POPFile vs. POPFile

Jeff Atwood

Jeff Atwood

1 min read Comments

In my previous blog entry on some plan(s) for spam, I mentioned that I didn’t care for challenge/response “human-only” whitelists. I couldn’t put my finger on exactly why I felt that way... until I happened upon this John Graham-Cumming PowerPoint presentation:

I don’t “do” Challenge/Response. If I mail you and you challenge me I hit delete, because, as Dan Quinlan put it: “Challenge/Response is the ultimate email diss. By using it you are saying, ‘my time is more important than yours.’”

That about sums it up for me.

John Graham-Cumming is the author of POPFile, so naturally his presentation goes on to... describe ways to defeat POPFile? It’s actually titled, How to beat an Adaptive Spam Filter. A fascinating read, with a disturbing conclusion: when pitting “evil” POPFile against good POPFile, the good guys lose. In other words, spammers can use Bayesian filters to defeat Bayesian filters – if they get feedback about what mails are getting through!

This makes me very, very happy that Windows XP Service Pack 2 turned off HTML rendering in Outlook Express by default:

Pictures and images embedded in HTML e-mail messages can be adapted to secretly send a message back to the sender. These are often referred to as Web beacons. Spammers rely on information returned by these images to confirm active e-mail addresses. Some spam messages contain Web beacon images so small that they are invisible to the human eye – but not to Outlook Express.

An improved defense against Web beacons is to stop pictures from downloading until you’ve had a chance to review the message. Outlook Express in Windows XP SP2 will now block images automatically in messages from people who are not in your address book. This goes a long way in preventing the verification of your e-mail address for spammers. It makes your e-mail name less useful to spammers and may result in your getting less spam over time.

Putting images in HTML seems innocent enough, but retrieving any image results in a direct request from your computer to the spammer’s webserver. With this tiny bit of feedback, they could conceivably defeat any anti-spam technology. Scary stuff!

Read more

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

By Jeff Atwood · · Comments

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven't any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don't stop there - read the Story of Your Life novella it was based on

By Jeff Atwood · · Comments

I Fight For The Users

If you haven't been able to keep up with my blistering pace of one blog post per year, I don't blame you. There's a lot going on right now. It's a busy time. But let's pause and take a moment

By Jeff Atwood · · Comments

The 2030 Self-Driving Car Bet

It's my honor to announce that John Carmack and I have initiated a friendly bet of $10,000* to the 501(c)(3) charity of the winner’s choice: By January 1st, 2030, completely autonomous self-driving cars meeting SAE J3016 level 5 will be commercially available for passenger

By Jeff Atwood · · Comments