Announcement: a commercial spam filtering service

Announcement: a commercial spam filtering service

Post by T. William Wel » Thu, 09 Oct 1997 04:00:00



What I have, right now, is this: you pay $10.00/month for an
e-mail address in the domain junkproof.com. Mail to that address
is filtered via my spam filter and forwarded to your real address.
Filtered mail is tagged with a special header. Spam is not forwarded.

I'll be offering other services (some of which I'll discuss toward
the end of this post) as time goes on but for now, that's it.
These are some situations where I think the service I have right
now will prove useful:

o You want to post on the Usenet or put an address in a Web page
  but you don't want to be flooded with spam. Use an address

o You've got an address that you post with already or which is
  otherwise infested with spam and you want mail to it filtered.
  If you either have a mail filter program like procmail or you
  have another address to receive your mail at, you can use my
  service for this purpose.

o You're a not-too-large ISP who wants to keep your users from
  sending spam. By using my system as your mail relay, your users
  won't be able to spam. Send me e-mail to discuss this....

Is there a downside? Of course. To explain the downside, and
because I expect people will want to know, I'll explain how my
spam filter works.

The first part is a conventional pattern-based spam filter. If
you're doing spam filtering with procmail then you've got
something like this already though I doubt you have anything like
my (currently) ~1400 rules. :-)

Assuming a message gets past my pattern filter, it gets delayed
for a certain amount of time -- that's the downside -- before it
gets released for delivery. The amount of time it is put on hold
depends on a number of factors but typically ranges from five
minutes to half an hour. The system is smart; it learns about
"good" senders and cuts down on the delay time as it figures out
that particular senders aren't spammers.

Before the message gets released for delivery, the mail system
checks all the other messages it has received recently to see if
there are others "like" this one. If it finds too many that are
like it, the message stays on hold until I take a look at it.
Otherwise it is sent off to your real address. Each message that
is delivered gets a header put in, to indicate that it got sent
through the service. Every address has its own code put in the
header, so that the spammers can't just stick on their own header
and pretend it came from my service.

I suppose you're wondering how good it is? Some spam does get
through. About .2% of it. This sort of filter isn't any good at
catching slow spams (until I'm notified of them, anyway) or spams
that only occasionally hit any of my addresses. On the other hand,
this sort of filter gets better with increasing numbers of users.
And I've got ideas for improvement just waiting for implementation.

I'm announcing this now, which is the earliest moment that the
service is stable and functional. That's v1.0 software, folks. :-)
It works; it's filtering for some 16,000 addresses as I speak and,
as I said, the filter itself has been running long enough to get
meaningful statistics. However, if you go to the Web page,
http://www.junkproof.com/, you'll find that there's still a lot
under construction.

There you'll find the Terms of Service and an on-line registration
form, along with a lot of other stuff. Yes, you can "try before
you buy" -- the first month is free unless you get more than 100
megabytes of mail (after filtering :-) or egregiously violate the
Terms of Service (like trying to use one of my addresses for a
spam dropbox. Heh.)

This mail filtering service has a number of drawbacks. One is the
intentional delay. That's great for catching spam; less so for
prompt communication. One of the features I want to be adding
fairly soon is "filter it but send it right away". Even better
would be "filter it and if it's from people on my special list,
send it right away; otherwise, you can delay it".

Another drawback of the present service is that many people don't
want the spam to go away -- they just want it clearly marked so
they can deal with it in their own way. I'll eventually have an
option for dealing with that.

A final drawback that I'll be dealing with soon is that, as no
filter catches all spam, sometimes it'll catch non-spam. I'll be
offering an option to send a daily or weekly log of spam filtered,
and an option to request sending of a message that got filtered
out.

All of this is well and good for people who are willing to get a
new address or who have the fortune to be able to do conditional
filtering. It isn't useful for folks who are stuck with POP access
and no filtering.

At some point, I plan to offer POP accounts, so people can take
direct advantage of the service without worrying about
interactions with their ISP's mailers.

A suggestion I got was a "proxy POP" account -- basically, a POP
server here that will fetch mail from another POP server, filter
it, and then make it available for POP access here.

I can't do either of the above with my current bandwidth; it would
just be much too slow. (Yeah, I'm on a dialup for the moment. I'd
love to be on the end of a T1 but I need some income first. :-)

I have, however, thought of a way for the service to work for a
POP box, without requiring good interactive response time. The
idea is a POP client that fetches the mail from a POP mailbox and
runs it through the filter, and then returns it via e-mail to the
POP box. (Or other variations, like just deleting spam messages,
or only remailing spam messages.) There are some nice things about
this, like no delays on receiving e-mail. However, it won't work
well (or at all, in some cases) without a cooperative POP server.
And while the POP box is being filtered, the user can't access it.
So, it would require some sort of scheduling so as to minimize
contention....

Anyhow, I'm looking for input on this, especially of the form "I'd
use your service except that you do/don't...."; that'll let me
know what things to implement and in which order.

