Re: A new technique to anti spam
On Wed, 27 Oct 2004 11:52:26 +0800, =?gb2312?B?dGVzdA==?= said: 3.The authority database guarantee all \Email-content servers\ are related with legal ESPs. This is somewhere between highly unlikely and totally unworkable. Problems: 1) Who controls the authority database? Why should I trust them any more than I trusted Verisign even *before* the 'wildcard *.com' incident? (of course, long-time IETF readers know that I'm paranoid, and by default don't trust *any* governments or corporations, not even my own. ;) 2) There are some 75 *million* .com domains. There's probably dozens of registrars. How do you ensure that *NO* employees of any of those dozens of companies are bribed? 3) If the spammer's current ISP is willing to pink contract their network access and DNS services *now*, why will that same ISP *not* be willing to pink-contract a registration in your database? (Hint - the ISP won't change their business model unless there's an *additional* threat of other sites not talking to them - and most of the problem ISP's are *ALREADY* in enough blacklists that there really isn't any *realistic* chance that they will be shunned more than they are now. The spammer can create a lot of spam-pointer point to ONE email which is on a legal server. How to prevent it? The legal \Email-content servers\ provides \retr\ and \top\ command to let users download the content. \retr\ can only be used once. \top\ can be used more than once. \retr\ is more popular than \top\. So only the first receiver can download the junk-mail from the legal server through the spam-pointer,and the second receiver can\'t download it if he use \retr\ command. Do you *seriously* think it will take more than 15 seconds for the spammer to modify the software so that 'retr' and 'top' work the same, and both can be used multiple times? Remember - the spammer controls the server you're fetching it from, and has *very* good reasons to give the first copy to the first recipient, and then lie to the next several million and tell them that *they* are the first recipient. D)It\'s difficult to confirm the qualification of \Email-content servers\. But I think CA can works,it can works too. Matt Blaze had an interesting statement about the role of a CA in security: A CA is able to protect you against anybody they aren't accepting money from. Think about that, and remember that in the *real* world, not 100% of the companies in *any* business are honest - and in this case, it only takes 1% or 2% of dishonest CA's to ruin the scheme. Or - what if the largest CA started selling certs to spammers? What could you *realistically* do? Take them out of your list of root CA's? That would cut you off from a large fraction of people who have certs signed by that CA. It's the same they *have* you where they *want* you that makes a merchant accept a Mastercard or Visa - it's the rare merchant indeed that can afford to lose the business by saying I don't take Visa because they sometimes issue cards to crooks (And yes, yours is *NOT* a new idea, at all, and the previous several hundred people who came up with it didn't do any better at finding solutions to the problems. In fact, we hear so many of the same new ideas over and over that Vern wrote this page: http://www.rhyolite.com/anti-spam/you-might-be.html Please don't be insulted - it really *is* the best one-page summary of all the previously suggested-and-didn't-work ideas we've heard already. Also, note that the fact that we still *have* a spam problem is proof that none of us experts in the IETF can think of an idea that doesn't break under at least one of those points, *either*. And yes, the best experts in the IETF *do* believe that a final solution to spam *will* have to survive *all* those points. (Existence proof - if a workable solution existed even though it failed one of Vern's points, we'd have deployed it anyhow...) Personally, I think you're better off *not* trying to come up with one scheme that addresses it all, but come up with several interlocking methods that each address one part of the problem. For instance, *by itself*, the only thing that Meng Wong's SPF and Microsoft's Caller-ID and Yahoo's Domain-Keys proposals do for spam is provide information regarding whether the mail is from an authorized source, which does almost nothing about spam *directly*. However, if you approach it as If we deploy one of those, then we can do some other thing about spam which isn't from an authorized source. My own feeling is that if SPF/Caller-ID/Domain-Keys is widely spread, the only real effect will be to force the spammers to use zombie software that routes to the zombie owner's ISP mail server so the victim's mail servers will accept the mail as being from the ISP's authorized mail server, rather than directly to the targets as the software usually does now Of course, at *THAT* point, the ISP will have more of a reason to *do* something about the
RE: A new technique to anti spam
I think this discussion shoulg probably move to the Anti Spam Research Group list No? [EMAIL PROTECTED] -Tom [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 1:14 PM To: test Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: A new technique to anti spam On Wed, 27 Oct 2004 11:52:26 +0800, =?gb2312?B?dGVzdA==?= said: 3.The authority database guarantee all \Email-content servers\ are related with legal ESPs. This is somewhere between highly unlikely and totally unworkable. Problems: 1) Who controls the authority database? Why should I trust them any more than I trusted Verisign even *before* the 'wildcard *.com' incident? (of course, long-time IETF readers know that I'm paranoid, and by default don't trust *any* governments or corporations, not even my own. ;) 2) There are some 75 *million* .com domains. There's probably dozens of registrars. How do you ensure that *NO* employees of any of those dozens of companies are bribed? 3) If the spammer's current ISP is willing to pink contract their network access and DNS services *now*, why will that same ISP *not* be willing to pink-contract a registration in your database? (Hint - the ISP won't change their business model unless there's an *additional* threat of other sites not talking to them - and most of the problem ISP's are *ALREADY* in enough blacklists that there really isn't any *realistic* chance that they will be shunned more than they are now. The spammer can create a lot of spam-pointer point to ONE email which is on a legal server. How to prevent it? The legal \Email-content servers\ provides \retr\ and \top\ command to let users download the content. \retr\ can only be used once. \top\ can be used more than once. \retr\ is more popular than \top\. So only the first receiver can download the junk-mail from the legal server through the spam-pointer,and the second receiver can\'t download it if he use \retr\ command. Do you *seriously* think it will take more than 15 seconds for the spammer to modify the software so that 'retr' and 'top' work the same, and both can be used multiple times? Remember - the spammer controls the server you're fetching it from, and has *very* good reasons to give the first copy to the first recipient, and then lie to the next several million and tell them that *they* are the first recipient. D)It\'s difficult to confirm the qualification of \Email-content servers\. But I think CA can works,it can works too. Matt Blaze had an interesting statement about the role of a CA in security: A CA is able to protect you against anybody they aren't accepting money from. Think about that, and remember that in the *real* world, not 100% of the companies in *any* business are honest - and in this case, it only takes 1% or 2% of dishonest CA's to ruin the scheme. Or - what if the largest CA started selling certs to spammers? What could you *realistically* do? Take them out of your list of root CA's? That would cut you off from a large fraction of people who have certs signed by that CA. It's the same they *have* you where they *want* you that makes a merchant accept a Mastercard or Visa - it's the rare merchant indeed that can afford to lose the business by saying I don't take Visa because they sometimes issue cards to crooks (And yes, yours is *NOT* a new idea, at all, and the previous several hundred people who came up with it didn't do any better at finding solutions to the problems. In fact, we hear so many of the same new ideas over and over that Vern wrote this page: http://www.rhyolite.com/anti-spam/you-might-be.html Please don't be insulted - it really *is* the best one-page summary of all the previously suggested-and-didn't-work ideas we've heard already. Also, note that the fact that we still *have* a spam problem is proof that none of us experts in the IETF can think of an idea that doesn't break under at least one of those points, *either*. And yes, the best experts in the IETF *do* believe that a final solution to spam *will* have to survive *all* those points. (Existence proof - if a workable solution existed even though it failed one of Vern's points, we'd have deployed it anyhow...) Personally, I think you're better off *not* trying to come up with one scheme that addresses it all, but come up with several interlocking methods that each address one part of the problem. For instance, *by itself*, the only thing that Meng Wong's SPF and Microsoft's Caller-ID and Yahoo's Domain-Keys proposals do for spam is provide information regarding whether the mail is from an authorized source, which does almost nothing about spam *directly*. However, if you approach it as If we deploy one of those, then we
