This month, Virus Bulletin (www.virusbtn.com) will be publishing an
anti-spam section. One of the features we'll be including (but also
making available freely on the website) is a monthly summary of this
list, normally up to the 22nd of each month.
Observant readers will have noticed that today (where I am) is the 22nd.
I present a draft of roughly what we intend to publish. Neither I nor my
concentration is perfect - no doubt there will be people here who feel
misrepresented by what I've said, or who are able to point out things
I've said that are plain wrong. Please do so!
So without further ado, our first draft summary, and a plea for
corrections: (please note, spelling mistakes and the like will be
(hopefully!) caught slightly later on in the editorial process)...
David Nicol kicked off the month by posting a link to an article in
eWeek about 'Sender Pays', and asked for comments on it. The main points
of the article, as summarized by Yakov Shafranovic (and now resummarized
by me) were that 'Sender Pays' would not work because:
* Because the Internet is global, 'Sender Pays' would require
international cooperation at a government level to
* "Micro-payments remain a problem"
* This could cause a problem for people who offer free email services
* Hijack machines could cause problems
Several people politely disagreed with all the above points - the
existence of international money transfer organizations, the existence
of some micropayment solutions, and so on were mentioned in the various
rebuttals. Yakov's plea for a summary sadly went unanswered.
Brett Watson defended the use of "Pull" techniques, where "the sender's
ISP, rather than the receiver's ISP, is the always-online post office
from which the receiver picks up the message", in the words of Dan
Bernstein (DJB). Brad Knowles was unconvinced, and a series of exchanges
between the two followed. Yakov thanked the participants for not
descending into a flame war, citing this as "a mark of improvement for
the entire group." Those interested in the rest of DJB's succinct
writings on the subject could point their browsers to
Peter Kay commented on Yakov's Challenge / Response Interworking (CRI)
proposal draft, and was unhappy about the recommendation that
challenge-response systems should send challenges from a user other than
the intended recipient, saying many challenge-response systems will
white-list recipients of outgoing mail, thus avoiding the need for CRI
overhead in those cases. A long discussion followed, including a tale of
woe concerning Challenge/Response Hell caused by bug ticketing systems.
Yakov announced the creation of a mailing list for dialogue between the
authors of SPF, RMX, DMP, and other designated sender schemes, with Alan
DeKok coordinating. The SPF website claimed a draft specification was
almost ready, and showed how SPF would look using it, but warned that
implementers should wait for version two of the draft.
Yakov published a link to Curtis M. Kularski's draft on "Creative
Addressing" - the general response seemed to be that people felt there
were a good number of questions unanswered or that the draft added very
little new content. Curtis responded by posting links to earlier
versions of his draft that didn't 'lack beef', saying he'd had to change
the draft significantly to try and get it accepted by the RFC Editor.
Slightly off-topic, Yahoo recently announced (22-Oct) that they were
implementing something similar for paying users of their webmail
Markus Stumpf came up with an interesting idea about spam taxonomy,
allowing people to very quickly refer to different sorts of email they
term spam, to facilitate communication, which sadly got less of a
response than it seemed to merit.
His main headings under which a spam could fall were 'Private mail',
'Targeted non-bulk mail' such as contact with existing customers, 'Bulk
email', to include discussions lists and so on, and 'Automated messages'
such as bounce messages.
Andrew Akehurst posted a similar idea a couple of days later, which met
with a favorable response, and followed up a little while later with a
first draft of his email use-cases. He summed up the major differences
between his and Markus's ideas with: 'my main criterion for the
classification was to classify things into different categories only if
a machine could reasonably recognize the difference between them', and
said he was skeptical about the chances of a machine making the
distinctions between some of Markus's classifications.
Terry Sullivan talked about collecting collections of spam for analysis,
and the problems faced by those using spam-trap addresses - otherwise
identical spam-trap addresses get vastly different amounts of spam for
no discernable reason. He suggested that a concerted effort, either
involving asking large organizations/ISPs for access to their
spam-traps, or for ASRG to set up its own spam-trap effort. He sums up
by saying that unless a concerted effort is made towards trap address
maintenance, then the only data we'll have available for research will
be (presumably out-of-date) archived data.
Kee Hinckly offers an explanation for the variance of spam volume
between different addresses, saying it's all too easy to forget that
almost all spam is sent by about 200 major spammers, using a smaller
number of varieties of mailing software, to an even smaller number of
sources of addresses. He goes on to say "What we are sampling is not
spam, but spammer targets/techniques" and agrees that "accurately
measuring such a small population may require a much greater
distribution of spamtraps."
Yakov asked Terry to clarify what exactly he wanted, pointing out that
there are several sources for archived spam. Terry replied by saying he
was mainly soliciting feedback, and Kurt Magnusson spelled out why he
thought access to a near real-time source of spam was more useful than
Andreas Saurwein felt that in his opinion, 15% or so of the pieces of
spam on spamarchive.org were not really spam, and that that was a
hindrance to running analysis tools against the corpus. Paul Judge made
the point that different people have different ideas of what spam is,
and suggested a couple of ideas that had been bandied around for
refining and filtering the corpus, including using anti-spam products
and a sort of 'Am I Spam Or Not' voting system. Some readers may find
Vesselin Bontchev's paper on maintaining a virus library provides an
interesting parallel: http://www.virusbtn.com/old/OtherPapers/VirLib/
Kurt Magnusson was mildly surprised to find that he had stopped
receiving spam from Korea and asked if anyone else had noticed anything
similar. No-one apparently had.
Yakov pointed out the existence of the Best Current Practices list, and
that Brad Knowles is the coordinator. Brad posted some information about
the list to the list.
"Our unique multifaceted approach to solving Spam, which has been in
production since early 2002, is based on a patent pending DNA-like
sequencing technology which is languages independent, highly reliable,
accurate, and extremely secure" gets the award for saying an awful lot
without actually saying a great deal.
Asrg mailing list