 
 
 

Announcement: a commercial spam filtering service

Post by David Cathe » Thu, 09 Oct 1997 04:00:00



> o You're a not-too-large ISP who wants to keep your users from
>   sending spam. By using my system as your mail relay, your users
>   won't be able to spam. Send me e-mail to discuss this....
>...
> I can't do either of the above with my current bandwidth; it would
> just be much too slow. (Yeah, I'm on a dialup for the moment. I'd
> love to be on the end of a T1 but I need some income first. :-)

        Well, T. - being on the end of a dialup is probably your
biggest downside.  You start getting a little traffic, and you
won't have to pro-actively delay messages, they'll delay all on
their own.  I'm sure you mean well, but I don't think any ISP
is going to take their T-1-based service and run all their mail
through your dial-up connection.  I understand the cost issues
of a T-1, but can your dialup honestly take the bandwidth and
have the up-time expected of a commercial service?

        WhiteICE is currently on the end of a T-1, POP3 servers
are ready to go, and uses something more heuristic to determine
spam so that 14,000 filtering rules aren't needed (actually, just
a handful get most everything, the rest is just insurance!).
The filtering is handled real-time and delivery (or not) is immediate.
The servers are Digital Alpha systems running OpenVMS V6.2, and
have a DoD C2 (RAMP) certification.  Currently, there are
around 1,000 messages daily filtered, with the trapped spam proudly
on display at http://www.whiteice.com/htbin/whiteice_sample

        And the cost is currently $10/year - nothing I'll get rich over,
but that isn't the point for me - defeating spam is.

        I do have a good idea for you - have you considered co-hosting
your server?  Many ISP's will allow you to place your server in
their computer room.  This gives you the advantage of T-1 (or better)
connectivity, better reliability (no phone drops or power failures),
and would greatly enhance the value of your service.  And this
would cost a fraction of the cost of a T-1 (around here, probably
in the $150-$250/month range).  You can manage the system remotely
via telnet/etc via your local dial-up ISP.

        Good luck!

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Montagar Software Concepts           |Fone: (972)-578-5036
P. O. Box 260772, Plano, TX 75026    |http://www.montagar.com
Junk E-Mail filtered by WhiteICE     |http://www.whiteice.com

 
 
 

Announcement: a commercial spam filtering service

Post by cg_ » Fri, 10 Oct 1997 04:00:00


I think your on the right trac but your prices need to be
reconsidered,I think $5 a month for your currect servive would be
tempting..$10,not even a consideration. Good luck tho.

cg



>What I have, right now, is this: you pay $10.00/month for an
>e-mail address in the domain junkproof.com. Mail to that address
>is filtered via my spam filter and forwarded to your real address.
>Filtered mail is tagged with a special header. Spam is not forwarded.

>I'll be offering other services (some of which I'll discuss toward
>the end of this post) as time goes on but for now, that's it.
>These are some situations where I think the service I have right
>now will prove useful:

>o You want to post on the Usenet or put an address in a Web page
>  but you don't want to be flooded with spam. Use an address

>o You've got an address that you post with already or which is
>  otherwise infested with spam and you want mail to it filtered.
>  If you either have a mail filter program like procmail or you
>  have another address to receive your mail at, you can use my
>  service for this purpose.

>o You're a not-too-large ISP who wants to keep your users from
>  sending spam. By using my system as your mail relay, your users
>  won't be able to spam. Send me e-mail to discuss this....

>Is there a downside? Of course. To explain the downside, and
>because I expect people will want to know, I'll explain how my
>spam filter works.

>The first part is a conventional pattern-based spam filter. If
>you're doing spam filtering with procmail then you've got
>something like this already though I doubt you have anything like
>my (currently) ~1400 rules. :-)

>Assuming a message gets past my pattern filter, it gets delayed
>for a certain amount of time -- that's the downside -- before it
>gets released for delivery. The amount of time it is put on hold
>depends on a number of factors but typically ranges from five
>minutes to half an hour. The system is smart; it learns about
>"good" senders and cuts down on the delay time as it figures out
>that particular senders aren't spammers.

>Before the message gets released for delivery, the mail system
>checks all the other messages it has received recently to see if
>there are others "like" this one. If it finds too many that are
>like it, the message stays on hold until I take a look at it.
>Otherwise it is sent off to your real address. Each message that
>is delivered gets a header put in, to indicate that it got sent
>through the service. Every address has its own code put in the
>header, so that the spammers can't just stick on their own header
>and pretend it came from my service.

>I suppose you're wondering how good it is? Some spam does get
>through. About .2% of it. This sort of filter isn't any good at
>catching slow spams (until I'm notified of them, anyway) or spams
>that only occasionally hit any of my addresses. On the other hand,
>this sort of filter gets better with increasing numbers of users.
>And I've got ideas for improvement just waiting for implementation.

>I'm announcing this now, which is the earliest moment that the
>service is stable and functional. That's v1.0 software, folks. :-)
>It works; it's filtering for some 16,000 addresses as I speak and,
>as I said, the filter itself has been running long enough to get
>meaningful statistics. However, if you go to the Web page,
>http://www.junkproof.com/, you'll find that there's still a lot
>under construction.

