Green Eggs and Spam
In a recent article, John Dvorak claims that Spam reveals all and that it offers a unique look at our social trends.
Phooeyhoo was so tired of all the spam that he got as Network Administrator for a Midwestern Foundation that he learned Visual Basic just to write his own spam filter for his e-mail server. It's a growing filter because new keywords have to filtered out each time a spammer gets clever. In the beginning, filtering out for "young hot pussy" would catch just about all of your porno spam. But these days the spammers are getting smart with "y0ung", "d1ck", "bl0w j0b", and other words that they can substitute numbers in.
Phooeyhoo then realized how large his list has gotten. Here's just a small subset of that list:
porn ^ porn ^ porn^hardcore^Penis^pussy^limited time^in bed^money back^jackpot^FORECLOSURE^Viagra^Horny^Sluts^Refinance Now^Adult Offers^xxx^Ca$h^ Cum ^webcam^Earn up to^Matchbox Cars^azoogle^donald duck^junk email^your opinion could be worth^are you a homeowner^join for free^never pay for tv^free trial offer^daughter with mother^download yours today^gift for you^misbehaving^vinarol^get laid^work full time^earning your degree^debt reduction^*second notice*^xenical^claim your free^everyone is approved^you'll be huge^priceless!^f r e e^you've been approved^best price guaranteed^cheaptrips^zero cost^buried in bills^anxious father^breast size^liquidation special^protect your^lose weight^no health insurance?^do you have what it takes^arousal^pc check up^no problem!^bad credit^instant winner^unlimited access^free long distance^cool gadget^fuckable^fuck^unclaimed funds notification^son with mother^really scared girls^save big $^best photos!!!^f_r_e_e^ business opportunity^gerls^screaming loud^slut^penn1s^pen1s^dollar-savers^erase your debt^personal domain names^weight loss^sister and brother
Phooeyhoo finds it strange that there now exists a list with both the elements "donald duck" and "son with mother."
But seriously, Phooeyhoo doesn't know what these law makers are thinking down in Washington. They understand that spam is a problem and are trying to draft bills which is all fine and good but I don't think anyone has sat down with them to explain the technical challenges of filtering out all the spam in the world — let alone trying to track down and fine everyone who sends it out. Here are some things they obviously haven't considered.
Any putz with half-a-brain can set up his own e-mail server and start anonymously sending out SPAM. Finding e-mail addresses to spam isn't all that hard, either. All you have to do is have a robot scour the Internet (Google makes it even easier!) for them. Bingo. You have a spam list! Hotmail, Yahoo and other e-mail services are finally wising up and making it harder for spammers to sign up for e-mail addresses by enabling a Turing Test. The Turing Test was named after British computer scientist Alan Turing as a test for whether or not a computer could be deemed "intelligent." Turing claimed that if a human tester were to ask questions to a computer and another human behind a closed curtain and the human tester could not distinguish them through questioning, then it was reasonable to assume that the computer was intelligent. In this case, the Turing Test enabled by Yahoo is a line of text that is garbled either by filtering it through an image or blurring it out so that a human can easily reproduce the text but a computer OCR cannot recognize it. This is a step in the right direction but (1) it should have been implemented earlier when spammers were still trying this route and (2) spammers are turning to other sources to send out their spam.
Spammers can easily setup their e-mail servers to broadcast from different IP addresses. One of the filters that I set on my server filters out known IP Addresses, IP C Classes, and HostDNS names of known spammers. (I also append to this list when someone sends me a piece of spam that has gotten through my filter.) Let me explain the differences between these three items. An IP address is obviously the unique number that you are assigned when you access the Internet. Anyone accessing the Internet must have a public IP address whether you have a direct DSL connection to the Internet or even if you are surfing through a server behind a firewall. (Although the firewall is superior because it usually broadcasts a useless IP address that no one can hack, if the firewall is worth its salt.) Most spammers are smart and will purchase a C class of IP addresses. That is, instead of just broadcasting their spam from, say, 128.90.1.5 — they will broadcast it from 128.90.1.1 - 128.90.1.255. Each digit in an IP address can range from 0 - 255 (with some notable exceptions that I won't go into here). Needless to say, most spam filters only filter out one IP address at a time and it is time consuming (and not efficient) to filter out for an entire C class. (My home-made SPAM filter does! - nah, nah, nah, nah, nah!) But the problem is that there are so many combinations that spammers can just jump around from C class to C class. Lastly, there are HostDNS names that we can use to filter out spam via the many blacklist filters out there. Same problem, though. Spammers can jump to another C class where the HostDNS is not recognized by a blacklist server. So as a filterer of spam, no matter how many HostDNS's and IP addresses and Class C addresses that I filter out, I always get new spam eventually from a spammer who gets a new Class C that no one has ever heard of.
Falsely registering an e-mail address is even easier. The IP address is hard coded into an e-mail, so it is always correct. However, you, right now, could send an e-mail and make it look like it came from the President of the University of Chicago. I won't tell you how to do it, just trust me that anyone with an Internet connection and Outlook can do it. Most people will be too stupid to look at the Internet Headers (heck, most people don't even know what an Internet Header of an e-mail address looks like or where to find it.) to see that the e-mail did not originate from the University of Chicago. (Although a smart spammer could spoof even this.)
