By chienr on Aug 25, 2008
Last week, I attended CEAS 2008, an Email and anti-spam conference where researchers from all over the world presented latest techniques they have devised against spam. Most of them were pretty heavy on statistical analysis. I have to admit I haven't seen this many math formulas since college, or heard terms such as "OSBF-Lua", "(RO)SVM", or "TREC" before from any anti-spam product vendors.
There were two sessions that I found to be particularly interesting: A Survey of Modern Spam Tools by Henry Stern of IronPort/Cisco and Fighting Spam: Gmail's Story by Brad Taylor of Google. Henry talked about Dark Mailer, Send Safe and Reactor Mailer—the last one is responsible for 40-50% of all Email traffic on the Internet—and showed us an example of how spammers could use the 'rndline' template macro to generate 28.5 quadrillion unique messages. Brad talked about some of the anti-spam measures Gmail takes; he couldn't share all the details for fear that someone might try to game the system with that knowledge. The Gmail "Spam Czar" is no doubt a celebrity in this circle, but he wasn't the only one; Eric Allman (who developed sendmail) and David Crocker (author of RFC 822) were among those in the audience.
Social Honeypots: Making Friends With A Spammer Near You by Steve Webb of Georgia Tech was pretty entertaining as well, for it's evident that spammers are reaching out beyond Email to social networks, but according to Steve's test on MySpace they seem to only target male users.
Perhaps the best part was meeting more than a handful of smart people genuinely interested in messaging. I'll definitely try to come back next year, especially if there's more focus on those other aspects of anti-spam, like maybe a best practice talk on DKIM or SPF, how to defeat SpamAssassin (or another anti-spam tool), how to avoid being blacklisted, etc.