| nettime's_mytho-robo-poesis on Fri, 14 Feb 2003 11:42:38 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> spam (24x7|5x7x5) digest [berland, moretti] |
"Jody Berland" <jody.berland@sympatico.ca>
Re: nettime-l-digest V1 #1054
ben moretti <bmoretti@chariot.net.au>
at last a use for haiku (was: Re: <nettime> spamfree-full digest <...>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
From: "Jody Berland" <jody.berland@sympatico.ca>
Subject: Re: nettime-l-digest V1 #1054
Date: Thu, 13 Feb 2003 19:02:38 -0500
I am not sure whether mankind is devoid of shame (important elements are,
certainly) but I worry that everyone that has access to a listserv may be.
Our university sends out a "newsletter" 5 days a week. Little news reports
if someone is cited in the media, encouraging thoughts about the "climate of
opportunity" and buzz about various corporate friendlies who now comprise
all the advisory boards. If you try to get off of their list, you can't.
If you try to return it to them, you can't. If you complain to the
"communications" staff they say there is nothing they can do about it. If
you take it to the academic senate then the university president tells you
to shut up. If your memory isn't up to date the spam shuts down your
system. If they are, as they suggest, conducting "research" they have not
asked for permission from their human subjects. I get nervous when people
use incarceral metaphors for institutions but now I am beginning to
understand why.
By the way, does Spam Arrest work? maybe I could pay them to shut up my
university.
Jody Berland
Editor, TOPIA: Canadian Journal of Cultural Studies
www.yorku.ca/topia and/or http://www.utpjournals.com/topia/
TOPIA Campaign 500 : Help us reach our goal of 500 subscribers
.
----- Original Message -----
from: "nettime-l-digest" <owner-nettime-l-digest@bbs.thing.net>
to: <nettime-l-digest@bbs.thing.net>
sent: Thursday, February 13, 2003 11:26 PM
subject: nettime-l-digest V1 #1054
> nettime-l-digest Thursday, February 13 2003 Volume 01 : Number 1054
>
> Table of Contents:
>
> <nettime> Okay, that does it -- Armageddon is too good for us
> <nettime> admin note/RFC: 'antispam' services and nettime
<...>
From: ben moretti <bmoretti@chariot.net.au>
Subject: at last a use for haiku (was: Re: <nettime> spamfree-full digest [arrest x2, guderian, cramer, hwang, jett])
Date: Fri, 14 Feb 2003 14:31:13 +1030
# on the spam discussion, a company called habeas is using a copyrighted haiku
# in combination with some email client plug-ins as an email 'authenticity'
# validation mechanism. this excerpt below is from TidBITS#661/06-Jan-03,
# without permission. ben
http://www.tidbits.com/tb-issues/TidBITS-661.html#lnk2
TidBITS Using Habeas Headers
by Adam C. Engst <ace@tidbits.com>
The spam pandemic has grown to epic proportions. In 2002, I received over
23,000 spam messages (about 35 percent of my mail), and that's even after
employing the Mail Abuse Prevention System RBL+ realtime blackhole list and a
handful of other conservative server-side spam filters on our primary mail
server. There's no question that my address is both older (it hasn't changed
since I switched away from the UUCP style <ace@tidbits.uucp>) and more widely
published than most, but my exposure generally means I'm just ahead of the
curve. If you're not getting a lot of spam now, you're both lucky and living
on borrowed time.
<http://mail-abuse.org/rbl/>
<http://www.eudora.co.nz/eimsfilters.html>
Think Positive -- Nevertheless, although I don't see the amount of spam
dropping for a while yet, I think we've turned the corner in developing the
basic concepts that will eliminate most spam from our lives - at least when
those concepts are intelligently combined and implemented. These concepts
include so-called Bayesian filtering, which attempts to predict the
likelihood that a message is spam by the frequencies with which certain words
occur; whitelists, which allow mail through only when it comes from people
from whom you've received legitimate mail in the past; and challenge/response
systems, which require that new senders authenticate themselves before their
mail reaches you. Also potentially useful deterrents are the various U.S.
state anti-spam laws and the lawsuits against spammers they make possible;
well-run blackhole lists that let mail servers refuse to accept connections
from other mail servers that have been compromised by spammers; and the
combination of proper default settings and network administrator education
that has cut down on the number of open relays for spammers to exploit.
<http://www.paulgraham.com/spam.html>
<http://www-106.ibm.com/developerworks/linux/library/l-spamf.html>
Note that I explicitly do not include arbitrary server-side content filtering
in that list of potentially useful approaches to controlling spam. Creating
server-side filters that reject mail based on the inclusion of a word or two
merely because the administrator has seen those words in spam is more
damaging to the overall utility of email than spam itself. Geoff Duncan
brought this problem to light with "Email Filtering: Killing the Killer App"
back in TidBITS-637; that article triggered widespread coverage in mainstream
media outlets such as the New York Times, the Newhouse News Service, and
more.