Most of the damage being caused is due to STUPID E-MAIL ADMINISTRATORS THAT LEAVE THEIR SMTP SERVERS EXPOSED. I'll try to keep this bullet item simple. (NOT) There are many ways that you can retrieve e-mail. You may have heard of the following protocols: HTTP, POP3, and IMAP. If you're checking your e-mail using the web or using hotmail you are using HTTP. If you are checking it via Pine then you are using IMAP. If you're downloading your e-mails to Outlook or Eudora you are most likely using POP3. Now, when you send mail out to people then 99.9% of the time you are using something called SMTP. Almost no one can escape it. Even if you're using something as sophisticated (and cumbersome, I might add) as an Exchange Server, then you STILL MUST USE SMTP TO SEND OUT MAIL. Now, this SMTP server must be EXPOSED TO THE INTERNET for it to send mail out to other users on the Internet. And if you don't PASSWORD PROTECT OR (BETTER!) SSL ENCRYPT this server — guess what? Any spammer with half a brain can SEND OFF of this SMTP server so any spam that he sends will look like IT WAS SENT FROM YOUR SERVER. There are so many unprotected SMTP servers out there that it makes Phooeyhoo's head hurt. It is this type of opprobrious conduct that makes Phooeyhoo want to rip these people's lungs out. Phooeyhoo gets countless numbers of spam each day because somebody from the I Want to Be Fucked up the Ass Foundation didn't bother to spend the 5 seconds necessary to password protect their SMTP server. OK, end of rant.
The battle rages on. How is Congress proposing to legislate this? Well, funny you asked. The big anti-spam bills (let's forget about the really stupid legislation from folks like Orin Hatch who think that they can send viruses to blow up the computers of spammers and file sharers. It ain't going to happen.) floating around suggest that we (1) tax e-mail, (2) outlaw using false e-mail headers, and (3) change the technology behind e-mail entirely. (Guess which one Microsoft is supporting and which one they're willing to help develop the technology for? Something tells me that if they help develop the technology, it ain't going to be public domain software.)
Let's examine the problems with these solutions.
(1) Tax e-mail? Congress is about to pass a bill to outlaw taxing Internet access for all of eternity. How are they going to pass a bill to tax e-mail? Seriously, if you can disabuse me of my opinion on this, please do so. Right now, I don't know how it's going to happen.
(2) Hello? Didn't I just say that it is horrendously easy to spoof an e-mail address? Furthermore, the spammer could be sending off an UNPROTECTED SMTP SERVER. Then the fine will probably just go to the stupid company with the unprotected server — not the spammer. Actually, come to think of it, this would be a good idea. Fine anyone with an unprotected SMTP server. I really like that idea!
(3) Here's the thing that I don't think people understand. We're still using protocols that were developed in the 1970s. (Yes, e-mail was around even then. It's just that only Cal-Tech and MIT folks were using it to speak in Partial Differential Equation Geek Speak.) These protocols are used because they take little computation time. Hence, they're fast and efficient. Every e-mail server uses them now. How many e-mail servers are there out there now? And you're going to try to change the entire system how? Most people are not going to like the extra charges of changing to a system that only 5% of administrators are going to initially adopt. This seems to me like a problem 10 times larger than the analog versus digital television debate.
If you somehow managed to read through all of that crap, then I have to congratulate you. I would have stopped after the first few paragraphs. Does Phooeyhoo have an answer to ameliorate the system? Hell, no. But, hopefully, the above has shown that this is a much thornier and trickier issue then anyone realizes. If anyone has solutions, Phooeyhoo would like to hear them. Perhaps others more versed in the laws and legislation of our country can better to speak to this. Tomorrow, we'll go back to our regularly scheduled programming of masturbation jokes.
Posted by phooeyhoo at
10:56 PM
|
Comments (2)
| Technobabble
Pontificating on the Web
Phooeyhoo's friends Flog and Blog have been pontificating about the merits (or lack thereof) of a lawsuite against the publisher of Grand Theft Auto.
Flog says enough interesting things about the case that Phooeyhoo doesn't have to sound like an idiot expounding on laws that he has no ideas about.
Phooeyhoo will only say that the 80s mock-music in Grand Theft Auto 3 was amazingly accurate and reminisce about the old days when web logs were content merely to bloviate over such matters.
Posted by phooeyhoo at
10:16 PM
|
Comments (0)
| Observations
Mr. Phooeyhoo Goes to Washington
Just got into our lovely nation's capital. It's cold and raining and for a brief second I thought I had hopped the wrong flight to Portland.
Funding must be severely limited at airports now because they don't have the guys with the rags on a stick swabbing down your baggage anymore. Thankfully, my shoes were considered enough of a terrorist hazard for me to be pulled behind — a rope! That'll keep me from harassing anyone. There I stood for ten minutes until somebody remembered me, gave me the once through with the magic wand, and sent me on my way. I was not the only one deemed a hazard, though. My fellow detainees included a lady who had been around since the age of Napolean, a sinewy chap with a beret and a cheerleader.
Upon getting to the gate I was told that the flight was overbooked. Turns out a Canadian orchestra was on this flight and cellos need their own seats. I must have thought about it for too long because before I realized that a free roundtrip ticket was worth being a few hours late to the conference registration, old Jewish lady and extremely tall guy had beaten me to the punch. Oh, well.
My one hour 40 minute flight would not be spent in total boredom because I got to spend most of it talking to Old Woman Who Works for the Judiciary, although she couldn't tell me exactly what she did. Despite learning nothing about what she did, she did divulge me with her itinerary for the next month.
Haven't seen much of DC but should probably take in a few museums before the dreary conference dinner tonight. Maybe this time they'll spring for the lobster stuffed with taco.
Posted by phooeyhoo at
2:24 PM
|
Comments (3)
| News?