Re: Re: A new technique to anti spam
Hi,Harald Tveit Alvestrand, First,this tech is an \"anti-spam by macroeffect\" and also based \"human psychological warfare\", it may not work right-now. Then,it\'s a more complex system but only on server-side,simple on client-side.What we think is if users need it?Maybe the answer is no!Who knows? > Worrisome side effect: > > I can now only read the mail as long as the sender\'s mail server remains > online. > > If the evaluation happens at read-time, not at fetch-time, this also means > that if I use \"file-and-forget\", as I do with many mailing lists, and > return to my archive a year later, many of the messages won\'t be there, > since I didn\'t read them, and the senders have later moved on. > > So in practice, I have to let my computers evaluate the request and fetch > the message with no human interaction. Some bandwidth may be saved, but the > email infrastructure became more complex. > > Worth it? > > Harald > > welcome! ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Re: A new technique to anti spam
Hi,Dave Aronson, > (BTW, those two characters before the ! just show up as empty boxes > here.) These words are in Chinese. I\'m not good at E > I would certainly hope so. Otherwise it would be worse than useless. Thankyou > > And in the case we are concerned with, that of the spammer, what is to > prevent the sender smtp server from claiming zero percent chance? Or, > if the white-hats realize \"zero means it must be from a spammer\", > spammers could claim some random very low percentage. A). 1.We must be sure the purpose of spammers making spam-pointer is they wish the receivers download the email-content. 2.Where the receivers download is \"Email-content server\". 3.The authority database guarantee all \"Email-content servers\" are related with legal ESPs. 4.legal ESPs don\'t wish their users be spammers 5.those spammer who making spam-pointer aren\'t belong to legal ESPs. 6.Their \"Email-content servers\" are illegal. 7.the receivers won\'t download the email-content from illegal servers. B). This tech can work together with \"SenderID\" to confirm the sender ID C) The spammer can create a lot of spam-pointer point to ONE email which is on a legal server. How to prevent it? The legal \"Email-content servers\" provides \"retr\" and \"top\" command to let users download the content. \"retr\" can only be used once. \"top\" can be used more than once. \"retr\" is more popular than \"top\". So only the first receiver can download the junk-mail from the legal server through the spam-pointer,and the second receiver can\'t download it if he use \"retr\" command. D)It\'s difficult to confirm the qualification of \"Email-content servers\". But I think CA can works,it can works too. > welcome! ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: A new technique to anti spam
Worrisome side effect: I can now only read the mail as long as the sender's mail server remains online. If the evaluation happens at read-time, not at fetch-time, this also means that if I use file-and-forget, as I do with many mailing lists, and return to my archive a year later, many of the messages won't be there, since I didn't read them, and the senders have later moved on. So in practice, I have to let my computers evaluate the request and fetch the message with no human interaction. Some bandwidth may be saved, but the email infrastructure became more complex. Worth it? Harald ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: A new technique to anti spam
test [EMAIL PROTECTED] wrote: Dave Aronson, ! (BTW, those two characters before the ! just show up as empty boxes here.) This new tech is compatible with the other anti-spam techniques I would certainly hope so. Otherwise it would be worse than useless. The last parameter is \spam\.It means the posibility of \this email is a junk-mail\ is 20%. Where the value is from? It\'s because the new-tech work together with filterings on the sender smtp server. And in the case we are concerned with, that of the spammer, what is to prevent the sender smtp server from claiming zero percent chance? Or, if the white-hats realize zero means it must be from a spammer, spammers could claim some random very low percentage. First phase,Some huge ESPs turn to use the new-tech,cause them to avoid to receive spam each other I still don't quite see how this prevents them from getting spam, especially before the rest