Re: [Asrg] Ideas for anti-spam
2010-09-27 12:17:41
On 9/27/10 8:07 AM, Swaying Trees wrote:
I have some experience in fighting off intentional internet crime of a
few different types so I have that mentality and I'm interested in
stop spam. I love creating systems to catch the bad guys and I've been
successful at it in a few different arenas.
Types of spam being targeted:
1. Forum/comment/website/blog spam
2. Video spam (youtube)
3. Basically most spam but not email spam.
Basic idea: USE the eyes of the public. The public is the target of
spam. They're the ones that see it. Let THEM take care of the spam
problem. They will be happy to do so.
All we need to do is this: Let 3 established users of that website
flag the spam and hide it. If reporters abuse this feature, their
accounts will be canceled or suspended so they have to be sure its
really spam. Only let users with a certain account age flag spam (3 or
6 months, for example). People with new accounts can also flag it but
it doesn't hide it right away. Instead it goes into an Spam approval
que where more experienced users can take action. The problem is
complex because these are human spammers so the solution has to be
significant as well.
Scenario: Spammer posts comments on message board. 3 people flag it
and its deleted automatically and the spammer's account is disabled.
It can be renabled in case of a false alarm and if the user confirms
they're not a spammer. No system is perfect but if it stops 95% of the
spam coming in, its good enough. Spammers will realize that its simply
not worth it if only 3 people can see their message and have the
account disabled.
This would work for Yahoo messenger also. 3 people flag an account as
spam and that's it. Different checks and balances can be created to
take care of different "what if" situations.
Create a central website for example "flag the spam.com
<http://spam.com>" (FTS). This is how it would work: On every piece of
user created content (comments, videos), there is a "report" button,
that makes a link to the FTS site. For example there's a spammer on
Facebook or Youtube. When the FTS site receives reports from 3 people,
it sends back an email to the website reporting the spammer's
username). Facebook/Youtube automatically takes immediate action,
deletes the comments and spam and disables the user account. The flag
icon (looking like a trash can icon) would become a universal "report
spam" symbol. Website owners could either let FTS do the work, or buy
the software from FTS to install it on their websites. I've thought of
creating a system like this and testing it out on smaller websites to
the bigger ones can see it really works.
As mentioned, checks and balances could be created to take care of
security and false alarms as much as possible. Secure keys and codes
can be exchanged to make sure messages being exchanges are genuine and
not fake. When there is so much spam going around, even if 3% of all
reports are false, its still ok.
For spammers who create fake blogs or websites for traffic generation,
the same approach can be used to send reports to Google so their site
can be excluded from searches. The goal once again: Make spam
reporting quick and easy for the public.
This is not true right now. Its difficult to report a certain website
to Google for spam. Similarly, Facebook spam gets reported to admins
who take action. Thats slow and there arent enough admins. Its very
hard to report spam comments on Yahoo news. Also, action taken is slow.
For email spam, let each email server obtain an anti-spam
certification which means, they take action against people who spam.
Anyone who doesnt have that certification, will get a "spam" point
meaning, their email will be more easily caught in spam filters. This
creates a motive for email server admins to get certified. Black
listed email servers which dont take any action against should not be
entertained by other servers. They'll be left out of the internet
cloud with no choice but to fix themselves. A system can be created to
take care of cheats and other things.
Email spam is 95% of all emails sent. We cant fix this serious problem
without having a serious solution.
Does anyone have any thoughts?
Your scheme is easily poisoned. Covert accounts are free and can
exchange messages with other accounts over some period and be
indistinguishable from normal users. Unfortunately, the art of saying
something without saying anything has become a forte for many, like
adding +1 to a thread. ;^)
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
|
|