Review of CEAS 2008

Last week, I attended CEAS 2008, an Email and anti-spam conference where researchers from all over the world presented latest techniques they have devised against spam. Most of them were pretty heavy on statistical analysis. I have to admit I haven't seen this many math formulas since college, or heard terms such as "OSBF-Lua", "(RO)SVM", or "TREC" before from any anti-spam product vendors.

There were two sessions that I found to be particularly interesting: A Survey of Modern Spam Tools by Henry Stern of IronPort/Cisco and Fighting Spam: Gmail's Story by Brad Taylor of Google. Henry talked about Dark Mailer, Send Safe and Reactor Mailer—the last one is responsible for 40-50% of all Email traffic on the Internet—and showed us an example of how spammers could use the 'rndline' template macro to generate 28.5 quadrillion unique messages. Brad talked about some of the anti-spam measures Gmail takes; he couldn't share all the details for fear that someone might try to game the system with that knowledge. The Gmail "Spam Czar" is no doubt a celebrity in this circle, but he wasn't the only one; Eric Allman (who developed sendmail) and David Crocker (author of RFC 822) were among those in the audience.

Social Honeypots: Making Friends With A Spammer Near You by Steve Webb of Georgia Tech was pretty entertaining as well, for it's evident that spammers are reaching out beyond Email to social networks, but according to Steve's test on MySpace they seem to only target male users.

Perhaps the best part was meeting more than a handful of smart people genuinely interested in messaging. I'll definitely try to come back next year, especially if there's more focus on those other aspects of anti-spam, like maybe a best practice talk on DKIM or SPF, how to defeat SpamAssassin (or another anti-spam tool), how to avoid being blacklisted, etc.

Comments:

I spotted your blog when I was looking for reviews of CEAS. Did Brad get questioned about GMAIL's \*outgoing\* spam problem? (I know, Brad is in charge of blocking \*incoming\* spam, but I'm still curious if this was brought up?)

On the other hand, I heard that they've made great improvements with that in recent weeks. (I don't personally track those numbers)... so maybe this became less of an issue just in time.

(wish I could have been there... maybe next year!)

Posted by Rob McEwen on August 27, 2008 at 09:21 AM PDT #

@Rob Yes, he brought up the losing effectiveness of CAPTCHA, and how spammy account was almost non-existent when Gmail was in the invitation-only and SMS signup stages. And you're right, he said some changes were made in the last month to counteract the outgoing spam problem.

Posted by Robert Chien on August 27, 2008 at 09:58 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

I currently live in San Francisco Bay Area. For the past seven years, I have been designing and building messaging solutions for Sun.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today