Paul Graham on Fighting Spam 690
Ramakrishnan M writes "Paul Graham, the Lisp Guru is back with a great technique to fight spam. It is based on trust matric, and he claims, only 5 out of 1000 spams got leaked out of this system with 0 false positives. Worth looking at."
This is wrong. (Score:1, Insightful)
The proper way to get rid of spam is to get rid of spammers. Have it illegal to send spam, to market using spam, and to host spammers.
Make each link in the chain liable!
Ok, that is hot.... (Score:4, Insightful)
Re:This is wrong. (Score:2, Insightful)
anyways, what I was going to say is ok, US outlaws spam. now what? sue korea as a whole? how about china? nigera?
laws don't mean shit.
you need to go after the people making MONEY off spam, not the spammers. Most of them are US "businesses".
Re:Ok, that is hot.... (Score:1, Insightful)
I'm not singling you out, but this statement is the exact reason spam has become as popular as it has. It's annoying, it's cumbersome, but everyone is willing to 'settle' to avoid further problems. People spend effort developing complex filters and programs and proxies. which the spammer spends about a minute and a half figuring out how to get around. I think with the spammers there should be ZERO tolerance and ZERO SPAM. To stop spam you need to stop THE SPAMMER.
When I said... (Score:1, Insightful)
Filtering text content (Score:2, Insightful)
Re:This is wrong. (Score:2, Insightful)
This is a very bad idea. What about companies such as Hyundai that have Korean and American (and many other countries) divisions? Or, what about my friends from Korea trying to e-mail their family back home - should they be hurt because some companies in their home country do bad things (and/or it's government doesn't have/enforce laws to stop them)? Name a country that doesn't another country/ies thinking that they need to 'change how they do things over there.'
Re:A weak point... (Score:3, Insightful)
Spammers would learn to adapt, and the sales pitches would change character/format. The sales pitch will still be that, but it'll be more cleverly designed - it may be hard to do, but people will manage it. having said that, this method does look like it could be worth implementing - maybe even on the mail server...
Tom.
Re:Ok, that is hot.... (Score:5, Insightful)
You ridicule people who dismiss the usefulness of your personal "favorite" language, and then you dismiss the usefulness of one particular language that you happen to dislike? That's a bit hypocritical.
3) [...] what happens when a few smart spammers get their hands on this analysis[?]
Paul covers this. First, he suggests that each user's filters should be personalized, so that any spammer would not be able to circumvent everyone's filters. Second, the filters would be continually learning, possibly dumping older words from the corpus in favor of newer ones. And third, even if a spammer put at the end of his spam "describe describe describe describe", this still wouldn't work; the basic premise of the filter is that the spammer HAS to tell you what he's selling, and in the process of doing that, gives himself away as a spammer.
Re:Misleading (Score:4, Insightful)
Re:This is wrong. (Score:3, Insightful)
It's not particularly nice, or even remotely fair, but something like that might work. A large-scale boycott by major ISPs might do the trick.
Re:A weak point... (Score:2, Insightful)
Ding ding ding ding <points at nose>.
I think you've hit the nail on the head. Simply requiring that spam be cleverly designed should get rid of 99% of spammers.
Re:A slightly different solution (Score:3, Insightful)
What you suggest is no solution at all.
Following your logic, if you don't want to be mugged, simply don't leave your home. We shouldn't make cars safer, simply walk everywhere. And for goodness sakes, don't fix all those buffer overruns in software, just stay the heck off the internet.
No. Not a solution at all. Part of what makes the internet appealing is I can communicate with other people. I should be able to publish my email address without having it used in offensive ways.
There is a difference between stopping spam and stopping hacking. For spam to be effective, the person sending it has to be able to collect money from you. If there is no way to contact the business legitimately, then the spam is useless. If we created laws that shut down those businesses, spam would lose it's financial rewards.
Law and Reality (Score:3, Insightful)
Making spam illegal would probably cut down on people buying email lists and starting to spam in their free time because it seems like a great way to make some money. It might even cut down on the "legitimate businessmen" types here who do it professionally. It's going to have no effect internationally, however, and there's really not much you can do about it.
There's an interesting point about this in the article, however, when graham says:
I would agree with this - it seems to me that for a lot of "crimes of this nature, drugs being the best example, the solution is not criminalization but regulation. People aren't going to stop dealing or using drugs, nor is it something as serious (like murder) that it's worth it to put them in jail anyway. If drugs were regulated, however, most of the problems could be easily reduced. Enforce strict controls to prevent cutting, ban advertisement, and tie sellers to treatment programs to help get people off of drugs. As long as there's no incentive for people to buy them illegally (ie, their being much cheaper or, as it is now, the only supply), people will buy them from regulated sellers.
