] ICSI claims "effectively perfect" spam blocking method

[Dave Farber <dfarber () me com>]

> From: "Rich Kulawiec" <rsk () gsp org>
> To: "Dave Farber" <dave () farber net>
> Cc: "Lauren Weinstein" <lauren () vortex com>
> Date: January 26, 2010 06:43:05 AM EST
> Subject: Re: [IP] ICSI claims "effectively perfect" spam blocking method
>
>
> We have seen a very long parade of such claims, and each one has reminded
> me of the sequence of events at the end of Isaac Asimov's "Foundation"
> series, where one person after another claims to have located the Second
> Foundation...but none of them have.
>
> Each has had its technical issues, but what most of them actually have
> in common is that they've failed to consider that [some] spammers are
> quite adaptable.  They've long since demonstrated a tremendous ability
> to innovate *when they need to*, which generally equates to "when some
> new anti-spam tactic is deployed".  And in many cases, they've displayed
> far more creative thinking and technical prowess than almost everyone
> working in the anti-spam field.  (And certainly their mass hijacking of
> end-user systems was a masterstroke that has security and privacy
> implications that we're only beginning to fully comprehend. [1])
>
> And this is why, in turn, nearly all of the purported "solutions"
> to spam have been defeated before they were even widely deployed.
> Spammers have done their homework, and have frequently developed
> countermeasures that in some cases merely evade them, but in some cases
> turn them to their advantage or enable them to be repurposed as weapons. [2]
> They're not going to just quietly sit on their hands and watch as their
> highly lucrative enterprises are disrupted.  And they (or their hired
> developers) read research papers too.  So the most likely outcome here
> is that they will prepare their counter, wait until this approach
> or some variant of it is deployed, and *then* render it moot. (Why wait?
> "Never interrupt your enemy when he is making a mistake." -- Napoleon)
>
> We already have anti-spam methods that work extremely well. [3]  We've had
> them for years.  What we don't have (as recent discussion on NANOG
> illustrates) is the will to use them.  And so in many ways while we've
> become very good at stopping spam, we've remained very poor at stopping
> spammers, thus guaranteeing that we will repeat this cycle again and again.
>
> ---Rsk
>
> [1] I think at this point we should probably be talking about 200M
> compromised systems, not 100M as we were a few years ago.
>
> [2] For example, SAV/callbacks fall into that latter category: they
> provide spammers with bypass methods and facilitate very nasty DDoS
> attacks, something we figured out years ago when Verizon was using them.
> Thankfully, they stopped, but unfortunately others have not been
> as responsible.
>
> [3] Where "work extremely well" is assessed by multiple metrics:
> FN rate, FP rate, resource cost, simplicity, resistance to evasion,
> performance, scalability, ease of modification, predictability, etc.


-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com