Farelf Posted August 10, 2007 Posted August 10, 2007 Our findings suggest that the current scam infrastructure is particularly vulnerable to common blocking techniques such as blacklisting,†said Geoff Voelker, a computer science and engineering professor[at]the UCSD Jacobs School involved in the study. Computer Scientists Shed Light on Internet Scams
rconner Posted August 14, 2007 Posted August 14, 2007 Computer Scientists Shed Light on Internet Scams I found this a puzzling article, rather sloppily written. Don't know whether the same can be said for Voelker & Savage's original work, but let's hope not. For one thing, the folks at eurekalert seem to have developed the opposite of address munging: instead of disguising anything that looks like an e-mail address by turning "[at]" to "at", they actually change all instances of "at" to "[at]". Woe be unto anyone who decides to munge their e-mail in such articles. For another, the profs at UCSD are getting a mighty lot of credit for "inventing" things like spam traps (which I guess is what "spamscatter" means). Assuming that they mean DNSBL by "blacklisting" in the quote Farelf posted above, then I appreciate these learned men putting their stamp of approval on the use of this technique, which has actually been blocking carloads of spam for many thousands of users for many years. The "image shingling" stuff is interesting, but I don't understand how analyzing images on websies could lead you to conclude that 94% of spam pitches are hosted on a single server (whatever that means). Seems to me you could do much the same looking at HTTP headers with curl -i. Also, the article lumps together "scams" (phishing, "network marketing," etc.) with "spam" (drugs, porn, etc.), and even but I think that the network mechanisms behind the two would be somewhat different. I have downloaded Voelker's paper (PDF at http://www.cs.ucsd.edu/~voelker/pubs/spams...-security07.pdf and will try to give it a read as I have time. I note that he has another paper describing a spam-blocking protocol he calls "Occam" -- a quick scan of this paper indicates that the Occam protocol would allow a receiving server to ask the apparent sending domain if it really did send the message -- D'OH! (:head smack:) why didn't I think of that? (added in edit) Also strikes me that "Occam" might be an inapt name, since with DKIM and SPF one might contend that Yet Another Sender Domain Verification Protocol would be a "needless multiplication of entities." Just my early impression, though. -- rick
Wazoo Posted August 14, 2007 Posted August 14, 2007 Some other thoughts, comments seen at [scgeeks] Interesting Article on fighting spam
Recommended Posts
Archived
This topic is now archived and is closed to further replies.