Kudzu World

"Programming is an art form that fights back"

Kudzu World  »  Blogspace  »  Kudzu's Tech Blog
English - Română - Русский - عربي

RSS Feed

If you want to more easily stay informed of updates etc you can subscribe to the RSS feed. Just point your RSS reader at this page, auto discovery is enabled.




Technical

Tech Blog
.NET, software, and computer related items.

The Powerful Portable
See my personal customer computer - a portable powerhouse.

Woo Hoo!!!
By day I am a professional speaker on development and IT topics. See my topics, schedule, and more.

Non Technical

The Journeys
of Kudzu
Join in the fun in and see the odd signs and other things I see in my travels.

Travel Tips
Travel Tips of a Professional Perpetual Traveler.

The Amazing
Kudzu Plant
Learn about a plant like no other.

Favorite Quotes
Collection of my favorite quotes.

Links

Atozed Software
Producers of IntraWeb, IntraWeb Studio, and sponsors of the Indy Project.

Indy Project
Open source Internet components for C++, Delphi, and .NET.

COSMOS
C# Open Source Managed Operating System

Curing the spam cancer, but killing the patient

7/3/2005

Sure spam is a problem, but are some of the solutions we've come up with truly worse than spam? In fact I think that not only are many of the so callled "solutions" worse than spam, but some are just outright ridiculous.

Cure for Spam

I have a foolproof way to eliminate spam forever. My solution is to simply eliminate all email. This may seem far fetched, but this seems to be the goal of many so called spam "solutions".

SpamCop

This is the so called "solution" that has spurred this blog, SpamCop. I will not speak about SpamCop as a whole, but let me just show you one incredibly stupid, and irresponsible item in SpamCop. Today we received a spam rejection message from SpamCop in response to an email sent by one of our team members. The email informed us that SpamCop had blacklisted our entire domain. When we went to the URL that the email directed us too it said:

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours.

Causes of listing
  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
Automatic delisting

If you are the administrator of mail.vsoft-tech.com.au and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue.

You may only do this once per IP! So please be sure that the problem is really and truly resolved. If you delist your system and we get more spam reports about it, you will not be allowed to expedite delisting again. Delisting normally occurs 24 hours after spam reports have ceased.

You must be able to receive mail at one of the addresses below. Until you have received and confirmed your request, it will not take effect.

 Looking for potential administrative email addresses for 206.123.68.234:

cannot find an mx for mail.vsoft-tech.com.au
206.123.68.234 is an mx ( 5 ) for vsoft-tech.com.au

Listing History

In the past 4.6 days, it has been listed 2 times for a total of 27 hours

Dispute Listing

If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes.

So let me get this right. We've been listed - but you will not tell us why. We can remove ourselves, but only if we are sure we have fixed a problem that you will not even tell us about? It gets worse. Let's dig a bit deeper. Look at the listing history. Two listings? What is a listing? So we have two users who decided they did not like us and that black lists us? Do I know its a user? No, but with the evasive answers, how can one know?

But yet the fun continues "You must be able to receive mail at one of the addresses below.". Yet no addresses are listed, and they make it look like our fault. You know why there are no email addresses listed? Because spammers harvest this information and spam such addresses. So SpamCop in their infinite wisdom requires us to use a spammable address to interact with them.

Delisting? We'll you can ask us, but we'll just ignore you, we've even said so.

Hello? Are the inmates running this asylum? Guilty until proven innocent? I thought only the IRS could do that. Lets think about this now. One day you arrive home and the police take you to jail and hold you. They will not tell you what you've done, you cannot make any telephone calls because they tell you your phone number is unlisted, and to be released you must prove that you did not commit the crime of charges that you do not even know what they are. Maybe after 18 hours they will release you, but even if they do they will never tell you why they held you, and they might come harass you again. You can request a trial, but we're telling you right now we have the right to ignore anything you say for any reason. In real life this would never happen - oh wait, I forgot about the Patriot Act, its already happened. So is SpamCop merely just the Patriot Act of spam? They've decided we've had a spam version of 9/11 and all rights are suspended?

While we are here...

I keep getting a lot of spam about a home rate mortgage. They usually open with the following line:

This will be our final attempt to contact you!

Oh how I wish!

Other Solutions

I am not fond of SpamAssassin and verification based systems. Anyone who has encountered these quickly understands what I mean.

Spam Assassin

SpamAssassin regularly picks headers and marks the mail as spam, even when it knows nothing about the headers. For example, some spammers used Indy, so SpamAssassin decided to block all email with the Indy header. They did not bother to investigate what Indy was, just declared it as spam. Since this time Indy has changed it's headers and is not detectable by SpamAssassin, so what good did SpamAssassin do in this case other than frustrate hundreds of thousands of non spamming Indy users?

Indy is not the only false positive SpamAssassin makes. SpamAssassin definitely kills spam, but it throws out a fair amount of non spam mail as well. I will not go so far as saying the baby is thrown out with the bathwater, but certainly all the baby's toys and clothes are going out the window with the dirty bathwater.

Verifcation Based Systems

These may seem a boon to the recipients, but are a major pain for senders. Regularly user subscribe to mailing list and subject all the other members, or the list owners to complete a verification process. Or as we see it, users order our product and then our product delivery is bounced by a verification service. Such systems are completely hands off to the recipient, but cause lots of lost mail by irritated senders. In the case of product deliveries, the recipient usually turns around and gets upset at the sender, sometimes even calling their credit card company and demanding a refund, because their spam filter intercepted product delivery.

Worse yet, if the sender has a verification based system as well, the verification message from the original recipient now gets re-bounced for verification. Now it is in an eternal loop of verification systems holding up the mail and trying to verify each other, and neither person ever knows something went awry unless they go look in the pending verification list, which then again defeats the usefulness of such a system.

Bayesian Solutions

Bayesian solutions work on probabilities and classify email according to "learned" criteria. That is you start out by teaching it what you consider is spam and what is not. Of all the solutions so far, in my opinion Bayesian is the best. However Bayesian is not perfect and if you deal with a lot of business based mail that talks about sales, software, etc, or have a lot of mail that comes through from yahoo groups or free mail services that add advertising at the end, this can create "false probabilities" for Bayesian systems too. In my business, I cannot afford to lose or miss emails and even while Bayesian solutions get all of the spam very reliably, they sometimes get real mail too.

There is a bigger problem with Bayesian solutions. Bayesian solutions do not do anything to help reduce the spam problem, they only shield the user from many of its effects. What we need is crime reduction, not just to lock ourselves up in our houses. However until something comes along, Bayesian solutions are among the best to combat spam in your inbox if you do not mind losing an occassional mail her and there, and your general mail is typical and can reasonably be differentiated from spam.

What do you suggest?

I did not write this blog entry to promote any solution of my own, but since the question will arise I will address it. I do not claim to have the perfect solution, but I do know what we are doing now is not working, and its causing a lot of problems, many worse than the original problem. I designed a system called SpamShadow which I believe takes a more thoughtful and unique approach to spam. While it will not solve the spam problem, it does take a more pragmatic approach without causing such problems. Maybe some day in the future, Atozed or myself will return to working on this solution and take it beyond the prototype that was developed.

 

<< Previous Entry    Next Entry >>

Comments:

-- No Comments --

Post a comment

Use my contact form to contact me directly.

© 1997-2010 Chad Z. Hower aka Kudzu

For the legal types: The views and opinions expressed on this site are my personal opinions and not those of my employer, whomever that might be when you read this.

For everyone else: Duh!