of the world has adopted your new way. Second phase,to stop the new-tech be compatible with the traditional tech. And thereby cause massive headaches all over. This isn't impossible, and may in fact be the final way to go, but IMHO the new way is going to have to look much more promising first (enough that everybody's what's in it for me? is well-answered), and a lot of planning must go into it. Transition periods are hell (Becasue most of spammers are use their own pc to make spam,and the new-tech won\'t allow people use pc to be a smtp server,as I wrote the new-tech will share an authority IPs database on Internet) I don't understand what you mean here. Do you mean there will be some central database of duly authorized mail-sending servers, and spammers (and their z0mb13z belonging to clueless people on home broadband links) will not be in this database? Who will administer this database? How will servers be authorized? How will its accuracy be ensured? How will its availability be ensured? How will the spammers be kept out? How will those let in but later discovered to be spammers, be ejected? How will everybody's willingness to be under said central authority's electronic thumb be ensured? How will the authority's fairness be ensured? It could be a distributed database like DNS, so that the centralization issues are less, but that just means that keeping the spammers out, keeping it accurate, and other such problems, become all the harder. There is much clarification remaining to be done, and frankly I think it's on a shaky basis to begin with. -- David J. Aronson Work: http://destined.to/program Play: http://listen.to/davearonson ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: A new technique to anti spam
On Sat, Oct 23, 2004 at 07:18:57PM +0800, test wrote: The advantages of the new technique: 1.As a receiver,you first judges the useful of the email by simple information(email-pointer:subject,from,to and etc).if is,you can refuse it to forbid download the body of the email(reducing the Internet flux) This is not an advantage over existing SMTP. Case 1: If you can judge by the given simple information (basically the mail header), then you could simply discard/tag the message after reception or even abort the connection after transmission of the header. (Violation of SMTP, but spam is an excuse). So there is not advantage over SMTP. Also no advantage from user's point of view. If you can tell from sender/subject that it is spam, than you won't read it. Just a bandwidth matter. Case 2: If you can't judge, then you need to fetch the message anyway. Again, no advantage. This is also a legal problem: What is the transmission time? Imagine you have to fulfill a contract by sending something by email. When did you fulfill? when the receiver starts to fetch? How long would you have to keep your server online? A day? A week? A month? The proposal is not new, and has been discussed on ASRG about more than a year ago. You furthermore run into several problems: When will the server be allowed to delete the message? After a download? What if the message is aliased to several recipients? How would the sender tell how many downloads it will take for all recipients to get the message? What if the recipient never downloads? What if the diskspace of the server is exhausted? It is also a security problem: You need to protect the server against faked fetches. E.g. if a message is forwarded or bounce to someone else, the new recipient could delete the message from the server. BTW, it is not correct to assume that all people use pop3 to fetch messages. How should someone fetch emails when not online? (e.g. I do use UUCP). And, ironically, it makes spammer's life even easier: Your proposal makes sending email much more complicated for those who deliver normal mail. But for those who do mass mailing and are sending the same message a million times, your proposal saves a huge amount of bandwidth, because they need to transmit the header only and to keep just a single message available for download for those who read the message. So it just reduces the bandwidth needed for spamming. That's not exactly what an anti-spam-system can be expected to do. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
A new technique to anti spam
