Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Can trading concepts be used in spam fighting?

Can trading concepts be used in spam fighting?

  • Comments 1

Ever since I started learning how to trade stocks nearly two years, I am amazed at how many applications trading has to real life.  Of course, when something doesn't quite fit I simply make my concepts looser until they do fit, but you get the point.

In stock trading, there is a "rule" that says to Let your profits run and cut your losses short.  This is actually two rules, but in essence, it says to stay with trades when they are moving with you and close any losing trades while they are still quite small; never let a small loss turn into a big loss (I have violated this rule three times and it has cost me dearly).  In addition, I would reorder the words in the rule this way - Cut your losses short and let your profits run.  I think cutting one's losses is more important than staying with winners.

The reason I believe this is because one the keys in trading is to minimize the damage when you are wrong.  I got into trading and all I could think about is the upside but I have now learned that it is more important to protect my trading capital.  I do this by setting predefined sell points and having the discipline to execute them (on my three rule violations above, I did not have predefined sell points).  I think that the analogy to spam fighting is to be cautious when implementing a new spam fighting strategy.  When we do this, everyone always thinks about the potential upside in how much spam can be blocked.  However, it is equally as important to have an exit strategy in case things do not work in our favour.

I saw a mail administrator somewhere some time ago make the comments on image spam that all image spam shares the same four characteristics:

  1. They have a mail header X-Mailer: Microsoft Outlook Express 6.00.xxxx.xxxx
  2. <style></style> tags
  3. hspace=0 tag
  4. img src="cid: 12 alphanumerics $ 8 alphanumerics $ 8 alphanumerics (example: img src="cid:asdt3242r4g6$1234rtre$b59g9yu6)

This is true.  I don't know if all Image spam has those characteristics, but lots of it does.  The strategy the mail admin proposed was blocking mail that contained those four tags.

That would work to block image spam but the problem is that all four of those tags are legitimate.  There is nothing inherently spammy about them.  While lots of image spam has it, so does lots of legitimate mail that contains images.  It took me 10 minutes to find an example of a legitimate message with those four tags.  If we were to block all mail with those four tags we would end up blocking plenty of legitimate content.  That is unacceptable; people want their spam blocked, they don't want mail with images blocked.  At best, we could only say that mail that contains those tags has a probability greater than 60% of being spam, but I certainly would not go any further.  We have to make sure to cut our losses short (ie, by not applying a global ban) when it comes to implementing any spam fighting technique.

Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post