The Lurker

Latest posts | Archive

posted by ajf on 2003-08-12 at 04:01 pm

A few months ago, Paul Graham published A Plan For Spam, in which he proposed the use of Bayesian statistical analysis to calculate the probability that a given message is spam.

Many people found the idea appealing, and the spammers of course noticed. As Graham says in his latest spam essay, Filters that Fight Back:

Spammers try to add good tokens by inserting random dictionary words, or by attaching a big chunk of neutral text, typically from a book or a wire service article. Neither of these tricks works very well.

No, they don't get the spam past the Bayesian filter. But they do increase the size of the spam tremendously. What used to say Get Viagra online now! We are the cheapest supplier on the net is now:

G<!--2oi8dtkspzea2-->et V<!--t8ypay1jr8-->iag<!--e0vbzz2eh6ki12-->ra o<!--ejjicg2jp4rh-->nli<!--3g8pa230ie1-->ne now<!--0kza7l1khw-->!

W<!--fstefpc7d26018-->e a<!--gr36je121cvl6-->re<!--eiphbhq1gx7j--> th<!--a93m1f2fkgr601-->e chea<!--nnpjge18h5d81-->pest sup<!--6jgb2p3ulf-->plier <!--nemwka23sod-->on th<!--spw3161kqo7tb3-->e n<!--6mw5sx35atber-->et

So the spam you receive, whether your email client hides it from you or not, is about six times bigger than it used to be.

Even after losing from its potential audience the people who Graham claims are benefitng from the Bayesian filtering approach, spam is still a profitable endeavour. Far from being a solution to the spam problem, the approach Graham advocated made spam six times more costly in terms of network resources — more costly to literally everyone who has an Internet connection and an email address, and without making a dent in the viability of spam.

His proposal to "fight back" against spam is an automated DDOS attack. He predicts that spammers, so frustrated by the effectiveness of Bayesian filtering, will remove as much of the easily-recognisable sales pitch from the email, leaving little more than a URL in the spam email itself.

I'd like to suggest an additional feature to those working on spam filters: a "punish" mode which, if turned on, would retrieve whatever's at the end of every url in a suspected spam n times, where n could be set by the user.

[...] The huge volume of the spam, which has so far worked in the spammer's favor, will now work against him, like a branch snapping back in his face. Auto-retrieving spam filters will drive the spammer's costs up, and his sales down: his bandwidth usage will go through the roof, and his servers will grind to a halt under the load, which will make them unavailable to the people who would have responded to the spam.

Pump out a million emails an hour, get a million hits an hour on your servers.

Hmm... I wonder how spammers could exploit this to their advantage?

sex penis viagra prescription xxx porn

http://www.cauce.org/

Hooray: instant denial of service attack against CAUCE, a highly-visible anti-spam group. It would be easy to put URLs for controversial spam source blocking list SPEWS, or MAPS, another organisation publishing lists of mail servers known to be sources of spam, or The Spamhaus Project, or anyone else who rubbed a spammer the wrong way.

I think it's very fortunate that people don't appear to think too highly of this questionable form of vigilante justice.

Related topics: Rants Web

All timestamps are Melbourne time.