New tool to combat spam by IBM

Pyro Pilots Lounge. For all topics *not* covered in other DBB forums.

Moderators: fliptw, roid

Post Reply
User avatar
Top Wop
DBB Master
DBB Master
Posts: 5104
Joined: Wed Mar 01, 2000 3:01 am
Location: Far from you.
Contact:

New tool to combat spam by IBM

Post by Top Wop »

Dubbed FairUCE, the antispam technology is meant to take an aggressive swing back at computers being used to deliver large volumes of unsolicited e-mail. After identifying a certain machine as an established source of spam, the software bounces back any messages sent by the device in question with the intent of slowing that computer down and retarding its ability to produce more unwanted e-mail.
Source:
http://www.winbeta.org/comments.php?catid=1&id=2810

And here is the link to the tool:
http://www.alphaworks.ibm.com/tech/fairucev
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Post by MD-2389 »

Hopefully this will last longer than a certain screensaver. The only problem with this is that what if someone innocent was targetted? Can you say lawsuit?

Furthermore, it makes you wonder how exactly it identifies a spammer since any idiot can spoof/fake a header.

edit: Tool link is broken.
User avatar
Tetrad
DBB Alumni
DBB Alumni
Posts: 7585
Joined: Thu Nov 05, 1998 12:01 pm
Location: Dallas, TX

Post by Tetrad »

1) Correct link: http://www.alphaworks.ibm.com/tech/fairuce

2) That description is way off. It's not an attempt to DDOS spammers. From the site itself:
FairUCE (which stands for "Fair use of Unsolicited Commercial Email") is a spam filter that stops spam by verifying sender identity instead of filtering content. It can stop the vast majority of spam without the use of a content filter and without requiring a probable spam or bulk folder that needs to be checked periodically. As one of the first spam filters that uses sender identity rather than email content to determine if it is legitimate, all this can be accomplished quickly using simple, inexpensive tests.

...

Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. A future version will incorporate Sender Policy Framework (SPF) or similar sender identification systems; SPF-enabled domains will not require a challenge. Challenges are sent using a dedicated queue with a short lifetime so it does not get bogged down or interfere with legitimate mail.

If a relationship can be found, FairUCE checks the recipient's whitelist and blacklist, as well as the domain's reputation, to determine whether to accept, reject, challenge on reputation, or present the user with a set of whitelist/blacklist options. A future version will use a real domain reputation system; currently this is implemented as a "whois" look-up to determine the domain's age when it first sent mail to the recipient.
Of course this thing currently is useless to anybody not running their own mail server using Postfix on Linux.
User avatar
DCrazy
DBB Alumni
DBB Alumni
Posts: 8826
Joined: Wed Mar 15, 2000 3:01 am
Location: Seattle

Post by DCrazy »

Tetrad wrote:Of course this thing currently is useless to anybody not running their own mail server using Postfix on Linux.
Useful++ :D
User avatar
Grendel
3d Pro Master
3d Pro Master
Posts: 4390
Joined: Mon Oct 28, 2002 3:01 am
Location: Corvallis OR, USA

Post by Grendel »

Tetrad wrote:2) That description is way off. It's not an attempt to DDOS spammers. From the site itself:
What makes you think it's intended as a DDOS fighter ?? Not even a hint to that in above posts..
Cuda68-2
DBB Ace
DBB Ace
Posts: 320
Joined: Fri Sep 20, 2002 2:01 am
Location: St. Paul Minnesota
Contact:

Post by Cuda68-2 »

DCrazy wrote:
Tetrad wrote:Of course this thing currently is useless to anybody not running their own mail server using Postfix on Linux.
Useful++ :D
X2
Cuda68-2
DBB Ace
DBB Ace
Posts: 320
Joined: Fri Sep 20, 2002 2:01 am
Location: St. Paul Minnesota
Contact:

Post by Cuda68-2 »

DCrazy wrote:
Tetrad wrote:Of course this thing currently is useless to anybody not running their own mail server using Postfix on Linux.
Useful++ :D
X2
User avatar
Tetrad
DBB Alumni
DBB Alumni
Posts: 7585
Joined: Thu Nov 05, 1998 12:01 pm
Location: Dallas, TX

Post by Tetrad »

Grendel wrote:What makes you think it's intended as a DDOS fighter ?? Not even a hint to that in above posts..
I'm saying it's not, and was misrepresented as such from the first post's quote:
Top Wop wrote:
Dubbed FairUCE, the antispam technology is meant to take an aggressive swing back at computers being used to deliver large volumes of unsolicited e-mail. After identifying a certain machine as an established source of spam, the software bounces back any messages sent by the device in question with the intent of slowing that computer down and retarding its ability to produce more unwanted e-mail.
User avatar
Grendel
3d Pro Master
3d Pro Master
Posts: 4390
Joined: Mon Oct 28, 2002 3:01 am
Location: Corvallis OR, USA

Post by Grendel »

Tetrad wrote:
Grendel wrote:What makes you think it's intended as a DDOS fighter ?? Not even a hint to that in above posts..
I'm saying it's not, and was misrepresented as such from the first post's quote:
Top Wop wrote:
Dubbed FairUCE, the antispam technology is meant to take an aggressive swing back at computers being used to deliver large volumes of unsolicited e-mail. After identifying a certain machine as an established source of spam, the software bounces back any messages sent by the device in question with the intent of slowing that computer down and retarding its ability to produce more unwanted e-mail.
I repeat my question.

BTW, it's technically impossible for the reciever to identify a machine sending DDOS packets -- the "from" IP address in the stray packets is always spoofed.
User avatar
Tetrad
DBB Alumni
DBB Alumni
Posts: 7585
Joined: Thu Nov 05, 1998 12:01 pm
Location: Dallas, TX

Post by Tetrad »

I refer you back to the bolded part of my previous post.
User avatar
Lothar
DBB Ghost Admin
DBB Ghost Admin
Posts: 12133
Joined: Thu Nov 05, 1998 12:01 pm
Location: I'm so glad to be home
Contact:

Post by Lothar »

Grendel:

it's not an anti-DDoS system. It doesn't look for systems launching DDoS attacks.

it's an anti-spam system, and it was rumored that it might work by DoS'ing the spammers with all the returned mail. As Tetrad's post shows, its main function isn't to bounce spam, but to blacklist spammers by comparing the sender's domain to the sender's IP and blocking it if it doesn't match (so russian pr0n spammers can't send messages as somebody @ some_us_server dot com...)
User avatar
Grendel
3d Pro Master
3d Pro Master
Posts: 4390
Joined: Mon Oct 28, 2002 3:01 am
Location: Corvallis OR, USA

Post by Grendel »

n/m

My mistake -- typical language problem, sorry :)
Post Reply