Similarly if you regulate spam and make people attach footers you'll be less likely to drive people overseas to spam while also making it much easier to filter out.
Of course, there's still not much you can do about the Koreans, other than trying to get their government to do the same thing.
Besides, do you really want to encourage the government to effectively prohibit certain kinds of non-victimizing (non-kiddie porn) speech online?
Re:This approach is very easy to defeat (Score:5, Insightful)
Thankfully, my e-mail client is set up to not render any HTML in an e-mail. I have yet to send back any information to a spammer via specially-coded image tags and am proud of it.
HTML-based e-mail is fundamentally insecure and really should be used by no one (except those who simply don't care about privacy). Go here [privacy.net] to learn just what a spammer--or anyone who sends you an HTML-based e-mail--can learn about you with just one "click" of your mouse.
Yes, the spammer can learn what browser version you use, what OS you use, and even what city you live in (via the traceroute). An unusually savvy spammer could use this information to install spyware via known exploits in certain browsers and operating systems.
In short, HTML e-mail is damn scary knowing that so many people us it not knowing just how much information they are giving away for free!
Re:Best anti-Spam method is TMDA (Score:2, Insightful)
Not much help for businesses... (Score:3, Insightful)
I actually had to close down my hotmail account; the spam would exceed the 2MB within 24 hours after being cleaned (and that's with the wonderful MS spam filter set on "high.")
BTW, these days I'm getting individual spams that are 170 KB in size. Talk about rude...
Re:This is not news ... (Score:2, Insightful)
Spamassassin (as he addressed) does not do this, it gives individual items a score. His method dynamically scores items based on the message. You could use his filter as a plugin for Spamassassin, but with the numbers he's talking about you wouldn't need anything other than his system.
Bill
The problem is the existing email infrastructure (Score:2, Insightful)
1) Allows senders to be faked.
2) Is slow.
3) Requires bounces for broken messages.
4) Allows loops.
5) Cross-subscription to mailing lists, complicated mailing list management.
6) MIME.
7) Add your gripe here.
See http://cr.yp.to/im2000.html
Incorrect statistics (Score:4, Insightful)
This reasoning is statistically invalid. It is only true if the chance of the word "sexy" appearing in a message is independent of the chance of the word "sex" appearing. In other words, only if knowing that the word "sex" appears tells you nothing about how likely the word "sexy" is to appear, can you reason as he is doing above. That's probably a very poor assumption in this case.
He is doing:
The correct formula is: where the last term means the probably of "sexy" given that "sex" appears.Maybe his approach is good enough for his purposes, but the statistical foundations are not correct.
Re:This approach is very easy to defeat (Score:3, Insightful)
Yes this would make it more difficult to spot, but notice that he examines the headers as well as the content of the spam. Looking at Mr. Graham's examples a lot of the key words that his filter finds are parts of the header, so you have a good chance that the probabalistic filters can still rule these out.
The second point, also made in Paul's article, is that part of what you want to do is push up the costs and difficulty of sending spam. Pushing out a million HTML images is much more costly to the spammer than sending out a million text messages. The more costs we can force spammers to bear the less economical it will become to spam, thus reducing the amount of spam.
Mailing list hell (Score:3, Insightful)
This is a bad plan for working in the large.
Bullshit! (Score:5, Insightful)
Freedom of speech is not the freedom to tresspass on my computer equiptment, use my resources for me to listen to your advertising!
This is not a prohibition on your paying your moneyto spread your advertising. This is a prohibition on you spending my money to spread your advertising.
Commercial speech does have some constitutional protection, but not to the same level as non-commercial speech. But even with pure political speech, there is no requirement for me to pay for your speech.
As for hitting the delete key, at that point, you have already tied up at least 2 of my computers used my disk storage, my time, my bandwidth without paying for it.
If you want to spam, no problem, just pay me in advance.
Your eyes are brown. (Score:3, Insightful)
If you have a driveway that connects to a public road, then people can park there. Your house is connected to a public road, I can walk in and watch TV. Your car is on a public road, I can use it without your permission.
A spammer that I tracked down was very unhappy that I knocked on his door. He claimed I was tresspassing. How could I, he opted in by having his house accessible by a public road.
If spamming is legal and honorable, why don't you post your real name, address, and phone number with each spam and on each website that you spam about?
Re:Ok, that is hot.... (Score:3, Insightful)
There's no difference between you, "L1sp rules und haskell dr00ls!" and all the slashkiddiez on here that say "perl and C 0wnZ j00! fsck lisp!"
Re:Why Bayesian Analysis isn't so hot (Score:2, Insightful)