Version: 2008
  • On The Insider: Britney's Bikini-Clad Top 10

Comments on: IBM debuts spam assailant tool

Rather than just filtering content, Big Blue's spam-fighting technology verifies sender identity and strikes back.

Add a Comment (Log in or register) (9 Comments)
  • prev
  • 1
  • next
This program cannot really work against spam
by hadaso March 22, 2005 12:01 PM PST
If I understand the mechanism described correctly, it can have no real effect on sending of spam.

What is describe is that once the true source of a spam stream is identified (I assume this means the IP address of the sending SMTP server), then email is sent to that server to keep it occupied with incoming mail (the "bounces" described are not true SMTP bounces that would have no real effect on the servers that get milions of these - one for every invalid address they try to spam - but rather email messages with the original spam message attached).

This would only work if the spammers use an ordinary SMTP server that accepts mail from outside. However, they don't need to, and many of them don't. They send from dedicated software that uses the SMTP protocol to send spam (SMTP client) but does not act as a mail server. They use "zombie PCs" - PCs infected with a virus that acts as a mail client and sends spam to wherever it is instructed to. They're not a mail server and they cannot be affected by sending mail to them. In fact, a spammer can sit comfortably behind a firewall and spam the whole world, while no one is able to even ping his machine!
Reply to this comment
Actually, this program can only generate more spam
by hadaso March 22, 2005 12:13 PM PST
In my previous post I explained why this program really cannot affect the sending of spam. But now I read the description once more and saw that it could also generate more spam!

The description says that if no relation between the IP address of the sending server and the domain in the envelope-from address is found, a "challenge message" would be sent. Now where would that message be sent? To the IP address of the sender (the one that is known to be correct)? NO!!! that is not an email address. The challenge message can only be sent to the envelope-from address, that was already detemined to be most probably forged, to pester an innocent bystander whose email address was abused by a spammer (Google "Joe job" to learn about this spammer trick).

So in fact, it would just generate more unwanted and unneeded email. Challenge/response systems always transfer the burden of fighting one's spam to a third party. But this one makes sure the third party is innocent before pestering her!
Reply to this comment
It does nothing of the kind
by 203129769353146603573853850462 March 22, 2005 2:19 PM PST
In no way does this tool "strike back" at the spamming system.

It only tries to deduce the validity of the identity of the sender (returnpath) by comparing to the IP address of the system sending.

That's all, pure and simple. Please correct the article.
Reply to this comment
Not possible
by March 22, 2005 3:20 PM PST
Because of open relays and zombie PCs spewing this stuff, the only approach that makes any sense is the one Brightmail (now part of Symantec) took. Collect as much SPAM as you can, devise a clever way to "fingerprint" it, and supply this "Wanted" list to your server-based application so it can delete or quarantine the bad stuff. Trying to trace the source by IP addresses cannot be nearly as effective as the aforementioned approach.
Reply to this comment
Didn't lycos try something like this
by unknown unknown March 22, 2005 3:58 PM PST
except their was a screensaver, but they still had the same goal...to slow down servers responsible for spam. Seems legally questionable to me. Spam filters have been wrong before, what happens if this thing start attacking legit server? Seems like a liability to me.
Reply to this comment
Spam filters
by John Kuzak June 1, 2007 2:43 PM PDT
http://www.analogstereo.com/porsche_owners_manual.htm
Story is wrong
by richijennings March 23, 2005 2:19 AM PST
Where is this myth coming from that FairUCE "bounces back any messages sent by the device in question with the intent of slowing that computer down"?

I just can't see how CNN, the WSJ, and now c|net have got this idea from. More thoughts at http://www.richi.co.uk/
Reply to this comment
I downloaded this program and XP/Windows will not open it.
by sargento March 23, 2005 5:01 AM PST
I downloaded this program land it will not open. I have it filed away on hard disk until someone tells me how to open it.
Reply to this comment
Um, that's because it's not for Windows...
by crenaud March 27, 2005 8:45 AM PST
Read the documentation on the site. It's only a proxy for Linux right now...
(9 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET