Skip to content

Justin Mason's Weblog Posts

Apple’s ‘Bounce To Sender’ a Bad Idea

Matt journals a snippet from Apple’s eNews newsletter (originally forwarded by Skip Montanaro on the spambayes list), as follows:

Delivering a One-Two Punch to Spammers

Yes, Mac OS X Mail can help you deliver a staggering blow to spammers. Simply pull down the Mail menu, choose Junk Mail, and select Automatic. The next time you receive email, Mail will move suspect email into a Junk folder.

Now you’re ready to deliver a real knockout punch to spammers by taking advantage of yet another potent spam-fighting weapon:

  1. Click on the Junk folder.
  2. Type Command-a to select all of the email in the Junk folder.
  3. Choose Bounce to Sender from the Message menu.

    Mail will return the selected messages to the senders marked User unknown, making them think your email address invalid, encouraging them to drop you from their lists, and, thus, eliminating spam at its source.

Read on for details as to why this does not work (warning: long).

Subject: Bad move, Apple
From: Skip Montanaro (spam-protected)
Date: Thu, 6 Feb 2003 11:45:24 -0600 (17:45 GMT)
To: (spam-protected)

Got this in today’s Apple eNews mailing:

  1. Delivering a One-Two Punch to Spammers …………………………………..

    Yes, Mac OS X Mail can help you deliver a staggering blow to spammers. Simply pull down the Mail menu, choose Junk Mail, and select Automatic. The next time you receive email, Mail will move suspect email into a Junk folder.

    Now you’re ready to deliver a real knockout punch to spammers by taking advantage of yet another potent spam-fighting weapon:

  2. Click on the Junk folder.
  3. Type Command-a to select all of the email in the Junk folder.
  4. Choose “Bounce to Sender” from the Message menu.

    Mail will return the selected messages to the senders marked “User unknown,” making them think your email address invalid, encouraging them to drop you from their lists, and, thus, eliminating spam at its source.

    http://www.apple.com/macosx/jaguar/mail.html

Justin’s comments:

This sounds like an attractive idea at first — mail ‘user unknown’ Delivery Status Notifications back to the spammers, and they’ll take your address off their lists. However, it doesn’t work, and may actually send more noise to non-spammers. Here’s why.

  • First of all, most spam these days is sent using one of three
    • originating-address methods. The first is totally randomly generated From, Reply-To and/or Errors-To addresses, typically at a big ISP like Yahoo! or Hotmail. So replying to these with a ‘user unknown’ DSN will result in nothing more than wasting your own, and that ISP’s, bandwidth, as the address never existed anyway.
  • The second method is for the spammers to use a random address plucked from the same ‘addresses to spam’ list your name is on. So your ‘user unknown’ DSN will be sent to someone else on the spam-list, increasing the amount of crap they get in their mailbox. Oops.
  • Third is the joe-job. This is where the spammer has deliberately picked the address of someone they dislike, so that a barrage of complaints, legitimate ‘user unknown’ messages, and — yes — forged ‘user unknown’ messages! — will be sent to that person. Generally, if an spam-fighter gets joe-jobbed, you can be sure they’re doing something right ;)

Next — even if the spammers were to see your ‘user unknown’ message, they do not act on it:

  • There is a way for ‘user unknown’ messages to be communicated back to
    • the spammer (by doing it in the very first SMTP transaction). However, many folks who have tried this method have noted that it has no effect; spamware tools take a ‘fire and forget’ approach.

      After all, spammers want to send the mail as fast as possible, before they’re blocked from the relay or proxy they’re abusing, and before the DNSBLs and Razor react. So the method is simply to send as much mail as possible, without waiting for replies, and with as little identifying information as possible (to make it hard for them to be tracked down). In other words, any data coming back from the receiver is worthless to them, and may in fact get them shut down, so must be avoided.

  • Another factor is that, if your address is one of those ‘Addresses on CD’, you’ve got hundreds of spammers you’ll need to send bounces to (and hope they honour them). Each one of those spammers has a different copy of the address list, so removal from one — if it happens — won’t help with removal from the others.
  • Yet another aspect is that they do not want to reduce the number of addresses they send to. Spam economics is such that 2,000,000 addresses on CD are worth more than 1,000,000 addresses on CD, and who cares if half of them bounce, ‘cos you’ve paid your money already ;)

So, anyway, that’s why sending fake-bounces in response to spam is bad.

One pay-off, however, is that it makes the creation of spam-traps easy:

HOW TO MAKE A SPAM-TRAP

  • Take an old account that gets too much spam, set up an auto-reply saying
    • “this person has moved to (spam-protected) (although probably using a less machine-readable address format).
  • 3 months later, delete the account so it bounces with ‘user unknown’. That should clear out all the well-behaved mailing lists.
  • 6 months later, redirect it to yourself and monitor it, to catch the badly-behaved legitimate bulk mailers who do not handle bounces correctly (yes, there’s a few of these, unfortunately.)

  • 1 month after that, set up an alias that runs “spamassassin -r”. Install Razor, DCC and Pyzor. Set up a Razor account. Fix the old account’s addresses so they forward to this alias. Also worth piping it to the Blitzed.org OPM checker.

Hey presto, there’s your spam trap!

1 Comment

GNOME 2.2

GNOME 2.2 includes nifty new font technology, I see; including ‘drag into ~/.fonts’ font installation, at last, thanks to Keith Packard. I especially like this:

Jim Gettys and the GNOME Foundation Board worked with Bitstream, Inc. to arrange the donation of the Vera font family to the Free Software community.

Here’s what Vera looks like; very nice. Finally, some decent free fonts — kudos to Bitstream.

And I see subpixel smoothing is now right in there, in the basic font preferences. Excellent news!

But where TF is the Metacity documentation? Maybe there’s none, in the tradition set down over generations of GNOME hacks^Wapplications. (Pet peeve: every command in the default PATH should have a manual page IMO.)

The ‘documentation’ and ‘home page’ links I can find all lead to a directory of tarballs. Great. The best result Google can find, after the aforementioned tarballs, is a blog posting complaining about Metacity. Hmm — scary — I really don’t like the implication that the only way to do my own key-binding prefs, is to run a batch of 15 gconftool commands every time I log in… ah shaggit, I’ll use sawfish ;)

(PS: yes, I’m still on GNOME 1. That’s what happens when you’re stuck on the wrong end of dial-up.)

Crypto: The Crypto Gardening Guide and Planting Tips by Peter Gutmann. Excellent advice on how crypto designers should design protocols so that they can actually get implemented. Also, as a corollary; good tips on common crypto gotchas for implementors to watch out for. Some bonus funnies, too:

Note: PGP adopts each and every bleeding-edge technology that turns up, so it doesn’t figure in the above timeline. Looking at this the other way, if you want your design adopted quickly, present it as the solution for an attack on PGP.

A little bit more introduction on some of the items would be worthwhile though. I don’t have a clue what OAEP is for example ;)

Comments closed

Auth cookies in SMTP

Jeremy describes a way to kill off ‘joe-jobs’ — the practice of forging somebody’s address on spam, generally used to get around ‘does this user exist’ spam-filters, also used to ‘punish’ folks the spammer doesn’t like. Anyway, JZ’s suggestion is this:

One of the ideas tossed about was to implement a system that would make it easy for any MTA (Mail Transfer Agent–the programs that deliver e-mail on the Internet) to verify that a message that claims to be from [email protected] really is from a yahoo.com user.

This is technically doable. And it might be a good idea. Especially, as I argued, if one of the other big players (AOL or MSN/Hotmail) jumps on board and uses the same technique. If either one began to do the same, I expect that a domino effect would follow. Boom. Instant adoption.

But then he doesn’t say how to do this in a way that a spammer can’t forge. Dammit. ;)

Anyway, on with the message.

… However, one interesting objection was raised during the debate…

Wouldn’t that just cause spammers to prey on domains that are less equipped to ‘swallow a few million bounces per hour without breaking a sweat’? (To paraphrase a co-worker.)

Yep, it would — until those domains also instituted similar systems. Anyway, those domains are victims now anyway; I would say only about 50% of my spam comes from forged Yahoo!, Hotmail or other domains — the rest uses domains of small ISPs, and the occasional joe-job.