>There you'll find the Terms of Service and an on-line registration
>form, along with a lot of other stuff. Yes, you can "try before
>you buy" -- the first month is free unless you get more than 100
>megabytes of mail (after filtering :-) or egregiously violate the
>Terms of Service (like trying to use one of my addresses for a
>spam dropbox. Heh.)

>This mail filtering service has a number of drawbacks. One is the
>intentional delay. That's great for catching spam; less so for
>prompt communication. One of the features I want to be adding
>fairly soon is "filter it but send it right away". Even better
>would be "filter it and if it's from people on my special list,
>send it right away; otherwise, you can delay it".

>Another drawback of the present service is that many people don't
>want the spam to go away -- they just want it clearly marked so
>they can deal with it in their own way. I'll eventually have an
>option for dealing with that.

>A final drawback that I'll be dealing with soon is that, as no
>filter catches all spam, sometimes it'll catch non-spam. I'll be
>offering an option to send a daily or weekly log of spam filtered,
>and an option to request sending of a message that got filtered
>out.

>All of this is well and good for people who are willing to get a
>new address or who have the fortune to be able to do conditional
>filtering. It isn't useful for folks who are stuck with POP access
>and no filtering.

>At some point, I plan to offer POP accounts, so people can take
>direct advantage of the service without worrying about
>interactions with their ISP's mailers.

>A suggestion I got was a "proxy POP" account -- basically, a POP
>server here that will fetch mail from another POP server, filter
>it, and then make it available for POP access here.

>I can't do either of the above with my current bandwidth; it would
>just be much too slow. (Yeah, I'm on a dialup for the moment. I'd
>love to be on the end of a T1 but I need some income first. :-)

>I have, however, thought of a way for the service to work for a
>POP box, without requiring good interactive response time. The
>idea is a POP client that fetches the mail from a POP mailbox and
>runs it through the filter, and then returns it via e-mail to the
>POP box. (Or other variations, like just deleting spam messages,
>or only remailing spam messages.) There are some nice things about
>this, like no delays on receiving e-mail. However, it won't work
>well (or at all, in some cases) without a cooperative POP server.
>And while the POP box is being filtered, the user can't access it.
>So, it would require some sort of scheduling so as to minimize
>contention....

>Anyhow, I'm looking for input on this, especially of the form "I'd
>use your service except that you do/don't...."; that'll let me
>know what things to implement and in which order.

 
 
 

Announcement: a commercial spam filtering service

Post by T. William Wel » Sun, 12 Oct 1997 04:00:00




: > o You're a not-too-large ISP who wants to keep your users from
: >   sending spam. By using my system as your mail relay, your users
: >   won't be able to spam. Send me e-mail to discuss this....
: >...
: > I can't do either of the above with my current bandwidth; it would
: > just be much too slow. (Yeah, I'm on a dialup for the moment. I'd
: > love to be on the end of a T1 but I need some income first. :-)
:
:       Well, T. - being on the end of a dialup is probably your
: biggest downside.  You start getting a little traffic, and you
: won't have to pro-actively delay messages, they'll delay all on
: their own.

I've run the numbers. Most people only get a small amount of mail,
certainly less than 100K/day. Assuming, for pessimism's sake, that
it all gets delivered between 9-12pm, and assuming that enough of
it is binary that my transfer rate is halved, we're still talking
15M of bandwidth but .1M/customer., or 150 customers. In reality,
I think I can handle up to 700 customers before my line starts
seeing saturation effects; long before I get that many customers,
I'll plonk down the cash for a T1 or will have co-located.

:             I'm sure you mean well, but I don't think any ISP
: is going to take their T-1-based service and run all their mail
: through your dial-up connection.  I understand the cost issues
: of a T-1, but can your dialup honestly take the bandwidth and
: have the up-time expected of a commercial service?

Yes. Perhaps you aren't aware of this but 1) I ran an ISP for a
couple of years and 2) I've been running an anonymous message
service for the support and recovery groups for the last 5+ years.
I do have a clue as to what I'm getting into. :-)

I'll grant you that it would be impracticable for an ISP of any
significant size to run their users through this service. That's
why I said "not too large". But a lot of ISPs have but a POP or
two and that's who I'm targeting *now*, as far as ISPs are
concerned.

The economics are pretty simple. To run a T1, I need about
$2,000/month, give or take. Never mind any of my other costs (like
my income :-), that means at least 200 paying customers. Thus my
current plan is to get a bunch of people to buy mail accounts,
then use that income to finance a T1. At that time, I'll be able
to provide POP accounts and other services, as well as provide
services to ISPs larger than your Mom and POP ISP.

:       WhiteICE is currently on the end of a T-1, POP3 servers
: are ready to go, and uses something more heuristic to determine
: spam so that 14,000 filtering rules aren't needed (actually, just
: a handful get most everything, the rest is just insurance!).

For outgoing mail, you don't need much in the way of rules; you
just catch anyone sending more mail than X and zap them. For
incoming, well, first off it's like 1,500 (was 1,400 the other day
:-), and, second off, those heuristics only do you, what, two
thirds of it? Probably less, judging by the *I filter. Once I
have some spare time, I'll probably stick my filter stats on my
Web page....

