Interesting People mailing list archives
] ICSI claims "effectively perfect" spam blocking method
From: Dave Farber <dfarber () me com>
Date: Tue, 26 Jan 2010 11:17:50 -0500
From: "Rich Kulawiec" <rsk () gsp org> To: "Dave Farber" <dave () farber net> Cc: "Lauren Weinstein" <lauren () vortex com> Date: January 26, 2010 06:43:05 AM EST Subject: Re: [IP] ICSI claims "effectively perfect" spam blocking method We have seen a very long parade of such claims, and each one has reminded me of the sequence of events at the end of Isaac Asimov's "Foundation" series, where one person after another claims to have located the Second Foundation...but none of them have. Each has had its technical issues, but what most of them actually have in common is that they've failed to consider that [some] spammers are quite adaptable. They've long since demonstrated a tremendous ability to innovate *when they need to*, which generally equates to "when some new anti-spam tactic is deployed". And in many cases, they've displayed far more creative thinking and technical prowess than almost everyone working in the anti-spam field. (And certainly their mass hijacking of end-user systems was a masterstroke that has security and privacy implications that we're only beginning to fully comprehend. [1]) And this is why, in turn, nearly all of the purported "solutions" to spam have been defeated before they were even widely deployed. Spammers have done their homework, and have frequently developed countermeasures that in some cases merely evade them, but in some cases turn them to their advantage or enable them to be repurposed as weapons. [2] They're not going to just quietly sit on their hands and watch as their highly lucrative enterprises are disrupted. And they (or their hired developers) read research papers too. So the most likely outcome here is that they will prepare their counter, wait until this approach or some variant of it is deployed, and *then* render it moot. (Why wait? "Never interrupt your enemy when he is making a mistake." -- Napoleon) We already have anti-spam methods that work extremely well. [3] We've had them for years. What we don't have (as recent discussion on NANOG illustrates) is the will to use them. And so in many ways while we've become very good at stopping spam, we've remained very poor at stopping spammers, thus guaranteeing that we will repeat this cycle again and again. ---Rsk [1] I think at this point we should probably be talking about 200M compromised systems, not 100M as we were a few years ago. [2] For example, SAV/callbacks fall into that latter category: they provide spammers with bypass methods and facilitate very nasty DDoS attacks, something we figured out years ago when Verizon was using them. Thankfully, they stopped, but unfortunately others have not been as responsible. [3] Where "work extremely well" is assessed by multiple metrics: FN rate, FP rate, resource cost, simplicity, resistance to evasion, performance, scalability, ease of modification, predictability, etc.
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- ] ICSI claims "effectively perfect" spam blocking method Dave Farber (Jan 26)