But back to the system. I would guess what Jeremy’s talking about is pretty similar to the system Pedro Melo describes in the comments. It consists of 2 components:

  • a header added by the MTA at relay time — X-Originator-Signature.
    • This contains ‘an internal identifier for the person who sent it …, a timestamp, and a MD5 of those two fields and a third secret passphrase I keep.’
  • a CGI script on a web server, which validates a pasted X-Originator-Signature header against what hashing those values with the secret passphrase produces, and responds ‘yea’ or ‘nay’.

A nifty idea. Jeremy, was that what you were thinking?

Comments closed

SOAP and firewalls

Taking a look at the referrers, I came across Mark O’Neill’s weblog, which lists taint.org on the blogroll; Mark’s the CTO of Vordel. They have a product called VordelSecure, which seems to be a SOAP firewall proxy, in the same way the Wonderwall product I wrote for Iona was a proxy for CORBA:

When a firewall examines a SOAP request received over HTTP, it might conclude that this is valid HTTP traffic and let it pass. Firewalls tend to be all-or-nothing when it comes to SOAP. A SOAP-level firewall should be capable of:
  1. Identifying if the incoming SOAP request is targeted at a Web service which is intended to be available

  2. Identifying if the content of the SOAP message is valid. This is analogous to what happens at the Network Layer, where IP packet contents are examined. However, at the Application Layer it requires data that the Web service expects.

Cool!

I hear Wonderwall is still around, but rewritten from the ground up. Sorry about that to whoever had to rewrite it ;)

Comments closed

FTC to hold spam summit

FTC to Hold Three Day Public Spam Workshop. ‘The Federal Trade Commission will host a three-day ‘Spam Forum’ Wednesday, April 30 through Friday, May 2, to address the proliferation of unsolicited commercial e-mail and to explore the technical, legal, and financial issues associated with it. The forum will be held at the Federal Trade Commission, 601 New Jersey Avenue, N.W., Washington, D.C. It will be open to the public and preregistration is not required.

A Federal Register notice to be issued shortly says, ‘To explore the impact that spam has on consumers’ use of e-mail, e-mail marketing and the Internet industry, the Commission will convene a public forum. E-mail marketers, anti-spammers, Internet Service Providers (ISP), ISP abuse department personnel, spam filter operators, other e-mail technology professionals, consumers, consumer groups, and law enforcement officials are especially encouraged to participate.”

Comments closed

Anti-Americanism and Anti-Europeanism

In the last few weeks, there’s been a growing discussion of what’s being perceived as an ‘anti-American’ point of view in Europe; see Thomas Friedman on the subject. On the other side, The New York Review of Books carries an interesting essay on this subject: Anti-Europeanism in America. It contains this revealing summary of a December 2002 study:

Asked to choose one of four statements about American versus European approaches to diplomacy and war, 30 percent of Democratic voters but only 6 percent of Republican voters chose ‘The Europeans seem to prefer diplomatic solutions over war and that is a positive value Americans could learn from.’ By contrast only 13 percent of Democrats but 35 percent of Republicans (the largest single group) chose ‘The Europeans are too willing to seek compromise rather than to stand up for freedom even if it means war, and that is a negative thing.’

The divide was even clearer when respondents were asked to pick between two statements about ‘the way in which the war on Iraq should be conducted.’ Fifty-nine percent of Republicans as opposed to just 33 percent of Democrats chose ‘The US must remain in control of all operations and prevent its European allies from limiting the States’ room to maneuver.’ By contrast, 55 percent of Democrats and just 34 percent of Republicans chose ‘It is imperative that the United States allies itself with European countries, even if it limits its ability to make its own decisions.’

It seems a hypothesis worth investigating that actually it’s Republicans who are from Mars and Democrats who are from Venus.

Comments closed

Cannabis Economics

and now, on a lighter note, The Observer reports that the ‘cannabis economy’ in the UK is worth 11 billion UKP a year:

A major new study is being used to advise well known household and high-street companies about the gains and losses they face as cannabis smoking becomes commonplace. Research has revealed that Britain’s ‘cannabis economy’ is worth 5 billion a year in sales alone. Now it has been discovered that a further 6bn of consumer expenditure each year is closely linked to the growing cannabis-users’ market.