Anyway, one negative effect of the demise of IEMMC is that spam
will become less easily filterable -- most of those twits using
IEMMC headers will just go elsewhere but not put in recognizable
headers.

The upshot is that adjusting the filters is a continuous process
and it'll get harder as time goes on. One of the reasons I'm
offering this service is that I can do this full-time; whereas
someone running an ISP will (as experience tells me, heh) always
seem to have more important things to do than* with mail
headers.

In any case, you and I evidently have different goals. Yours seems
to be to cut down spam significantly. Mine is to eliminate as much
as is humanly possible. It is my intention that people who use my
service won't just find that spam is reduced, I want them to be
*surprised* if they get spam.

: The filtering is handled real-time and delivery (or not) is immediate.
: The servers are Digital Alpha systems running OpenVMS V6.2, and
: have a DoD C2 (RAMP) certification.  Currently, there are
: around 1,000 messages daily filtered, with the trapped spam proudly
: on display at http://www.veryComputer.com/

First off, let's be real -- above a certain level of reliability,
you're just bragging. :-) Sure, that's a nice system, but --

10:52AM  up 61 days, 21:01, 12 users, load averages: 0.31, 0.34, 0.23

which is plenty good enough. BTW, I'm assuming you're counting
incoming messages....when *promo was at its peak, I was
filtering some 1,500 messages a day. Now I'm around half that.
There is no appreciable load on my system..... It's a PC, so I can
get replacement parts just by crossing the street and waving a
credit card. :-)

:       And the cost is currently $10/year - nothing I'll get rich over,
: but that isn't the point for me - defeating spam is.

Not planning to get rich either. However, I'd like to make this at
least pay for itself.

:       I do have a good idea for you - have you considered co-hosting
: your server?

Yes I have. It's be a pain because I run the anonymous message
server through the filter. I have to do that; othewise, there'd be
over 20 spam messages for each legitimate message delivered!

: This gives you the advantage of T-1 (or better)
: connectivity, better reliability (no phone drops or power failures),

I don't get phone drops. And I have a UPS -- my power is more
reliable than my ISP's, sigh! -- so I really do manage commercial
quality uptime. Anyway, co-location is certainly an option, once I
figure the best way to make it all work with the central server
elsewhere than the anonymous server.

--
** Tired of getting spam? Check out http://www.veryComputer.com/

 
 
 

Announcement: a commercial spam filtering service

Post by T. William Wel » Tue, 14 Oct 1997 04:00:00



: Given the high level of (often justified)
: paranoia in this newsgroup, I'm sure a lot of people will assume by reflex
: that it's some kind of fake.

Nope. It's me. See you at OVFF.....

: Unless it actually isn't from Bill (and the
: headers look right to me), then it's an honest offer. Whether it's a good
: one, of course, is for each person to decide.

Yup. THe nice thing about services like mine is that you get to
decide if you want it. Unlike spam....

--
** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

 
 
 

Announcement: a commercial spam filtering service

Post by Joshua E. Rod » Wed, 15 Oct 1997 04:00:00


You really think that we are going to *pay* for *you* to filter spam?
How do we know you don't have some seedy relationship with Rines? It's
nothing personal. It's just that whenever someone tries to make money
from spam, there is usually a rat. I'm not saying you are a rat; it's
just the way it has been before.




> : Given the high level of (often justified)
> : paranoia in this newsgroup, I'm sure a lot of people will assume by reflex
> : that it's some kind of fake.

> Nope. It's me. See you at OVFF.....

> : Unless it actually isn't from Bill (and the
> : headers look right to me), then it's an honest offer. Whether it's a good
> : one, of course, is for each person to decide.

> Yup. THe nice thing about services like mine is that you get to
> decide if you want it. Unlike spam....

> --
> ** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

--

I've un-IDP'ed myself. I repent for SYNning. Get lndrmat 2.0:
 http://www.geocities.com/Heartland/Prairie/2646/lndrmat.html

 
 
 

Announcement: a commercial spam filtering service

Post by T. William Wel » Wed, 15 Oct 1997 04:00:00



: You really think that we are going to *pay* for *you* to filter spam?
: How do we know you don't have some seedy relationship with Rines? It's
: nothing personal. It's just that whenever someone tries to make money
: from spam, there is usually a rat. I'm not saying you are a rat; it's
: just the way it has been before.

If you're really concerned, you might go over to the support
newsgroups and check out all those anonymous postings. The ones
from anon.twwells.com, which is the anonymous service I run. I've
been running that service for over five years and I've been a
regular on the net for longer than that. I'm also known, at least
to some, as a vehement, if not vicious :-), anti-spammer....

Anyhow, that service is *why* I'm doing this commercial thing.
See, I have *always* forbidden spam through the anonymous service
and that has meant filtering it out. I've been spending about a
half hour each and every day for the last few years despamming the
thing. It got so bad that I had to go to some really sophisticated
filters. Once I had 'em I decided it was worth trying to sell the
service.

That's really all there is to it.

