Re: [Asrg] Ideas for anti-spam

 On 9/27/10 8:07 AM, Swaying Trees wrote:
> I have some experience in fighting off intentional internet crime of a 
> few different types so I have that mentality and I'm interested in 
> stop spam. I love creating systems to catch the bad guys and I've been 
> successful at it in a few different arenas.
> Types of spam being targeted:
> 1. Forum/comment/website/blog spam
> 2. Video spam (youtube)
> 3. Basically most spam but not email spam.
>
> Basic idea: USE the eyes of the public. The public is the target of 
> spam. They're the ones that see it. Let THEM take care of the spam 
> problem. They will be happy to do so.
> All we need to do is this: Let 3 established users of that website 
> flag the spam and hide it. If reporters abuse this feature, their 
> accounts will be canceled or suspended so they have to be sure its 
> really spam. Only let users with a certain account age flag spam (3 or 
> 6 months, for example). People with new accounts can also flag it but 
> it doesn't hide it right away. Instead it goes into an Spam approval 
> que where more experienced users can take action. The problem is 
> complex because these are human spammers so the solution has to be 
> significant as well.
> Scenario: Spammer posts comments on message board. 3 people flag it 
> and its deleted automatically and the spammer's account is disabled. 
> It can be renabled in case of a false alarm and if the user confirms 
> they're not a spammer. No system is perfect but if it stops 95% of the 
> spam coming in, its good enough. Spammers will realize that its simply 
> not worth it if only 3 people can see their message and have the 
> account disabled.
> This would work for Yahoo messenger also. 3 people flag an account as 
> spam and that's it. Different checks and balances can be created to 
> take care of different "what if" situations.
> Create a central website for example "flag the spam.com 
> <http://spam.com>" (FTS). This is how it would work: On every piece of 
> user created content (comments, videos), there is a "report" button, 
> that makes a link to the FTS site. For example there's a spammer on 
> Facebook or Youtube. When the FTS site receives reports from 3 people, 
> it sends back an email to the website reporting the spammer's 
> username). Facebook/Youtube automatically takes immediate action, 
> deletes the comments and spam and disables the user account. The flag 
> icon (looking like a trash can icon) would become a universal "report 
> spam" symbol. Website owners could either let FTS do the work, or buy 
> the software from FTS to install it on their websites. I've thought of 
> creating a system like this and testing it out on smaller websites to 
> the bigger ones can see it really works.
> As mentioned, checks and balances could be created to take care of 
> security and false alarms as much as possible. Secure keys and codes 
> can be exchanged to make sure messages being exchanges are genuine and 
> not fake. When there is so much spam going around, even if 3% of all 
> reports are false, its still ok.
> For spammers who create fake blogs or websites for traffic generation, 
> the same approach can be used to send reports to Google so their site 
> can be excluded from searches. The goal once again: Make spam 
> reporting quick and easy for the public.
> This is not true right now. Its difficult to report a certain website 
> to Google for spam. Similarly, Facebook spam gets reported to admins 
> who take action. Thats slow and there arent enough admins. Its very 
> hard to report spam comments on Yahoo news. Also, action taken is slow.
> For email spam, let each email server obtain an anti-spam 
> certification which means, they take action against people who spam. 
> Anyone who doesnt have that certification, will get a "spam" point 
> meaning, their email will be more easily caught in spam filters. This 
> creates a motive for email server admins to get certified. Black 
> listed email servers which dont take any action against should not be 
> entertained by other servers. They'll be left out of the internet 
> cloud with no choice but to fix themselves. A system can be created to 
> take care of cheats and other things.
> Email spam is 95% of all emails sent. We cant fix this serious problem 
> without having a serious solution.
> Does anyone have any thoughts?
Your scheme is easily poisoned.  Covert accounts are free and can 
exchange messages with other accounts over some period and be 
indistinguishable from normal users.  Unfortunately, the art of saying 
something without saying anything has become a forte for many, like 
adding +1 to a thread. ;^)
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg