Did tag spam kill Edgeio?
Interesting to note that Michael Arrington's post about the demise of Edgeio did not mention what role, if any, that tag spam played in its downfall. For that matter, tag spam didn't come up in the 100+ comments left by readers. But Om Malik, commenting back at the time of Edgeio's launch in February 2006, predicted trouble for Edgeio due to tag spam, and as far as I can tell, the idea of this type of service is still at risk due to tag spam. Does anyone have a handle on it?
Posted on December 7, 2007 at 11:29 AM in Spambusters | Permalink | Comments (0) | TrackBack
Berlind: Use IMAP and x-notify to improve spam management
David Berlind moves the anti-spam discussion ball down the field for a first down! Seriously, this is important stuff for every ISP, Web site operator and mass emailer. And IMAP is definitely cool, underutilized existing tech.
Posted on November 1, 2007 at 11:33 AM in Spambusters | Permalink | Comments (0) | TrackBack
Spam goes on and on, despite Gates' promise
As Todd Bishop succinctly put it: "Time's up." Two years after Bill Gates promised a way to solve the spam problem in two years, it's a big problem still. Today, in addition to spam delivered by e-mail, we have spam delivered via RSS feeds -- particularly in blog comments, but more and more plaguing such feeds trolling for new search engine results. Lately, I've particularly noticed such spam in Technorati search results.
Microsoft officials who claim that spam's been "solved" to any significant degree should get back to work or get out of the software platform business.
It's also distressing to compare the flood of press hype over Gates' promise two years ago, versus the trickle of coverage last week of yet another broken promise.
Posted on January 30, 2006 at 05:06 PM in Spambusters | Permalink | Comments (0) | TrackBack
Email marketers "mad as hell" - so what are we?
According to Bill McCloskey, the email marketing industry is "mad as hell" at the anti-spam measures being taken lately by service providers, enterprises and anti-spam technology providers. Somehow, I don't think getting angry is going to save email marketers from being blacklisted. How about a more constructive approach? Surely this isn't the way.
Posted on June 8, 2005 at 03:23 PM in Spambusters | Permalink | Comments (0) | TrackBack
The impact of fake/spam blogs
In a free speech society, who makes the decision that a blog, or any Web page, is "fake," or spam? Dave Sifry exudes confidence in his assessment. But I can easily see some gray areas to be exploited between a blog like this and journals such as mine. Who decides? The Blogger terms of service don't prohibit such content. The big challenge will be to search engines, to filter out what the general public perceives to be fake content, or spam. Could this turn into a slippery slope though? How long will it be before someone's authentic content is inadvertently tossed aside in such search engine filters?
Posted on March 15, 2005 at 11:27 AM in Spambusters | Permalink | Comments (1) | TrackBack
Spam and email reliability: Route around bad ISPs
So the inevitable warning cries have arrived: anti-spam filters are increasingly making email unreliable as a delivery mechanism. This hand-wringing article, which even urges customers to "simply get used to losing email," ignores the obvious answer: demand authenticated email, switch to ISPs which implement it, and drop like a stone any ISP whose anti-spam filter has too many false positives. I was beating like a drum on tech vendors at RSA last week about the need for authenticated email. The problems around implementing it are all political and financial, not technological. Meanwhile, don't let the Associated Press or any other news organization tell you the Internet email sky is falling. And no, I don't have a recommendation for an ISP that offers authenticated email, but it's becoming a major theme of my work, and that of many others.
Posted on February 25, 2005 at 04:41 PM in Spambusters | Permalink | Comments (0) | TrackBack
Sendmail position on Sender ID
Meng pointed me to a page where Sendmail explains why they're going ahead and licensing Sender ID under an open-source license: in short, Sendmail's going to wait until Microsoft gets its Sender ID-related patent before it signs a license.
It's worth pointing out that Sendmail controls its own open-source license. Signing a license with Microsoft is incompatible with many other sorts of open-source licenses, such as Apache. This Sendmail page explains it in more detail.
This move is likely to kick Sendmail out of a few open-source distributions, particularly as adoption of Sender ID kicks into gear.
