Welcome to MSDN Blogs Sign in | Join | Help

Terry Zink's Anti-spam Blog

Protecting your mail from the scum of the internet
Notes on the CEAS

Here's a round up of my random thoughts on the CEAS:

1. The stuff on image spam detection was interesting, but it's a little late.  Spammers have moved on to other tricks.

2. Speaking of the stuff on image spam, the false positive rates were very high so as to render the techniques impractical in a real world environment.  A 4% false positive rate renders a technique non-useful in real life.  Frankly, a filter component has to have an FP rate of at least 1/10,000.

3. The brief history of Postfix was interesting.

4. Well, wouldn't you know it - it turns out that filters that train on global data (mail) perform *much* better than filters trained on personal mail.

5. Interesting factoid: Spammers are sending fewer messages per recipient than they used to.  This is a reversal in the trend in earlier years when they sent the same message to a lot of recipients.

6. The top 10 brands account for 85% of phished sites (eBay, Paypal, etc).

7. 99% of trackbacks on blogs are spam and when it comes to blog spam, two narrow IP ranges host most splogs.

8. Even though SenderID and SPF fail on email forwarding, it's not a huge problem because it is rarer than people think.

Posted: Wednesday, August 15, 2007 8:19 PM by tzink
Filed under:

Comments

MSDN Blog Postings » Notes on the CEAS said:

PingBack from http://msdnrss.thecoderblogs.com/2007/08/15/notes-on-the-ceas/

# August 15, 2007 9:37 PM

Norman Diamond said:

> The stuff on image spam detection was interesting,

> but it's a little late.  Spammers have moved on to

> other tricks.

It's not really too late though.  If you don't keep it up, they'll be back.

> Spammers are sending fewer messages per recipient

> than they used to.

Huh?  Maybe there was accidentally a whole week when that fluctuation just happened to look that way, and you interpret that as a trend?  Daily rates won't look like a trend but they'll show the fluctuations; today kind of looks the way you're talking about and yesterday was exactly the opposite.

The way your #8 is formatted, I can't read it in IE6.

# August 16, 2007 4:01 AM

tzink said:

"Huh?  Maybe there was accidentally a whole week when that fluctuation just happened to look that way, and you interpret that as a trend?"

I didn't interpret it, the presenter did.  The bottom line was that spammers used to send 1 message to many recipients, now they send many different messages to many different recipients.

"The way your #8 is formatted, I can't read it in IE6."

Should be fixed now.

# August 16, 2007 10:50 AM

Norman Diamond said:

> The bottom line was that spammers used to send 1

> message to many recipients, now they send many

> different messages to many different recipients.

I see, I misinterpreted the original wording.  It looked like an assertion that spammers used to send many copies of a spam to each recipient and now send fewer copies to each recipient.  With ordinary fluctuations there are some days where the average number of copies of a spam (per recipient) can be lower than the previous day's average, but the overall trend sure isn't down.  Some spammers seem to think they persuaded me to enter 10 buy orders for some spamalot stock each day last month so they'll obviously persuade me to enter 20 buy orders each day for this month's spamalot stock.  Most of those get filtered out by my ISP but I still see the subject lines because I have to check for false positives.  A few don't get filtered out so the SEC gets to see them (somehow the spamalot stocks are always listed in the US).

# August 18, 2007 1:21 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker