bits and pieces got swished around and sold and resold and one day you look up and nothing is like you left it, and the process for resolution requires actual pieces of paper, an adventure in the big room, and oh so much judicial bs.

sonofabitch!

I have no timetable for the resolution of the particular issue, as it is high on the headache scale and low on the business critical scale.

--adam

squatters and blackmail?

[proudhawk]

well, having read all the responses (and finding a few amusing)
I have come to this conclusion:
1. spammers aren't involved
2. the squatter in question hopped on the chance to get the
      domain so he could "blackmail" the original holders into paying
      to get it back.

now, if he was smart, he'd monitor the incomming connections
and figure out who was who and sell the list to a spammer
for a princely sum...