--
** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

 
 
 

Announcement: a commercial spam filtering service

Post by Joshua E. Rod » Wed, 15 Oct 1997 04:00:00


Can you please *explain* to me the connection between Josh and myself? I
looked on Deja News and simple do not see the connection between the
self-righteous leet4ever nut and myself. I'm not saying I'm perfect, but
I am definitely not him.

And, by the way, sorry for the MIME attachment. I hope you read the
message that went with it.

Nobody flame cookda, please.




> >You really think that we are going to *pay* for *you* to filter spam?
> >How do we know you don't have some seedy relationship with Rines? It's
> >nothing personal. It's just that whenever someone tries to make money
> >from spam, there is usually a rat. I'm not saying you are a rat; it's
> >just the way it has been before.

> And while we're on the subject of seedy relationships, no things
> personal, and rats, I'm *still* musing over the Amazing Coincidence
> between Josh and Josh, and how Josh suddenly started posting when Josh
> stopped, and how he never seems to acknowledge my pointing out this
> Amazing Coincidence. I'm not saying you are a rat; it's just the way
> it has been before.




> >> : Given the high level of (often justified)
> >> : paranoia in this newsgroup, I'm sure a lot of people will assume by reflex
> >> : that it's some kind of fake.

> >> Nope. It's me. See you at OVFF.....

> >> : Unless it actually isn't from Bill (and the
> >> : headers look right to me), then it's an honest offer. Whether it's a good
> >> : one, of course, is for each person to decide.

> >> Yup. THe nice thing about services like mine is that you get to
> >> decide if you want it. Unlike spam....

> >> --
> >> ** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

> --
>   (Sorry, no email replies wanted. Too damned much abuse already. Devnull
>   is indeed /dev/null. Reply to newsgroup, or digest your own bile.)

--

I've un-IDP'ed myself. I repent for SYNning. Get lndrmat 2.0:
 http://www.geocities.com/Heartland/Prairie/2646/lndrmat.html

 
 
 

Announcement: a commercial spam filtering service

Post by Joshua E. Rod » Wed, 15 Oct 1997 04:00:00


I didn't say you were a rat! It's just the idea of a commercial spam
filtering service really goes against the grain.

We have to pay so we don't receive messages we don't want to receive
because we would have to pay to receive them.

It doesn't add up.



> >You really think that we are going to *pay* for *you* to filter spam?
> >How do we know you don't have some seedy relationship with Rines? It's
> >nothing personal. It's just that whenever someone tries to make money
> >from spam, there is usually a rat. I'm not saying you are a rat; it's
> >just the way it has been before.

> Here we have one of the sleaziest tricks in the book: asking "how do we
> know" some vague and arbitrary accusation isn't true. The real sign of a
> rat is the use of this technique.

> --

>    http://www.ultranet.com/~gmcgath

--

I've un-IDP'ed myself. I repent for SYNning. Get lndrmat 2.0:
 http://www.geocities.com/Heartland/Prairie/2646/lndrmat.html

 
 
 

Announcement: a commercial spam filtering service

Post by Ron Schwarz - see sig to rep » Wed, 15 Oct 1997 04:00:00




Quote:>You really think that we are going to *pay* for *you* to filter spam?
>How do we know you don't have some seedy relationship with Rines? It's
>nothing personal. It's just that whenever someone tries to make money
>from spam, there is usually a rat. I'm not saying you are a rat; it's
>just the way it has been before.

And while we're on the subject of seedy relationships, no things
personal, and rats, I'm *still* musing over the Amazing Coincidence
between Josh and Josh, and how Josh suddenly started posting when Josh
stopped, and how he never seems to acknowledge my pointing out this
Amazing Coincidence. I'm not saying you are a rat; it's just the way
it has been before.




>> : Given the high level of (often justified)
>> : paranoia in this newsgroup, I'm sure a lot of people will assume by reflex
>> : that it's some kind of fake.

>> Nope. It's me. See you at OVFF.....

>> : Unless it actually isn't from Bill (and the
>> : headers look right to me), then it's an honest offer. Whether it's a good
>> : one, of course, is for each person to decide.

>> Yup. THe nice thing about services like mine is that you get to
>> decide if you want it. Unlike spam....

>> --
>> ** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

--
  (Sorry, no email replies wanted. Too damned much abuse already. Devnull
  is indeed /dev/null. Reply to newsgroup, or digest your own bile.)
 
 
 

Announcement: a commercial spam filtering service

Post by Barry Margoli » Thu, 16 Oct 1997 04:00:00



Quote:>We have to pay so we don't receive messages we don't want to receive
>because we would have to pay to receive them.

I don't pay to receive email (for almost all of the 17 years I've been on
the net I've received my email either through school or work).  But I might
use such a service because it's easier to pay someone else to maintain a
complete spam database than to try to do it myself or wear out my D key.

It certainly would be great if the spam weren't sent in the first place.
But realistically, it's not going away any time soon.