‘Young people between 15 and 30 are very trend-conscious and aspirational,’ said Andy Davidson, who commissioned the study for The Research Business International, trend analysts who tracked the spending habits of young people for six months.The study found that cannabis users spend an average of UKP 20 on products that accompany their drug use each time they smoke.

Because smoking cannabis heightens appetite, users are providing a UKP 120 million weekly windfall to a string of takeaway food suppliers, such as Domino and Pizza Hut, and manufacturers of ‘munchie’ products such as Mars bars and Haribo jellies.

Comments closed

The explosion of Columbia

as everyone knows by now, the space shuttle Columbia has exploded on re-entry over Texas. It’s an extremely sad occasion, and a terrible thing to happen.

Lots of people look on space exploration, and the astronauts who do it, as something mundane. No way — it takes a certain kind of bravery and heroism to do this. Every astronaut (from what I’ve read) is clearly aware of the odds that the vehicles they use have a large likelihood of suddenly exploding beneath their feet — and is therefore taking a huge risk on behalf of humanity, and the expansion of human knowledge. They should be viewed as heroes, as a result.

I just hope the ISS project, and manned spaceflight in general, continues…

Some off-beat news links you may not have seen:

Comments closed

Durian fruit

CNN: A box of durian, sprinkled with carpet deodorizer, sparked an aviation alert in Australia on Thursday (via monkeybum):

When they finally found the source of the smell, it was a box of durian, a large, spiny tropical fruit renowned for its fetid aroma. While many people in Southeast Asia consider the durian a delicacy, it is banned from Singapore’s subway and some restaurants in the region because of its overpowering smell.

‘This wasn’t a safety issue, this was gross issue — no one wants to fly in an airplane that smells like that,’ (Virgin Blue boss Brett Godfrey) said. He compared the smell of the gourmet fruit to ‘something you’d find in your outdoor dunny’ adding that ‘it just is the most pungent, disgusting smell.’

No shit — durian really stinks. I’ve tried to cultivate the taste for it, but failed miserably. Worse, for 3 hours in the passenger seat from Khao Sok to Surat Thani in Thailand, I was stuck with a selection of ’em by my feet — no escape!

The nearest thing to their odor is really pungent, cheesy socks. ‘foetid’ is the word for it.

Comments closed

7.5% of Euro households have broadband

SiliconRepublic: Ireland second last in Europe for broadband. But I think regular readers will know that ;) ‘Ireland’s already shaky claim to the title European digital hub was looking even more risible than usual today, following the latest internet penetration survey, which shows us to be languishing in second last place out of 16 European countries in terms of broadband internet penetration. ‘

The usual story — with quotes from IO’s Dave Long — and that’s not surprising. I should imagine things will improve a lot this year, now that the ComReg seems a little more on the job, and eircom have halved their prices.

But the really interesting thing is this: ‘Among the survey’s other findings were that 7.5pc (12 million) of all European households now subscribed to a broadband internet service. 6.3 million customers signed up for broadband for the first time in 2002 — an increase of 55pc over 2001. … It further predicted that a further 7.2 million European homes will acquire broadband for the first time this year, bringing the total to 19.1 million or 11.9pc of total households.’

That’s excellent news, and wipes out the FUD put about by some telcos (guess which ones) that there just isn’t demand in the current market. Clearly there is strong demand throughout the rest of Europe — and there really isn’t much difference between there and here. In fact, if anything, I reckon there would be more demand here, based on the take-up of other high-tech accessories like mobile phones and games consoles.

Comments closed

Latency and DSL

‘It’s the Latency, Stupid!’, a fantastic article explaining why latency is sometimes more important than simple bandwidth.

This was found via Karl Jeacle’s comments on eircom’s DSL, which are very illuminating in themselves — although probably not too interesting for non-Irish folks ;). But the relevant part is the explanation of why they enabled interleaving on eircom’s DSL network (summary: to get more reach, as far as I can see).

