On Sun, Nov 26, 2006, Ira Abramov wrote about "Picture spams - again.": > the only option is of course to authorize with a while list, like I saw > some services have. first time you send me and Email I make sure you are > human with a return mail to a URL with captcha, and you can then mail me > freely. this kind of setup is a problem with mailing list, return mail > from websites you just subscribed to but have no idea where their > automatic mail will come from... in short, it's a serious pain in the > butt, but possibly worth it.
I think this idea has so many problems, it's not even possible to consider it... What would you do about mailing lists? About sites which email you registration passwords and so on? Sites which send you e-tickets and so on? About people who send you important email, but have no idea what your reply means? About clients and partners who'll find the "beaurocracy" you impose on them un-professional, if not downright insulting? People who (for legitimate reasons) CC you in addition to ten other people, and don't care to "authorize" themselves for each of these ten people? And what about one of these people who wants to "reply to all"? Worse, for several years now I've been waiting for the next level of spammer sophistication: instead of sending you mail from fake or random people, why not send you spam appearing to be "from" people you really know? It's not hard: these spammers got your address from somewhere, and people on the same "somewhere" (same mailing list, same hacked address book, same web site, etc.) are likely to be people you know, and likely to be on your white list, and "authorized" in your scheme. So I predict that if your scheme is commonly adopted, it will only have shortlived success (but its downsides will remain forever). > what do YOU do to fight this? the smartest filter I know is Google's and > even IT fails on some spams every day. I use my own homebrewed anti-spam software, which still works quite smoothly even though I haven't updated it in many months. The key techniques I use are these: First, about 60% of the spam (about 70 spams a day) are eliminated by several online blacklists of "bad" ip addresses: cracked computers, end-user internet accounts, open relays, and so on. These blacklists hardly have any false-positives, in my experience, and they cut down on the majority of the spam. Second, about half of the remaining spam (20% of overall spam) is found by "Vipul's razor", a colloborative project for collecting approximate checksums of spam *content*. As you say, this doesn't recognize image spam. I catch almost all of the remaining spam with a set of home-brewed huristics which suite my needs. For example, mails with image attachments not from people I know are automatically suspected as spam: it is possible that someone I never heard of decided to mail me (I gave a few examples above), but why would he attach an image to his first email to me (heck, I read my mail in a text mail reader, so I wouldn't even be able to see that image)? Similarly, it doesn't make sense for people I don't know to mail me in Dutch, Spanish, German, Turkish, Russian, Korean, Chinese or Arabic, so I recognize mail in these languages and mark them as spam. Mail not addressed to me, mail pretending to be from me, and so on, is equally suspect, and I have a few other rules which easily catch most (around 99%) of the spam that passed through the previous filters. Unfortunately, a last layer of defense I had - text filtering - became useless in the recent years. Nowadays, spam rarely contains phrases like "to be removed", "make money", "bill 1618" any more, so my rules for finding them have become useless. For this reason, don't use baesean filters - I don't think they'll do me any good. Spam doesn't have many words in common any more, and my real mail isn't all that homogenous either. -- Nadav Har'El | Sunday, Nov 26 2006, 6 Kislev 5767 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |We could wipe out world hunger if we knew http://nadav.harel.org.il |how to make AOL's Free CD's edible! ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
