Spam Wars: Filters Strike Back

Filed in Uncategorized by on December 24, 2013

Until now, antispam developers and their products have played defense only. But now, one activist wants spam filters to automatically launch attacks against suspected spammers’ sites to shut them down.

Fearing that spammers are increasingly finding ways to slip their unwanted messages past the current generation of filtering technologies, activists are taking a second look at a proposal to use denial-of-service attacks in the fight against spam.

Such attacks, which are illegal and can disrupt a company’s ┬ácommunications network by burying its servers in unnecessary requests, have traditionally been associated with pranksters who use viruses to distribute their attack software on thousands of computers.

Under the proposal, which was initially published in August by antispam activist Paul Graham, the attacks would be launched automatically by the next generation of spam filters. The attacks would be initiated whenever the filters received a new piece of spam containing a Web link.

If enough people used filters with the feature, the resulting amount of traffic to the spammers’ links could dramatically raise the spammers’ bandwidth costs or even shut down their websites.

“Technically, it’s beautifully balanced,” said Graham, whose 2002 proposal on using Bayesian algorithms to fight spam led to the rise of the current generation of filters. “It’s a way to raise spammers’ bandwidth costs in exact proportion to the amount of spam that they send out.”

Graham’s latest proposal is not without its critics, however, who say that a sudden burst of requests coming from thousands or maybe even millions of spam filters around the world could drain Internet resources.

Graham readily dismisses the argument. “That’s identical to saying that you shouldn’t have police chase down criminals because it uses up resources,” he said. “Yeah, there’s an increase in bandwidth initially, but the net effect is worth it.”

He adds that developers of antispam products should allow users to limit the number of times that their filters try to access a particular link during an attack, or even to disable the feature completely if they choose.

But even when presented with this solution, opponents say Graham’s plan has other problems that render it unsuitable — the most important of which is its potential to harm legitimate companies.

According to Francois Lavaste, vice president of marketing for Brightmail, an antispam software firm, some spammers set up their Web pages on free Web-hosting services. “Launching any type of DoS attack on those pages could actually damage the entire service,” said Lavaste.

Additionally, spammers and pranksters could abuse the system by sending out junk mail containing links to innocent websites that they simply don’t like. If enough filters flagged the mail as spam, they could inadvertently launch an attack against those sites.

As a precaution against such abuses, Graham notes in his proposal that filter developers should require their products to check all links against a blacklist of domain names belonging to known spammers before launching an attack. But some developers have been burned by blacklists in the past and note that the lists themselves can be abused.

“At Matterform, we’ve been victimized more than once by falsified spams that supposedly advertise our URL in an attempt to annoy us,” said Matterform Media President Michael Herrick, whose company develops the Spamfire filter.

“The antispam vigilantes caused us all kinds of problems by blacklisting us without any human investigation,” added Herrick. “The vigilantes told us we should be angry with the spammers, not them. Somehow, it didn’t work that way.”

Herrick says he’s not completely against Graham’s idea, though. Indeed, Matterform’s Spamfire already features a “Bug the WegBugs” option designed to confuse spammers.

Whenever a Spamfire user selects the option, the program searches through messages for “Web bugs” — images used for tracking purposes — and then repeatedly sends back false tracking data to the spammer’s server.

The tactic is not going to shut down the spamming industry overnight, admits Herrick. However, he does believe that antispammers can make a significant dent.

“It’s a cat-and-mouse game with spammers,” he said. “They mutate, we adapt. We fight back, they parry. But (this tactic) can be another hoop the spammers have to jump through. The more hoops, the more likely they are to fall down.”