Posted on November 5, 2004 at 11:51 AM in Spambusters | Permalink | Comments (0) | TrackBack
Interesting anti-spam tech demos
Meng Meng Wong's doing some darn interesting demos at an ISPCON session this morning. Cloudmark for Sender ID, announced in August, provides service providers a way to pull up a Sender ID-based whitelist quickly.
Meng also showed a mockup of an experimental version of Microsoft Hotmail uses this data to attach reputation to individual emails. "I expect to see it in Hotmail by the end of the year," he says. The demo he showed, which may or may not be the user experience in the next Hotmail, tagged whitelisted mail with a smiley face, questionable mail with a blank face, and probably spam with a frowny-face. Most intriguingly, he showed a demo project he code-names Karma which aggregates the Cloudmark whitelist with lots of other whitelists. "The specs are now internally consistent across Sender ID and SPF," says George Webb, director of business management for Microsoft's safety technology & strategy team, who's in the room. "It's time to stop talking and start doing." Now that the IETF MARID group is no more, Wong's encouraging peopel to join MAAWG, the Messaging Anti-Abuse Working Group. "You've got to have some bucks to join," he cautions, "but the intention is right and they've got their heart in the right place." ISPs including AOL have Earthlink have joined.
It's a mixed blessing. If MAAWG succeeds, we'll have a new weapon against spam, but it won't have happened in an open way.
Meng also made news in a press release yesterday:
a prototype for a next-generation, spam-proof, cooperative email architecture. The system is based on the concepts of authentication, reputation, and accreditation developed at the Aspen Institute in December 2003 and embodied by standards like SPF, Sender ID, and DomainKeys
More details here. By cryptographically signing messages with Yahoo's DomainKeys, it might even help with whitelisting forwarded email, Meng says.
Posted on November 5, 2004 at 09:46 AM in Spambusters | Permalink | Comments (0) | TrackBack
18% of email now includes an SPF record
Meng Meng Wong, inventor of SPF, is speaking at ISPCON this morning. He says his research shows that 18 percent of all email now includes a published SPF record. "Pretty good progress for one year," he says. As SPF gains traction, people will start sharing whitelists more widely. "When I give you my business card in the future, it won't mean 'mail me' -- it means 'put me in your white list so I can mail you.'"
So how will it become easier for someone to do that? What about iNames? Interestingly, Meng had not yet heard about iNames, introduced last week by Identity Commons. He was intrigued and says he will check it out. My mention of it will probably help connect a few dots between the identity and anti-spam worlds.
Posted on November 5, 2004 at 09:29 AM in Spambusters | Permalink | Comments (0) | TrackBack
Felony spam conviction is a first
AP: Two Guilty in 1st Felony Spam Conviction. Spam remains a huge topic at ISPCON. With various ID schemes rolling out soon, I've got to figure out how to pursuade my ISP to register its Sender ID addresses. Meanwhile, it's good to see some spammers going to jail.
Posted on November 4, 2004 at 01:44 PM in Spambusters | Permalink | Comments (0) | TrackBack
Spammers waste no time exploiting Sender ID
Almost no one's using Sender ID so far, but already, spammers are cloaking themselves with it, according to this InformationWeek story. Couple that with the continuing controversy over the lack of an open-source implementation of Sender ID, and you have continued trouble ahead for this anti-spam standard.
Posted on September 13, 2004 at 09:49 AM in Spambusters | Permalink | Comments (1) | TrackBack
Apache's Sender ID issues signal split on anti-spam, identity efforts
Apache's concerns about Sender ID signal a split between the open-standards, open-source world's approach to verifying identity and combatting spam, and the approach being taken by closed-standards, closed-source companies such as Microsoft. Time will tell if the rift can be mended. Because Sender ID only really works if everyone signs up for it, it will certainly lessen the effectiveness of Sender ID.
Posted on September 2, 2004 at 07:40 PM in Spambusters | Permalink | Comments (0) | TrackBack
Here comes Sender ID PR blitz
Where Microsoft leads, the PR blitz follows. Time will tell if it amounts to anything really useful in the long term!
Posted on August 13, 2004 at 08:53 AM in Spambusters | Permalink | Comments (0) | TrackBack
Sender ID gears up, faces scrutiny
With Microsoft's announcement that it will begin checking for SPF-based, anti-forgery Sender IDs on October 1, 2004 --applied to the MSN, Hotmail and microsoft.com domains -- its Sender ID scheme to blunt spam and other unwanted email is moving into the next stage. Pobox.com already offers an SPF wizard on its Web site. Yet, Sender ID is not without its problems. For instance, Netcraft points out that a spammer could use that same SPF wizard to register its servers, and that zombie computers could be built up from computers with valid Sender ID records. And free software champion Richard Stallman is calling for more liberal licensing of Sender ID by Microsoft. Expect more scrutiny of Sender ID as it's deployed.
Posted on August 5, 2004 at 10:44 AM in Spambusters | Permalink | Comments (0) | TrackBack
And now, location-based spam calls
Mediapost serves up a daily dose of cutting-edge news about online advertising. This item really caught my eye. It seems that businesses are now able to spam (or, in this case, send voice mail) based upon your proximity to them. Expect a new round of hand-wringing and clumsy legislation, and eventually, a brand new industry: mobile anti-spam technology products and service providers.
Posted on August 4, 2004 at 09:01 AM in Spambusters | Permalink | Comments (0) | TrackBack
ISPs get serious about Port 25 abuse
Corporations and universities have been restricting use of Port 25 (outgoing SMTP) for some time, but now ISPs such as Comcast are starting to crack down as well. This is a good move, but where is the leadership needed to educate the masses about the ways that many users have to change their behavior in order to guarantee a safer, more spam-free Internet?
Posted on June 14, 2004 at 04:47 PM in Spambusters | Permalink | Comments (0) | TrackBack
Email marketing to boom -- like it or not
JupiterResearch predicts that money spent on email marketing will rise from $2.1 billion in 2003 to $6.1 billion in 2008. So much for Chris Pirillo's predictions that RSS will take the place of email marketing, I guess. "Contrary to popular belief, spam is not the greatest barrier to reaching consumers. Rather, it is the volume of messages sent by legitimate marketers." It may be legitimate in the eyes of CAN-SPAM legislators, but I doubt 98% of those emails are considered legitimate by their recipients. Is it coincidence that AT&T has started calling me again at dinner despite my appearance on the Do-Not-Call list?
Posted on April 7, 2004 at 11:41 PM in Spambusters | Permalink | Comments (0) | TrackBack
Solving the attachment problem
With a rising tide of ISP sanctions against customers who refuse to update their computers to squelch the spread of spam and malicious code, companies who run their own mail servers would be well-advised to take TrimMail's advice: "Set up an easy-to-use ftp site and show endusers how to use it. Then set your spam-and-content filter to delete attachments. Call it 'Tough Love'. It works."
Posted on March 23, 2004 at 10:38 AM in Spambusters | Permalink | Comments (0) | TrackBack
Bill Gates' 7-year-old may be a WINNER
Ever wonder what gets Bill Gates out of bed? How about when his 7-year-old finds a "get-rich-quick" Web site first thing in the morning?
Posted on February 26, 2004 at 01:39 PM in Spambusters | Permalink | Comments (0) | TrackBack
Spammers spoofing weblogging URLs
Six Apart has posted the following warning for uses of its TypePad weblogging software: "When logging in to TypePad, be sure to only log in through http://www.typepad.com/ or http://www.blogs.com/. There are a number of sites spoofing the TypePad homepage to facilitate masking their identities for comment spam. We are working to get these sites shut down." More and more, spammers and virus-writers are using social engineering, as some of the traditional technical holes in the Internet get sealed up.
Posted on February 19, 2004 at 11:59 AM in Spambusters | Permalink | Comments (0) | TrackBack
Operation Secure Your Server
The FTC and 36 other government agencies have launched Operation Secure Your Server, according to IDG News Service. I'm astounded to learn than more than 1 million IP (Internet Protocol) addresses provide open proxies or open relays, allowing spammers to hide their identities when sending unsolicited e-mail. The FTC and its partners sent alerts to the owners of the IP addressses and provided a resource page with info on how to close holes in servers. (One other oddity: A Google search for this page produces a URL with a forward slash on the end of it, which yields a Page Not Found message. When you remove the ending forward slash, the page loads fine.)