<http://db.tidbits.com/getbits.acgi?tbart=06866>
<http://db.tidbits.com/getbits.acgi?tbart=06869>
<http://www.nytimes.com/2002/07/15/technology/15SPAM.html>
Our efforts at educating the public to the dangers of arbitrary content
filters certainly don't hurt, but the problem continues. Our recent gift
issue was rejected by one mail server (which will undoubtedly do so again
with this issue) because the word "cows" appeared in the text. (Ironically,
it wasn't even in relation to the worthy Heifer Project charity, but to a
comment about the game Tropico.) In an effort to avoid losing subscribers
when these content filter rejections trigger our bounce automation, we've
taken to trying to switch impacted subscribers to the announcement version of
TidBITS, which is much more likely to slip past content filters purely on the
basis of containing many fewer words.
Cue Habeas -- There's one more new tool that we've just started to employ. A
new company called Habeas, started by TidBITS author Dan Kohn, has come up
with "sender warranted email." The idea is that, with the addition of nine
specific header lines to your messages, you can warrant that your outgoing
email is not spam. ISPs, email providers, spam filters, and even individual
recipients can then trust that any incoming message that contains Habeas
headers is legitimate.
<http://www.habeas.com/>
Here's what the Habeas headers look like.
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
"But but but...," I can hear you saying. "What prevents spammers from simply
adding the Habeas headers to spam as well?" Nothing. Well, except for the
thousandweight of lawyers that Habeas plans to drop on anyone who does so,
basing such lawsuits on both copyright and trademark law. Habeas can do this
because the Habeas headers include a copyrighted three-line haiku and several
trademarks. In addition, Habeas will add any infringers to a DNS-based
blacklist that doesn't suffer from some of the legal problems that have
plagued other blacklists.
I'm waiting with bated breath to see how Habeas handles the first infringers.
My experience with suing a spammer under the Washington State anti-spam law
wasn't great because I couldn't expend the money, time, and effort to carry
the suit through to the most satisfactory conclusion. In contrast, Habeas has
venture capital and significant incentive to make examples of infringers, so
they're likely to have a better chance of running the spammers to ground and
extracting financial penalties from them. By basing the protection on
copyright and trademark law, Habeas avoids the many variations on state
anti-spam laws and doesn't have to wait for federal legislation that may be
too little and is already too late. Plus, international copyright law offers
similar protections everywhere but Afghanistan, Bhutan, Ethiopia, Iran, Iraq,
Nepal, Oman, San Marino, Tonga, and Yemen. On the collection side, Habeas
plans to turn spammers over to the collection agency Dun & Bradstreet for
maximum extraction.
<http://db.tidbits.com/getbits.acgi?tbser=1167>
Although there are some high-profile spammers who are making very real money
at spam (but are stupid enough to give their real names in interviews,
opening themselves up to real world harassment from furious spam victims), I
doubt Habeas will end up making significant money from successful lawsuits.
Most spammers simply don't have deep pockets. However, Habeas does earn money
from licensing the Habeas headers to businesses. Licenses are free for
individuals and ISPs that warrant that all their email is not spam; other
companies pay $200 per year for a license unless their business revolves
around sending verified opt-in commercial email, at which point the license
is based on the number of recipients.
<http://www.habeas.com/services/swe.htm>
Practical Habeas -- From a user's standpoint, you need to know two things
about Habeas: how to add Habeas headers to your email messages (remember,
it's free for individuals) and how to filter Habeas warranted messages. The
details vary significantly with the software you use for email, but Habeas
has developed instructions and plug-ins for many common pieces of email
software (it's just a matter of dropping a plug-in into the appropriate
folder with Eudora, for instance), and they're happy to post user-submitted
instructions for additional programs. Also, many email programs hide unusual
headers by default, and for those programs that don't, Habeas also offers
instructions for hiding the Habeas headers so you don't have to look at them
in every message.
<http://www.habeas.com/support/install.htm>
What are we hoping to get out of adding Habeas headers to our mailing lists?
Quite simply, less damage due to errant spam filters. Habeas is working with
many of the vendors of server-side spam filters to encourage them to
whitelist Habeas compliant messages, and we hope that anyone who has gone to
the effort of rolling their own spam filters will do the same to reduce the
incidence of false positive spam identification. I encourage everyone who's
concerned about spam to sign up for a free individual Habeas license, and for
anyone working on anti-spam tools, make sure your tools whitelist Habeas
compliant messages as well.
There's no question that the use of Habeas headers will not eliminate the spam
problem overnight, but when combined with the other tools and techniques that
have started to appear, it should make a difference.
PayBITS: Want to support TidBITS in our ongoing fight against
spam? Consider supporting TidBITS by contributing via Kagi!
<http://www.tidbits.com/about/support/contributors.html>
Read more about PayBITS: <http://www.tidbits.com/paybits/>
--
ben moretti
bmoretti@chariot.net.au
http://www.chariot.net.au/~bmoretti
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--_@
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net