There certainly have been some disreputable people marketing spam blocking
services.  A few months ago someone was repeatedly posting a message
extolling the virtues of a service he was using, which supposedly
maintained an opt-out list that all the spammers consulted.  It was quickly
determined that the poster wasn't a happy customer of this service, but the
operator of it.  And the claim that all the spammers checked his list
seemed quite unbelievable (the members of the IEMMC don't even seem to
consult the www.iemmc.org list, so why would we believe him when he said
that his service worked?).

But to assume that all spam-blocking services are in cahoots with the
spammers is akin to assuming that alarm companies are really all
"protection rackets".

--

GTE Internetworking, Powered by BBN, Cambridge, MA
Support the anti-spam movement; see <http://www.cauce.org/>
Please don't send technical questions directly to me, post them to newsgroups.

 
 
 

Announcement: a commercial spam filtering service

Post by T. William Wel » Thu, 16 Oct 1997 04:00:00



: We have to pay so we don't receive messages we don't want to receive
: because we would have to pay to receive them.

Shrug. You could make the same argument about police. Doesn't make
them any less important. I could wish that and, for that matter, I
expect that my service will sooner or later become obsolete. In
the mean time, here it is....

--
** Tired of getting spam? Check out http://www.junkproof.com/ for an answer.

 
 
 

Announcement: a commercial spam filtering service

Post by T. William Wel » Thu, 16 Oct 1997 04:00:00




:       The only other problem is the other economics: $10/month
: is a little steep for a POP account, considering that several
: other services offer FREE email addresses.

More or less free. You get those adverti*ts, though I hear
they can be got rid of if you know the right knob to twiddle.

:       Even at $10/year, it's not like I've had people falling
: out of trees to sign up.

Ditto so far. Many people have looked, few have bought. Still,
I've only been up for a few days....

:       No, actually the heuristics are pretty good - better than
: 90% of the spam that's destined here.  130 rules.  I get a lot of
: "* webmaster" crap, too, and that's been vitually eliminated.
: Look at the messages you get a little more - what makes them say
: "SPAM!" to you - that's what I used to design the heuristics.

In my case, what happens is that they get labelled as "spam"
because there are a lot of messages. *not* because they've got
some particular content. Then, mostly, I add rules based on the
mail headers, typically sender addresses. Occasionally, I'll add
some message text if I think it'll truly be a spam-mark. So far,
the *only* non-spam my system has caught are messages with
deliberately altered headers.... (Don't make your message be to

: >Anyway, one negative effect of the demise of IEMMC is that spam
: >will become less easily filterable -- most of those twits using
: >IEMMC headers will just go elsewhere but not put in recognizable
: >headers.
:
:       Nah, they will just put in other recognizable headers.

But a *lot* of them. And, be very sure, the day will come when
there won't be *any* recognizable header content. I've already
seen the spammers come very close.

: >In any case, you and I evidently have different goals. Yours seems
: >to be to cut down spam significantly. Mine is to eliminate as much
: >as is humanly possible. It is my intention that people who use my
: >service won't just find that spam is reduced, I want them to be
: >*surprised* if they get spam.
:
:       The goals are the same - except that I don't want to do this
: full time, just have the software do it full time.

If your goal is the same as mine -- making spam so rare as to be a
surprise -- you won't be able to do it the way you're doing it.

Your system and mine differ in two distinct respects.

     1) You use powerful rules and I use weak rules. By
        "powerful", I mean that each rule catches a lot of spam;
        in my case, my rules tend to only catch a little bit of
        spam per rule.

     2) You add rules reactively and only filter once rules are in
        place. I add rules in response to actual spam events and
        before the detected spam is delivered.

Powerful rules are great. You add one, catch a lot of spam. So you
don't have to spend forever adding rules. The gotcha is that
powerful rules have a noticable false-positive rules. Weak rules,
like mine, can have a near-zero false-positive rate but someone or
something has to make up the rules.

The thing is, with powerful rules, squeezing out that last few
percent is an exponentially difficult process. That is, past a
certain point (probably right around your 90%), each additional
increment of removed spam costs exponentially more in terms of the
number of rules -- each of which then introduces false positives.
So, the number of false-positives goes up exponentially as you
linearly try to approach the zero-spam mark.

With weak rules, you don't have this problem; you design your
rules to be utterly specific and you don't have an exponential
problem. Instead, you have a problem of how to craft those rules
quickly enough that you'll actually catch the spam.

Which leads to 2). While you can occasionally pro-actively add
rules, by and large, you have to add your rules after the spam has
hit you. So, a significant amount of spammage is going to get
through your system simply because of the delay. Between these two
factors (false-positives and rule-creation delay), I don't think
you'll ever get much better than 90%. That's good but it's nowhere
near the level needed to make spam a rare event in a person's
mailbox.

The use of statistics circumvents this problem. In essence, my
system detects *bulk* e-mail and refuses to pass it along without
my approval (which is generally in the form of updating a control
file that describes who the legitimate bulk mailers are). Thus I
can pro-actively remove spam, which is to say, I don't have to let
any spam through in order to detect it.