Posted on February 2, 2004 at 07:10 AM in Spambusters | Permalink | Comments (0) | TrackBack
Movable Type tackles comment spam
I'm delighted to learn that Moveable Type, one of the most popular blogging programs, now has a way to disable Google PageRank on comment links. This will help cut down on comment spam.
Posted on January 22, 2004 at 04:26 PM in Spambusters | Permalink | Comments (0) | TrackBack
Spam solution: Charge for bounces
Dana Blankenhorn suggests: "Charge the equivalent of 'postage due' on bounced messages." Sounds interesting, but many spammers only establish an account with an ISP long enough to drop a bunch of messages, then they're on to the next ISP. I'm sure this solution will work in certain cases, but in others, it'll simply be a logistical nightmare for ISPs to administer, with plenty of new deadbeat accounts receivable.
Posted on January 21, 2004 at 05:11 PM in Spambusters | Permalink | Comments (3) | TrackBack
Langa: Spam filters are blocking tons of legit emails
Fred Langa pinpoints the reason why I don't employ a spam filter: "Many or most of the delivery failures were due to hyperactive spam filters at the ISP or desktop level that incorrectly intercepted and trashed the test mail."
Posted on January 20, 2004 at 12:03 PM in Spambusters | Permalink | Comments (0) | TrackBack
Yahoo takes a crack at spam
Wired News: "Under Yahoo's new architecture, sending an e-mail message would embed a secure, private key in a message header. The receiving system would check the Internet's Domain Name System for the public key registered to the sending domain. If the public key is able to decrypt the private key embedded in the message, then the e-mail is considered authentic and can be delivered. If not, then the message is assumed not to be an authentic one from the sender and is blocked." Yahoo plans to give this technology away to anyone who wants to use it. No word on whether it will be submitted to a standards body. This solution sounds workable, yet another example of just how extensible the DNS is. I'll be interested to hear the inevitable criticisms of this scheme.
Posted on December 6, 2003 at 02:51 PM in Spambusters | Permalink | Comments (1) | TrackBack
Tool smothers sponsored search ads
If you consider ads in search engines to be spam, this could be for you: Software that kills not pop-ups, but text ads within pages generated by sponsored search engines, including Google and Feedster.
Posted on November 14, 2003 at 09:15 PM in Spambusters | Permalink | Comments (0) | TrackBack
Comment spam manifesto - yeah!
Adam Kalsey: "Spammers are hereby put on notice. Your comments are not welcome. If the purpose behind your comment is to advertise yourself, your Web site, or a product that you are affiliated with, that comment is spam and will not be tolerated." Absolutely! I encourage everyone to endorse this manifesto.
Posted on November 10, 2003 at 09:10 AM in Spambusters | Permalink | Comments (1) | TrackBack
California law throws out baby with the bath
Christopher Kenton on California's recently-passed, overly-broad antispam law: "Small businesses will pull back from e-mail marketing, eliminating perhaps the one respectful, relevant e-mail out of every 1,000 pornographic or offensive e-mails you receive." I've thought the California law was overly broad; this proves it.
Posted on November 7, 2003 at 04:23 AM in Spambusters | Permalink | Comments (0) | TrackBack
Project Lumos vs. Project Tripoli
Dana Blankenhorn highlights the problems with the Network Advertising Initiative's Project Lumos, and points to a better alternative, Project Tripoli. Of course the world will divide squarely into two camps: Those who want the ISP to block spam for them (Lumos) and those who want to have personal control over what gets defined as, and treated like, spam (Tripoli).
Posted on November 6, 2003 at 03:24 PM in Spambusters | Permalink | Comments (0) | TrackBack
HotMail fix can't come soon enough for ISPs
Sebastian Rupley, on changes coming in the next version of Microsoft's Hotmail: "The company recently implemented a restriction specifying that no more than 100 messages a day can be sent, for example, and implemented technology designed to ensure that a human rather than a bot is registering for a new e-mail account." I believe I heard somewhere recently that 5 billion spam messages per day eminate from Hotmail. Something's got to be done about that, and soon.