Email traditional technique\'s working flow: 1.Sender sends his email to sender\'s smtp server for his client computer by smtp 2.Sender\'s smtp server sends the email to the receiver\'s smtp server by esmtp/smtp 3.Receiver\'s smtp server moves the email to the pop3 server(/or imap server/or web server) 4.Receiver gets the email from the pop3 server by pop3 To anti spam by using a new technique call \"anti-spam by macroeffect\" New technique\'s working flow: 1.Sender sends his email to sender\'s smtp server for his client computer by smtp 2.Sender\'s smtp server communicates with receiver\'s smtp server to test if the receiver\'s uses the new technique. if is,the sender\'s left the email on \"Full-content Email\" server.At the same time,it creates a email-pointer pointing to the email.(if the result of testing is the receiver\'s can\'t support the new one, then sender\'s transfer email by using tranditional tech) 3.Sender\'s smtp server sends email-pointer to the receiver\'s smtp server by esmtp 4.Receiver\'s smtp server moves email-pointer to the pop3 server(/or imap server/or web server) 5.Receiver gets the email-pointer from the pop3 server by pop3 6.According to email-pointer,receiver downloads the email from the \"Full-content Email\" server after identifying the authority of the \"Full-content Email\" server\'s IP address. Teh characteristics of the new technique: 1.compatible with the traditional technique,coming from RFC 1869 2.To limit the sender\'s send-box(not only receive-box),because the email\'s body stores there. 3.Receivers receive only the email-pointer.if spam,to delete it can save the Internet flux(reducing network bandwidth) The advantages of the new technique: 1.As a receiver,you first judges the useful of the email by simple information(email-pointer:subject,from,to and etc).if is,you can refuse it to forbid download the body of the email(reducing the Internet flux) 2.As a receiver,sometimes you judges it\'s spam after you download the body to read.You also can refuse it.Because the email\'s body occupys the sender\'s send-box,it stops the sender to send a new email after he emptys his send-box.(As a spammer,he want to maximize the effects of the junk-mails.He wishs most of the receivers read the junk-mail.But he can\'t judge if the receiver has no time to read or the receiver refuse it after reading it,because the status of both are same.The spammer check the stauts of the junk,if it\'s UNREAD.He must need a decision to delete it to get more room to send new junk to new receiver OR keep it to wish the receiver read in a day or two.If the spammer chooses the later,it means the older email occputies the send-box,so he can not send as many junk as he can.it slow the speed of spam-making.If the spammer choose the former,that means the junk mail has been deleted before it take effect by self) 3.As a sender,you can know if your email has been read.Because the body of the email was left on your send-box,after the receiver download it and accept it(if spam,the receiver can refuse it),you can check the status of email on send-box.The status are only READ or UNREAD.\"The receiver downloads and accepts it\" makes the status READ,and \"the receiver has no time to read or the receiver set it spam\" makes the status UNREAD.If the receiver has not read the email,you can modify your email to make sure you can express your true willing.(The email has been send,but you can modify before receiver read it) Of cause,if you configure that system can delete the READ emails automatically for you. The specifications of the new technique(detail of the specifications): 1.How to create the email-pointer? Separate the email into body and header.Get the header plus a email-location to create the email-pointer.That it is,the email-pointer only has header and no body. For example:a simple email-pointer can be(between BEGIN and END) <<<<<<<<< From:\"Mike\"<[EMAIL PROTECTED]> To:\"John\"<[EMAIL PROTECTED]> Date: Thu, 8 Jul 2004 00:08:23 +0100 Subject:This is a test X-MPTR:svr=192.168.95.100;port=9110;id=20040707230823.GA29023;md=1732457bac7b4d141732457bac7b4d14;size=2573;spam=20% >>>>>>>>>>END 2.What is the structure of the email-location? It\'s in the header.Combine with the IP,port of \"Full-content Email\" server,and id,md5,size of the email and other params. For example:a simple email-location can be X-MPTR:svr=192.168.95.100;port=9110;id=20040707230823.GA29023;md=1732457bac7b4d141732457bac7b4d14;size=2573 3.The session between both new tech email servers (1) S: C: S: 220 dbc.mtview.ca.us SMTP service ready C: EHLO ymir.claremont.edu S: 250-dbc.mtview.ca.us says hello S: 250-
Re: A new technique to anti spam