That *also* means that I can use weaker rules. Since I know that
the vast majority of new spammage is going to get held for my
attention, I don't have to make powerful rules in the hopes of
stopping a lot of spam all at once; I don't have to go to great
lengths try to catch any spam I haven't already seen. It's also
very easy to craft these weaker rules -- I don't need to do much
guesswork or research. The vast majority of the rules are no more
than "if sender is xxx, it's spam", and it takes me but a few
seconds to create one.

I have another weapon in my arsenal. I have many, many spam-trap
addresses. This wasn't intentional, believe me. :-) What happens
is that people making the spam lists are very sloppy and they've
included many addresses that are invalid for my anonymous server.
My filter system knows about each of these spam-trap addresses
(and many more, besides) and "holds" any message that hits one of
them. As with the bulk mail detector, I still have to manually
check them, just in case someone misaddressed the mail, but by and
large mail to those addresses is spam.

Now, holding messages that wouldn't be delivered anyway would be
rather pointless, except that if I get a message sent to one of
these addresses, any message that "looks" like that message is
*also* put on hold (it's the same code as the bulk detector,
except that mail to those addresses is treated as if it had a lot
of bulk. :-)

So between bulk detection and spam-trap addresses, I can pretty
much rely on my system to detect virtually all spammage. it *is*
true that the bulk detector has a fairly high "false positive"
rate. The thing is, in my system, false positives are essentially
innocuous. They don't result in mail not being delivered, only
delayed. Furthermore, I still get less false positives than an
equivalently effective system based on powerful patterns because
I'm testing for a weaker condition (weaker, in the sense of
requiring less information to make a judgement).

Thus the use of statistics and delays means that I can more
closely approach perfection than any pattern matching system, for
a given amount of effort. I don't actually spend a whole lot of
time on creating rules -- all told, it's less than half an hour
each day, stuck into the spare moments of my day. (I spent more
time writing this message than I do creating rules. :-)

:       As I said, even at $10/year I don't have people beating down
: the door.

I think it's a matter of advertising. There is very high
correlation between mentions of my service and hits on the Web
site. One thing I can do, as I'm viewing this as a business, is to
spend time and effort getting the service in front of potential
buyers....

:       I guess I don't understand why they would have to be
: seperated.  You appearently have better phone service than I've
: seen in these parts.  I know people that have a hard time getting
: a 19,200 connection to stay stable.

Well, one thing is this: I don't want the anonymous server's
database to be on a machine that others have physical access to.
Sure, my ISP *could* be sniffing my packets but it's not very
likely. But if my machine is sitting there unattended, it's all
too easy for someone to mess with it. Also, even if I didn't care
about that, it would be a pain to move -- I'd have to move all the
support software, like the news server.

Anyhow, I get 28.8 with no problem. I do get the occasional line
drop but we're talking rates on the order of once a month --
backbone routing outages are more common -- and my system just
redials and I'm back within a minute. No, really, the only reason
to connect other than dialup or to co-locate is for the bandwidth.

--
** Tired of getting spam? Check out http://www.veryComputer.com/

 
 
 

Announcement: a commercial spam filtering service

Post by David Cathe » Thu, 16 Oct 1997 04:00:00






>The economics are pretty simple. To run a T1, I need about
>$2,000/month, give or take. Never mind any of my other costs (like
>my income :-), that means at least 200 paying customers. Thus my
>current plan is to get a bunch of people to buy mail accounts,
>then use that income to finance a T1. At that time, I'll be able
>to provide POP accounts and other services, as well as provide
>services to ISPs larger than your Mom and POP ISP.

        The only other problem is the other economics: $10/month
is a little steep for a POP account, considering that several
other services offer FREE email addresses.

        Even at $10/year, it's not like I've had people falling
out of trees to sign up.

Quote:>:       WhiteICE is currently on the end of a T-1, POP3 servers
>: are ready to go, and uses something more heuristic to determine
>: spam so that 14,000 filtering rules aren't needed (actually, just
>: a handful get most everything, the rest is just insurance!).>

>For outgoing mail, you don't need much in the way of rules; you
>just catch anyone sending more mail than X and zap them. For
>incoming, well, first off it's like 1,500 (was 1,400 the other day
>:-), and, second off, those heuristics only do you, what, two
>thirds of it? Probably less, judging by the *I filter. Once I
>have some spare time, I'll probably stick my filter stats on my
>Web page....

        No, actually the heuristics are pretty good - better than
90% of the spam that's destined here.  130 rules.  I get a lot of
"* webmaster" crap, too, and that's been vitually eliminated.
Look at the messages you get a little more - what makes them say
"SPAM!" to you - that's what I used to design the heuristics.

Quote:>Anyway, one negative effect of the demise of IEMMC is that spam
>will become less easily filterable -- most of those twits using
>IEMMC headers will just go elsewhere but not put in recognizable
>headers.

        Nah, they will just put in other recognizable headers.

Quote:>The upshot is that adjusting the filters is a continuous process
>and it'll get harder as time goes on. One of the reasons I'm
>offering this service is that I can do this full-time; whereas
>someone running an ISP will (as experience tells me, heh) always
>seem to have more important things to do than* with mail
>headers.