Comments closed

TWiki

Interesting story of how Inktomi replicated knowledge across multiple, separated geographical offices, while doing it in an efficient, cross-platform, reliable and accessible way: first of all, they use TWiki, and second, it’s set up as a DistributedTWiki.

Comments closed

more Watchcam

I found a load of snaps from my Casio Watch Camera that I hadn’t uploaded yet. I’d uploaded them, but forgot to add them to CVS ;) Here’s a nice one — a ca. 19th century hygrometer made in the Mason family’s opticians shop in Essex Bridge, Dublin, found in the museum at Collins Barracks:

4 Comments

The Onion comes through

U.N. Orders Wonka To Submit To Chocolate Factory Inspections:

UNITED NATIONS — Responding to pressure from the international community, the U.N. ordered enigmatic candy maker William ‘Willy’ Wonka to submit to chocolate-factory inspections Monday. ‘For years, Wonka has hidden the ominous doings of his research and development facility from the outside world,’ U.N. Secretary General Kofi Annan said. ‘Given the reports of child disappearances, technological advances in glass-elevator transport, and Wonka-run Oompa-Loompa forced-labor camps, the time has come to put an end to three decades of secrecy in the Wonka Empire.’
Comments closed

We Are Made For Higher Timings

a memorable mistranslation found in a guesthouse at Annapurna Base Camp :

Photo of a memorably-mistranslated poster

Help! I’m being underclocked! ;) Perhaps that explained the shortness of breath and dizziness…

(I did some scanning of the hundreds of photos from last year’s trip about a month ago, but haven’t had a chance to fix ’em all up yet. And I’m not uploading anything until I get to CA and some decent bandwidth.)

Comments closed

Monkey sense (fwd)

A funny letter from New Scientist regarding the use of monkeys to collect specimens in the field, which was pioneered by John Corner in Singapore.

The botanist noticed that local fruit-pickers trained monkeys to collect fruit, and reasoned that a monkey could similarly be trained to collect flowers, leaves and nuts for his own work. The result was the collection of hundreds of otherwise inaccessible specimens — and this gem:

Travelling with mule and monkey on a narrow path in the uplands, he spied a new and unrecognised flower on a liana hanging from the path, down a near-vertical cliff face too steep for him to climb down. So he instructed the monkey to descend and collect the flower. But the monkey just looked at him questioningly with its head on one side.

‘Go down!’ repeated the eminent botanist. At which the monkey gave an eloquent shrug, took hold of the liana and pulled it up hand over hand to collect the flower. No human being, said Corner, had ever, before or since, made him feel so much of a fool.

Comments closed

Bank of America ATMs are net-connected!

Boing Boing notes that the SQL Slammer worm ’caused service outages at tens of thousands of Bank of America ATMs and wreaked havoc at Continental Airlines. Apparently, customers at most of the #3 American bank’s 13,000 automatic teller machines were unable to process transactions for a period of time.’

Does anyone else find it very scary to contemplate an ATM network connected to the internet, with a sufficiently open set of firewalls that a semi-documented Microsoftish SQL protocol can traverse as far as the ATM servers? Sure, it probably took a few hops, compromising a couple of SQL servers along the way, but each of the firewalls in question must have had that MS-SQL port open for those servers. Yikes.

Someone should teach those guys about network compartmentalization for security; something like an ATM network, where security is hugely essential, should never have a direct IP-based connection to the internet, no matter how many firewalls and gateways are in place.

Spam: NACS: Spam Detection. Great, Catherine’s new email system at UCI uses SpamAssassin. Nothing like getting bug reports from your SO ;)

On the other side, though, they’ve written an excellent set of pages on how to detect and act on the SpamAssassin markup in various MUAs.