test [EMAIL PROTECTED] wrote: Notes:If server dones't supports new tech,just do it as traditional server. In other words, the old way must still be supported. Therefore, the flow of spam can (and therefore will) continue unabated, so long as the spammers use the old way. Furthermore, even if adopted by spammers, your way will only save a bit of computer communication bandwidth. However, that capacity keeps growing by leaps and bounds every year, and has become dirt-cheap, at least in bulk or compared to years past. The real cost of spam is the *human attention* bandwidth! That capacity grows at negligible speed. If your technology relies on human judgement, especially from the end recipient, to say what is spam or not, then it is doing absolutely nothing to save human attention bandwidth. What is needed is some way that will stop spam even if neither the spammers nor most legitimate senders adopt the new way, and before the vast majority of the spam is ever seen by the recipient. It need not be perfect; it need only reduce the flood to a trickle. However, it should be as perfect as possible in NOT generating false POSITIVES, which can be a kiss of death for a business. So far, a combination of just being damn careful with your address (such as using throwaways, and web-forms instead of mailto links), and Bayesian filtering, looks to be the best bet IMHO. Being careful has reduced my spam count from the hundreds per day I get on some old addies, to the few a week I get on a few dozen current ones all put together. (That even includes THIS one, which is on publicly-accessible unaltered web archives.) And that's with *no* filtering at all -- David J. Aronson, Spamfighter since 1994 Work: http://destined.to/program Play: http://listen.to/davearonson ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Re: A new technique to anti spam
Dave Aronson, ! This new tech is compatible with the other anti-spam techniques(Such as filterings) Do you notice the structure of mail-location in the new-tech? Such as: X-MPTR:svr=192.168.95.100;port=9110;id=20040707230823.GA29023; md=1732457bac7b4d141732457bac7b4d14;size=2573;spam=20% The last parameter is \"spam\".It means the posibility of \"this email is a junk-mail\" is 20%. Where the value is from? It\'s because the new-tech work together with filterings on the sender smtp server. No like traditional server,the receiver server filter the mail after getting it. The new tech wish the step of sending email-pointer shows the posibility of a spam. So the receiver judge the spam not only by human attention. (The receiver can configure the value to let system filter ones above this value automatically) About the development of the new-tech. First phase,Some huge ESPs turn to use the new-tech,cause them to avoid to receive spam each other Second phase,to stop the new-tech be compatible with the traditional tech. (Becasue most of spammers are use their own pc to make spam,and the new-tech won\'t allow people use pc to be a smtp server,as I wrote the new-tech will share an authority IPs database on Internet) 2004/10/23 23:29:41 : > \"test\" <[EMAIL PROTECTED]> wrote: > > > Notes:If server dones\'t supports new tech,just do it as traditional > > server. > > In other words, the old way must still be supported. Therefore, the flow > of spam can (and therefore will) continue unabated, so long as the > spammers use the old way. > > Furthermore, even if adopted by spammers, your way will only save a bit > of computer communication bandwidth. However, that capacity keeps > growing by leaps and bounds every year, and has become dirt-cheap, at > least in bulk or compared to years past. The real cost of spam is the > *human attention* bandwidth! That capacity grows at negligible speed. > If your \"technology\" relies on human judgement, especially from the end > recipient, to say what is spam or not, then it is doing absolutely > nothing to save human attention bandwidth. > > What is needed is some way that will stop spam even if neither the > spammers nor most legitimate senders adopt the new way, and before the > vast majority of the spam is ever seen by the recipient. It need not be > perfect; it need only reduce the flood to a trickle. However, it should > be as perfect as possible in NOT generating false POSITIVES, which can > be a kiss of death for a business. > > So far, a combination of just being damn careful with your address (such > as using throwaways, and web-forms instead of mailto links), and > Bayesian filtering, looks to be the best bet IMHO. Being careful has > reduced my spam count from the hundreds per day I get on some old > addies, to the few a week I get on a few dozen current ones all put > together. (That even includes THIS one, which is on publicly-accessible > unaltered web archives.) And that\'s with *no* filtering at all > > -- > David J. Aronson, Spamfighter since 1994 > Work: http://destined.to/program > Play: http://listen.to/davearonson > > ___ > Ietf mailing list > [EMAIL PROTECTED] > https://www1.ietf.org/mailman/listinfo/ietf > welcome! ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