        Actually, I deal with this very little, and that mainly
due to the design of the filter.  It doesn't depend upon individual
rules, but can rank messages based upon the outcome of multiple rules.

Quote:>In any case, you and I evidently have different goals. Yours seems
>to be to cut down spam significantly. Mine is to eliminate as much
>as is humanly possible. It is my intention that people who use my
>service won't just find that spam is reduced, I want them to be
>*surprised* if they get spam.

        The goals are the same - except that I don't want to do this
full time, just have the software do it full time.  I check the
logs daily to see what's been denied (and alter the rule-base to allow
the message if it's a false positive), but other than that I don't
think I should have to do this full-time.

Quote:>First off, let's be real -- above a certain level of reliability,
>you're just bragging. :-) Sure, that's a nice system, but --

        Indeed, it is a nice set of systems.  :-)

Quote:>:       And the cost is currently $10/year - nothing I'll get rich over,
>: but that isn't the point for me - defeating spam is.

>Not planning to get rich either. However, I'd like to make this at
>least pay for itself.

        As I said, even at $10/year I don't have people beating down
the door.  

Quote:>:       I do have a good idea for you - have you considered co-hosting
>: your server?

>Yes I have. It's be a pain because I run the anonymous message
>server through the filter. I have to do that; othewise, there'd be
>over 20 spam messages for each legitimate message delivered!

        And the anonymous message server couldn't be co-hosted in
the same box as your filter???

Quote:>: This gives you the advantage of T-1 (or better)
>: connectivity, better reliability (no phone drops or power failures),

>I don't get phone drops. And I have a UPS -- my power is more
>reliable than my ISP's, sigh! -- so I really do manage commercial
>quality uptime. Anyway, co-location is certainly an option, once I
>figure the best way to make it all work with the central server
>elsewhere than the anonymous server.

        I guess I don't understand why they would have to be
seperated.  You appearently have better phone service than I've
seen in these parts.  I know people that have a hard time getting
a 19,200 connection to stay stable.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Montagar Software Concepts           |Fone: (972)-578-5036
P. O. Box 260772, Plano, TX 75026    |http://www.veryComputer.com/
Junk E-Mail filtered by WhiteICE     |http://www.veryComputer.com/

 
 
 

Announcement: a commercial spam filtering service

Post by Stunt Po » Mon, 20 Oct 1997 04:00:00




>: You really think that we are going to *pay* for *you* to filter spam?
>: How do we know you don't have some seedy relationship with Rines? It's
>: nothing personal. It's just that whenever someone tries to make money
>: from spam, there is usually a rat. I'm not saying you are a rat; it's
>: just the way it has been before.

<snip>
>Anyhow, that service is *why* I'm doing this commercial thing.
>See, I have *always* forbidden spam through the anonymous service
>and that has meant filtering it out. I've been spending about a
>half hour each and every day for the last few years despamming the
>thing. It got so bad that I had to go to some really sophisticated
>filters. Once I had 'em I decided it was worth trying to sell the
>service.

I'm curious as to what exactly the "really sophisticated filters"
actually are. Procmail? Something else? Does your service guarantee
to nail all spam? (this would be very difficult)

How about false positives? I'm always wary of filters that discard flagged
messages.

As a member of a group that cranked out a spam filter of our own in perl
<http://antispam.shmooze.net/filter/> i'm interested in these issues.

regards, markjr

--
|||| mark jeftovic    (MJ177)   |||||  http://www.shmooze.net/~markjr     ||||
|||| p r i v a t e    w o r l d |||||  http://www.PrivateWorld.com        ||||
------------------------------------------------------------------------------
irc: L-bOMb drop by my office sometime: #bofh on NewNet. PGP Key on Web Page.

 
 
 

1. SPAM Filtering Services - Business, ISPs and Internet Users


When I telnet to your IMAP server I get this:

 > telnet imap.No-JunkMail.com 143
 Trying 66.93.61.117...
 Connected to imap.no-junkmail.com.
 Escape character is '^]'.
 * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=LOGIN] ns.ABS-CompTech.com IMAP4rev1 2001.315mdk at Fri, 25 Jul 2003 13:45:16 -0400 (EDT)
 a capability
 * CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN-REFERRALS AUTH=LOGIN
 a OK CAPABILITY completed

It seems that you do not support IMAP over SSL/TLS. Do you have
plans to add this?

Thank you,
Nancy
 maintainer of an IMAP Service Providers list

--
Nancy McGough            <http://www.ii.com>            Infinite Ink
Writing about procmail, imap, pine, spam-deflexion strategies & more

2. Java developer and game designer wanted for Multiplayer CRPG Project!

3. local mail delivery through virus/spam filter service

4. looking for

5. SPAM Filtering Services - Business, ISPs and Internet Users

6. tracking where web site visitors come from? - Thanks!

7. Anti SPAM E-Mail Service (Service that keeps your Mailbox clean)

8. Trend vs SAV vs Panda AV?

9. Find out when email you've sent gets read - a new service announcement!

10. Find out when email you've sent gets read - a new service announcement

11. Commercial vendors of mail service

12. For the FAQ: Checking commercial service mail

13. Pine and commercial services