Comments closed

deny udp any any eq 1434

it looks like the the latest internet worm is making the rounds, and this one’s a biggie. It’s been dubbed ‘SQLSlammer’, since it hammers on the Microsoft SQL ports, attempting to exploit yet another commonly-unpatched 7-month-old MS vulnerability. The best bit: it uses UDP broadcasts to do this, so the traffic load is massive compared to previous worms, so there’s lots and lots of backbone hosage as a result. Coverage:

Quick fix: update those router filters to deny all traffic, both UDP and TCP, on port 1434. (you shouldn’t need to update the firewall filters of course, because nobody’s stupid enough to allow access to open-internet MS SQL traffic, right? ;)

Comments closed

Kim Jong Il, Giant Robot

Kim Jong Il Unfolds Into Giant Robot (Onion). Met up with Paddy Benson last night for a few drinks, and he let me into the secret that The Onion is, once again, officially funny:

‘If we add Kim Jong Il’s transformation into a giant robot to his already defiant isolationist stance and his country’s known nuclear capability, the diplomatic terrain definitely becomes more rocky,’ U.S. envoy James Kelly said. ‘Kim has made it clear that, if sufficiently threatened, he will not hesitate to use nuclear weapons or his arm-mounted HyperBazooka.’

‘We are also forced to consider the possibility that Kim may attempt to robo-meld with other members of the Axis of Evil, forming a MegaMecha-Optima-Robosoldier. Kim would make a powerful right arm — or even a torso — for such a mechanism.’

Wotcher Paddy!

Comments closed

Matt Blaze vs master keys

Matt Blaze has posted a very neat exploit against ‘weaknesses in most master-keyed lock systems, such as those used by offices, schools, and businesses as well as by some residential facilities (particularly apartment complexes, dormitories, and condominiums). These weaknesses allow anyone with access to the key to a single lock to create easily the master key that opens every lock in the entire system. Creating such a key requires no special skill, leaves behind no evidence, and does not require engaging in recognizably suspicious behavior. The only materials required are a metal file and a small number of blank keys, which are often easy to obtain.’

‘The vulnerability was discovered by applying the techniques of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock design.’

Paper here.

Comments closed

Tardis-noise inventor dies

Daphne Oram, one of the pioneers of electronic music, has died. (BBC)

Almost un-noticed by the wider world, one of the pioneers of electronic music has died. Without Daphne Oram, we may never had known what the Tardis sounded like. Electronic music – as much a part of today’s life as whistling a tune to yourself – grew up amid milk bottles, gravel, keys, and yards of magnetic tape and wires. These were the sort of tools typically scattered around the BBC’s Radiophonic Workshop in the 1950s and 60s, when they were used to generate wonderful and ethereal sounds for the airwaves. The mother of this great legacy was Daphne Oram. Aged 18, and armed with a passionate interest in sound, music and electronics, she started work at the BBC in 1943 as a sound engineer.
1 Comment

Lotsa SpamConf linkage and commentary

Another good trip report, from ‘babbage’ at perl.org.

  • Again, and interestingly, quite a few folks agreed with one of SA’s core tenets; no single approach (stats, RBLs, rules, distributed hashes) can filter effectively on its own, as spammers will soon figure out a way to subvert that technique. However, if you combine several techniques, they cannot all be subverted at once, so your effectiveness in the face of active attacks is much better.

  • Also interesting to note how everyone working with learning-based approaches commented on how hard it was to persuade ‘normal people’ to keep a corpus. Let’s hope SA’s auto-training will work well enough to avoid that problem.

  • in passing — babbage noted the old canard about Hotmail selling their user database to spammers. That must really piss the Hotmail folks off ;) I think it’s much more likely that, with Moore’s Law and the modern internet, a dictionary attack *will* find your account eventually.

  • Good tip on the legal angle from John Praed of The Internet Law Group: if a spam misuses the name of a trademarked product like ‘Viagra’, get a copy to Pfizer pronto. Trademark holders have a particular desire to follow up on infringements like this, as an undefended trademark loses its TM status otherwise.

  • David Berlind, ZDNet executive editor: ‘They don’t want to be involved (in developing an SMTPng)’. He might say that, but I bet their folks working on sending out their bulk-mailed email newsletters might disagree ;). Legit bulk mail senders have to be involved for it to work, and they will want to be involved, too.

  • Brightmail have a patent on spam honeypots? Must take a look for this sometime.

  • the plural of ‘corpus’ is ‘corpora’ ;)

Great report, overall.

It’s interesting to see that Infoworld notes that reps from AOL, Yahoo! and MS were all present.