Posted on November 3, 2003 at 03:34 PM in Spambusters | Permalink | Comments (2) | TrackBack
Songs inspired by spam
I had to laugh -- someone took the dreck of spam culture and made Art out of it. Spam Songs For That Special Someone. (via TrimMail)
Posted on October 23, 2003 at 09:01 AM in Spambusters | Permalink | Comments (0) | TrackBack
SixApart considers different solutions to comment spam
SixApart is wrestling with ways to control comment spam in Weblogs. I favor being able to moderate all comments before they're posted. But alternatives will be needed for really busy sites.
Posted on October 14, 2003 at 10:09 AM in Spambusters | Permalink | Comments (0) | TrackBack
Take that, you spammer!
I practically giggled when I first read Paul Graham's idea: click through to all the links on a spammer's Web site, preferably with bots (Graham mentions "high-volume auto-retrieval"), to serve up a little denial-of-service or run up their bandwidth bill. Of course, this counterattack will probably further coarsen the declining civility of the Internet, since anyone who doesn't like something they read can consider it spam and employ these tactics.
Posted on October 10, 2003 at 12:20 PM in Spambusters | Permalink | Comments (0) | TrackBack
Taking up arms against comment spam
Dana Blankenhorn points to the work now underway to thwart comment spam -- spam that appears not in emails but as comments to posts in Weblogs. If the comments are themselves exposed through an RSS feed, this would represent the first occurence I've heard of that could be considered RSS spam. Luckily, many smart minds are working on this new threat. Spam is in the eye of the beholder though. Could blog owners be suppressing unpopular or objectable comments but calling it spam -- perhaps cynically, unjustly, or disingenuously? "Food" for thought. Some blogs will require clear policies governing under what circumstances comments are edited or deleted. I will give my own policy some thought.
Posted on October 9, 2003 at 06:19 PM in Spambusters | Permalink | Comments (1) | TrackBack
Talk about denial of service!
Brad Templeton, via VentureBlog: "Filtering on the content is generally a bad idea. If you're actually going to really mail someone about Viagra, I don't know how you'd get that through. I'm sure the Nigerians are facing the same problems." But then this ITU newsletter notes that the rise of email is killing off postal (snail) mail in West Africa. Combine the two, and you have a region with no widespread mail services of any kind, unless you count fax.
Posted on October 6, 2003 at 09:17 AM in Spambusters | Permalink | Comments (0) | TrackBack
Oops, spammers were doing the DDoSing
Dang...Bill Kurnow points out that I got it wrong. Instead of DDoS being used to put spammers out of business, spammers are using DDoS to successfully put anti-spammers out of business! Not good!
Posted on September 24, 2003 at 10:19 PM in Spambusters | Permalink | Comments (0) | TrackBack
DDoS being used successfully on spammers
Since no one apparently can stop DDoS on the Net, someone figured out it could be used successfully against spammers. It's the Wild West, 2003-style.
Posted on September 24, 2003 at 10:34 AM in Spambusters | Permalink | Comments (3) | TrackBack
California anti-spam law is signed
The New York Times, on the newly-signed California anti-spam bill: "The marketing industry vehemently opposes the law, saying that it will only restrict actions by legitimate marketers and not the rouges [sic] who send the most offensive spam." Of course, we will endlessly debate who is a "legitimate marketer." I fear a he-said-she-said legal morass whereby email recipients who opted into a particular email list find something so objectionable from the emailer that they decide to claim they never opted in in the first place. I hope I'm wrong and that the law won't get bogged down in such finger-pointing.
Posted on September 23, 2003 at 02:16 PM in Spambusters | Permalink | Comments (0) | TrackBack
Great idea! Contest to maximize wasting spammers' time
Andrew Odlyzko suggests a contest to invent AI software that maximizes the amount of spammers' time that can be wasted perpetuating bogus replies to their unwanted emails. (via Dewayne Hendricks)
Posted on September 19, 2003 at 09:44 PM in Spambusters | Permalink | Comments (0) | TrackBack
How anti-spam are you?
Boing Boing has a fun test to determine just how anti-spam you are, anyway.
Posted on September 19, 2003 at 02:55 PM in Spambusters | Permalink | Comments (0) | TrackBack
