Content-Neutral Spam Filter

[UNDER CONSTRUCTION]

INTRODUCTION

What is this?

Bumper is a next generation "content-neutral" spam filtering technology. In short, this means that whereas other filters use complicated rules to detect advertisements, Bumper only asks "Is the sender human?" and "Is it someone we know?" For technical details, click here. To see how this novel, amazingly simple approach can outperform traditional spam filters, read on.

The Problem

If you have an e-mail address, you're probably familiar with the junk mail phenomenon called "spam." It starts with just a few e-mails per week, then a few per day. Eventually, more and more advertisers learn your address, until one day you open your mailbox to find thousands of spams sent in a single day. When legitimate mail is lost amidst these insulting and offensive ads, it's no longer a nuisance. Spam has become a serious threat to people's livelihoods and freedom to participate in the internet community.

Traditional Solutions

There are three basic strategies for dealing with spam:

  1. Strategies That Result In Lost Mail

    Many people attempt to hide from advertisers by changing to a new e-mail address whenever the spam becomes intolerable. Another approach is to create a "whitelist" of friends' addresses, ignoring mail from anyone else. But what if old friends try to contact you? Or what if you need to distribute your e-mail address on a business card? Or subscribe to mailing lists? Or buy and sell items on eBay? It's difficult to maintain online relationships with someone whose contact information is constantly changing.

    Strategies that result in lost mail might be acceptable for the casual user, but they are not practical for people who seriously rely on internet communication. More importantly, there is something fundamentally submissive about this. It feels like accommodating a bully. Solutions that reduce the usefulness or reliability of e-mail are not real solutions, they're compromises. (Similar arguments apply to other "lossy" approaches such as graylisting, etc.)

  2. Legal/Political Activism

    A more direct approach is to lobby your politicians for stricter advertising laws, so the perpetrators can be punished by a court. This strategy was very successful with telemarketers and postal mail, but it has failed to achieve any significant reduction in spam (despite the valiant efforts by groups such as CAUCE). Unlike other forms of communication, e-mail is totally anonymous and costs almost nothing to send, so spammers can operate on a shoestring budget with minimal equipment. Even if the U.S. passes tough anti-spam legislation, there are plenty of other countries to operate from.

    More importantly, most spam is already illegal under existing laws for credit card fraud, scams, illegal sale of pharmaceuticals, etc. If the previous legislation didn't solve the problem, more laws are unlikely to help. In fact, many people feel that recent legislation has seriously impaired the freedom and privacy it was purported to protect. (For example, check out the DMCA debacle, PATRIOT act, INDUCE, etc.)

  3. Filters

    Fundamentally, spam really is a technical problem resulting from outdated protocols. The internet e-mail standards were not designed for a global commercial marketplace; they were developed in an academic/military environment back in the 1970's. The required protocol changes are fairly obvious, but unfortunately it has proven quite difficult to convince the world to adopt new standards. (For a poignant example, consider how few networks have chosen to join the "next generation internet" which was christened back in the early 90's.) The internet has grown so large that successful advances must be incremental innovations -- "evolution, not revolution." Filtering is a popular alternative to inventing new protocols precisely because it's "incremental" in this sense.

    A spam "filter" is software that attempts to distinguish whether a message is "spam." If your mail program has a "Junk" or "Spam" folder, then you're probably already using a filter. Initially, filters were simple tests for obvious keywords such as "Viagra" or "mortgage." However, as advertisers continually adapt to circumvent these approaches (e.g. by misspelling "Viagra" or encoding it as an image), increasingly sophisticated tests are required. Modern filters such as SpamAssassin employ a combination of complicated heuristics, cooperative databases of spam "fingerprints," and powerful adaptive learning algorithms from artificial intelligence.

    The problem with filters is that no matter how smart your software is, spammers are always one step ahead. It's as easy as testing their e-mails against typical filters beforehand, then modifying the text to evade the filter. Ultimately, filtering fails because the definition of "unsolicited bulk e-mail" is nebulous and subjective. For example, the phrase "I just found a great deal on my home mortgage, try calling this number!" is most likely spam. But what if it's from that girl you met at the party last night? Filters will always have "false negatives" and "false positives," and if you err on the side of romance, spammers will find a way to get their message through.

The Next Generation

Bumper is a novel approach to spam filtering that completely ignores the content of the message, focusing instead on the sender's identity. It supports several methods for uniquely identifying and authorizing a message sender. The idea is similar to other next-generation technologies such as the Sender Policy Framework (SPF), except that Bumper does not rely upon world-wide adoption of new e-mail protocols. You can use it right now without cooperation from other servers. Here are just a few of the advantages:

  • Simple Design - Unlike heuristic filters such as SpamAssassin or DSPAM, Bumper is extraordinarily easy to understand and use. Consequently, it's also easy for developers to implement new features.

  • Compatible With Any Client - It doesn't attempt to replace your e-mail client; it just inserts tags that your existing software can use to classify (or delete) messages according to your preferences. Thus, Bumper can seamlessly interoperate with any modern e-mail client.

  • Never Loses Mail - Messages are never deleted; Bumper just marks them as "authorized" or "not authorized." Since senders are notified when their message has been bumped, your lost relative will still be able to get through, even if you never look at your "Spam" folder.

  • Gets You Off The List - From a spammer's viewpoint, the Bumper error message implies that your mailbox no longer exists, so it's very probable that they will remove your address from their database.

  • Lightweight - The rejection occurs at SMTP time, so there are no expensive bounce messages for the server to process. The classification algorithm is a simple database lookup requiring minimal system resources.

  • Totally Free - The Bumper software is distributed under the "open source" Mozilla Public License. It's completely free, and actively supported by a community of spam-hating volunteers.

SourceForge.net Logo

 

 

Copyright © 2004, Bluel Technologies Corporation. All rights reserved.