Since the conf, Paul Graham has a new paper up about ‘Better Bayesian Filtering’, and lists some new tokenization techniques he’s using:

  • keep dollar signs, exclamation and most punctuation intact (we do that!)

  • prepend header names to header-mined tokens (us too!)

  • case is preserved (ditto!)

  • keep ‘degenerate’ tokens; ‘Subject:FREE!!!’ degenerates to ‘Subject:free’, to ‘FREE!!!’, and ‘free’. (ditto! well, partly. We use degeneration of tokens, but we keep the degenerate tokens in a separate, prefixed namespace from the non-degenerate ones, as he contemplates in footnote 7. It’s worth noting that case-sensitivity didn’t work well compared to the database bloat it produced; each token needs to be duplicated into the case-insensitive namespace, but that doubled the database size, and the hit-rate didn’t go up nearly enough to make it worthwhile.)

Most of these were also discovered and verified experimentally by SpamBayes, too, BTW.

When we were working on SpamAssassin‘s Bayesian-ish implementation, we took a scientific approach, and used suggestions from the SpamBayes folks and from the SpamAssassin community on tokenizer and stats-combining techniques. We then tested these experimentally on a test corpus, and posted the results. In almost all cases, our results matched up with the SpamBayes folks’ results, which is very nice, in a scientific sense.

(PS: update on the Fly UI story — ‘apis’ is not French, it’s Latin. oops! Thanks Craig…)

Comments closed

Trip Report from the SpamConf

Kaitlin Duck Sherwood writes a trip report. Good tidbits:

  • many big players in the mail-sending side want to see an SMTPng; a new protocol which is spam-resistant.

  • Jon Praed of the Internet Law Group said that ‘better spam filters make his job easier: the more contortions that a spammer goes through to make sure that the messages go through, the easier it is to convince a judge that the spammer knew it was wrong.’ Excellent!

Comments closed

Toilet Flies

Andrew McGlinchey writes about a Fly UI: ‘I have seen one of the finest instances of user interface design ever, and I saw it in the men’s room at Schipol airport in Amsterdam. In each of the urinals, there is a little printed blue fly. It looks a lot like a real fly, but it’s definitely iconic – you’re not supposed to believe it’s a real fly. It’s printed near the drain, and slightly to the left.’

I’ve heard of this one before, and yes, it is an aiming-improvement UI. It started in France around the turn of the century, if I recall correctly. One important fact: it’s not a fly — it’s a bee. You see, it’s also a visual pun — the french for ‘bee’ is ‘apis’, geddit?

(I’d have commented on the blog, itself, but it’s one of those ‘create an account to comment’ places — too much trouble!)

He’s also spot-on about why tea is big in Ireland: ‘The climate is cool, grey and damp. Steady doses of warm drink with a nice gentle caffeine push really keeps you going.’ Hey, works in the Himalayas too ;)

Comments closed

UL alert: ‘out-of-office’ autoreplies help burglars

BoingBoing, back in December, forwarded this snippet: ‘A report issued by UK-based Infrastructure Forum (‘TIF’) says spam-savvy thieves are using info from ‘out of office’ email autoresponders and cross-referencing it with publicly available personal data to target empty homes.’

Criminals are buying huge lists of email addresses over the internet and sending mass-mailings in the hope of receiving ‘out of office’ auto-responses from workers away on holiday.

By cross-reference such replies with publicly available information from online directories such as 192.com or bt.com, the burglars can often discover the name, address and telephone number of the person on holiday. Tif is advising users to warn their staff to be careful of the information they put in their ‘out of office’ messages.

“You wouldn’t go on holiday with a note pinned to your door saying who you were, how long you were away for and when you were coming back, so why would you put this in an email?” said David Roberts, chief executive at Tif. (via VNUNet)

My take on this? Bullshit.

I mean, how many house burglars (a) have the know-how to set up a fast internet connection, get hold of an addresses CD, and send a spam; and then (b) how often does a Reply-To address on a spam stay active once it’s sent — assuming it ever worked in the first place — before the ISP whacks their account? I would guess 6 hours at the most, and most spam runs wouldn’t even be halfway through by that stage (from what I hear).

Self-promoting bullshit of the highest order I reckon.

Comments closed

Six Degrees Tested

Steppe by Step (Guardian). “I started wondering if (the ‘six degrees of separation’ theory) was true today. … So 35 years on from the original experiment, I decided to test out the urban myth on a world stage: how many steps would it really take to get to someone on the other side of the planet?”

The London-based “city girl” author, Lucy Leveugle, makes it in 9 steps (hey, the world has expanded!) to Purev-Ochir Gungaa, a nomadic herdsman in the middle of the steppes of Outer Mongolia. Amazing.

Comments closed

wierd referrers

308 referrer hits from www.xxxstoryarchive.com, 282 from amateur-porn.us, 282 from nude-lesbians.us, etc. Somehow I doubt it. All the hits are 404s, looking for e.g.

nn.nn.nn.nn – – [12/Jan/2003:18:52:13 +0000] GET /pics54754-96 HTTP/1.1 404 284 http://www.celebrity-nude-pics.com/ “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)”

Hits from hosts at AT&T WorldNet Services and an SBC PPPoX pool. They’re all MSIE 6 on Windows, and it’s been going on for a month or so.

Theory: sounds like MSIE’s download-to-‘view’-offline functionality has bugs; when it hits a 404, maybe it requeues that request but then sends it to entirely the wrong IP.

Alternative theory: it’s a pathetically underpowered DDoS. ouch!

Anyone else seen this?

Comments closed

Still Moving

Who knew relocating with a cat could be so tricky? Well, actually, I did. He hates travel. I’m considering just putting him in a crate and handing him off to a courier to do it.

Paul Graham’s Spam Conference seems to be doing great; they’ve moved to a bigger room, and are expecting 480 (!!) attendees.

I still can’t make it due to all this movage, but thankfully there’s a few SpamAssassin folks going, so we’ll still be able to snarf some good tricks with any luck.

In other news, the public mass-check submission run for SpamAssassin 2.50 is about to start; with the new with-bayes and with-net-tests dimensions in the matrix, it’s going to be the biggest run yet. Should be fun.

Comments closed

The good news

Frequent drinking cuts heart attack risk (New Scientist). ‘ Half an alcoholic drink every other day, be it wine, whisky or beer, can reduce the risk of heart attacks by a third, a new study shows. The 12-year study published in The New England Journal of Medicine found that the frequency of drinking was the key to lowering the risk of heart disease, rather than the amount, the type of alcohol, or whether or not it was drunk with food.’

1 Comment

In the news

Well, looks like it’s been announced; McAfee and NAI are buying Deersoft. I wish I could comment properly, but I’m in mid-packing right now and things are a total hectic mess :(

Comments closed

minor bloglet

New Scientist: Turing tests filter spam email. “Simple tests designed to distinguish computers from humans are increasingly being used to clamp down on unsolicited, or ‘spam’, email advertising.”

The article notes that Yahoo! has imposed such a test to block automated account-signup-then-spam bots. (Thankfully — that might discourage some of the more automated 419 spammers.)

Sorry ’bout the lack of blogging — very busy ’round here, what with a new SpamAssassin release in the pipeline and a move to the US in the offing…

Comments closed

1 January 1659/60 (Lord’s Day)

Samuel Pepys has a weblog:

This morning (we living lately in the garret,) I rose, put on my suit with great skirts, having not lately worn any other, clothes but them. Went to Mr. Gunning’s chapel at Exeter House, where he made a very good sermon.

Anyway, still recovering from the holidays. Hope you all had a good one..

Comments closed

EU DMCA fails – for now

Yahoo!: Deadline Passes for European Digital Copyright Law. ‘A deadline for adopting a new EU law on copyright protection has passed with just two member countries signing up, dealing a blow to media and software companies beset by unauthorized duplication of their works across the Internet.’ The two countries are Greece and Denmark, which is odd, considering I thought Ireland had do so too.

Other actors in the private sector, such as Internet service providers, have weighed in heavily on the issue, opposing laws that could ultimately hurt consumer rights.

Yay ISPs!

Comments closed