[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anti-Spambot: what algorithm should be used?



> > Yes, Bob could post something like "drink kaka cola and die" and
> > "elect John M Gubor Sheriff if you want to be arrested".
> > Hopefully, most Bob's won't.
> 
> That's questionable at best. Also, there can be so much ingenuity in
> making the ads appear unreadable, that it would be hard to watch who
> is good and who is bad.

Good - let them exercise their ingenuity rather than forge cancels and
pull plugs.

> For example, how about this signature that purports to advertise
> http://www.kaka-kola.com:
> 
> ^L^L^L
> -----------------------------------------------------------------------
> = please ignore contents of this sig -- skdjhgf asdgf -- == <blink>
> <color=#000000> = http://www.devnull.com http://acd http://www.www.www
> http://www.kaka-kola.com http://xxx == </color></blink> == this sig
> intentionally made unreadable to cheat alice ==
> -----------------------------------------------------------------------

OK, I see several approaches:

1. For some kinds of advertizing messages, like 900 numbers, even the kind
of exposure you describe is good exposure.

2. Alice's bot can state that it won't pay for articles that contain certain
kinds of "taboo" regexps - "fuck", "shit", "piss", "cunt", "spam", "Alice...".

3. When is the contract created, if at all? Alice can just review the traffic
by hand, as a human, and decide on her whim that she won't be paying this
particular Bob anymore.

> > Yes, if Alice just posts her regexps on a public Web page, a clueful
> > person can automatically fetch them and add them to his killfile or
> > even forge cancels for Bobs' articles that contain them.
> 
> > I think this would be a stupid thing to do because Bobs' articles
> > may contain useful information besides Alice's ad. Also the regexp
> > might occur in a followup to Bob's article, which may contain
> > useful information.
> 
> Well, one can modify newsreaders to delete only lines that match
> the regexps, but show other parts of the article. That may be one
> of the pieces of functionailty of libkillfile.so that I once mentioned.

Wonderful - go ahead and do it.  Anyone clueful enough to build a killfile
may not be worth advertisingto anyway.

Remember how Sandy Sandfart used to preach how he has the abllity to filter
out my traffic, but he wants to silence me in the interest of those who don't
have this capability?

Same thing with killfiles.
> 
> > On the second thought, Alice may not need a prior contract with Bob,
> > nor the ID#. She can just list the regexps she's trying to promote
> > on her web page and go promiscuously by the address in the From: header.
> > 
...
>  
> > What Alice could do is send an e-mail like
> >  "Your article with message-id blah posted to blah contains
> >   a message that I'm paying to promote. Here is a cookie;
> >   if you return this cookie, I'll send you $n e-cash."
> > If it bounces, or if the recipient never sends back the cookie - too bad.
> 
> If it bounces, Alice would usually get the money back in the bounce message.
> 
> Can't alice put a stop on a piece of digital cash? I am not sure, but it
> may be possible. It is surely possible with adding one more trusted party,
> and some more signing and encryption, anyway.

The address could be a black hole type of thing.

But, on the third thought :-), I don't like the idea of sending unsolicited
e-mail in response to Usenet articles, even if the e-mail contains e-cash.

How about this for a protocol:

Alice puts up the Web site listing the regexps she wants promoted.

Bob tells Alice (via a web form, say):

I will be posting as [email protected] and [email protected];
please e-mail my fee to [email protected]; your decisions are final.

Alice e-mails [email protected], saying:
please post cookie1 to misc.test (or whatever) as [email protected];
please post cookie2 to misc.test as [email protected]
(to show that Bob does post from these accounts and does read e-mail
at [email protected]).

Once Alice's bot sees the cookies, it starts generating fee e-mails.
Moreover if Alice sees Bob making fun of her, the way you described, she
can stop paying him forever.

> > > Alice's contract can also specify that if a third party forges a cancel
> > > within a week for Bob's Usenet article containing the regexp, then Alice
> > > will pay nothing and let Bob sue the forger for the lost income. (This
> > > may become moot as more and more ISPs ignore forged cancels.) This gives
> > > Bob the insentive to spam intelligently - not to trigger any cancelbots
> > > and not to have his plug pulled by his ISP.
> > 
> > After Alice's bot finds an eligible Usenet article, it should wait
> > a week or so to see if it was cancelled or superseded before issuing a
> > payment. If it's cancelled, then instead of payment it should send
> > a notice saying:
> >  "Your article with message-id blah posted to blah contains
> >   a message that I'm paying to promote. I would have paid
> >   you $n e-cash, but unfortunately a cancel has been issued
> >   for your article: <quote cancel>"
> > That should get Bob pretty mad at the 3rd party canceller. :-)
> 
> Alice can then cheat and issue the cancels herself. Since most spammers
> are crooks, I expect that to happen a lot. No good.

There would hopefully be more than one Alice competing for the posting agents.
If she acts unethically (fails to come through with the payment), she will
lose reputation capital.

I mean, Alice can just put up a web page claiming that she'll pay for
promoting her regexps, and then not send anybody any ecash, cancels or
no cancels. Who's going to sue her for breach of contract and where?

Spammers are less crooks than Sandy Sandfart and Cocksucker John Gilmore,
or th scumbags who forge cancels.

> > > Alice can also put some reasonable caps on the number of repetitions
> > > because if Bob posts the same regexp 10,000 times, the marginal exposure
> > > is less from Bob than from a newbie Carol. Again, if there are several
> > > such Alices, the market will take care of negotiating such details.
> > 
> > Alice needs to maintain a map of (poster,newsgroup,regexp) to # posts;
> > when it reaches 100, stop paying this poster. I think 100 mentions by
> > the same poster is way past saturation.
> 
> I can generate a gazillion posters from algebra.com.
> 
> Of course, Alice can also introduce per-domain restrictions.

I can generate a bazillion posters from dm.com, but this is rare.

I can also get a dozen AOL screen names from a single AOL account.

It's OK because the reasons for this cap are pure marketing:
(not trying to cap Alice's expense). For the target audience,
seeing the same 900 number >100 times from the same address loses
the marginal effectiveness.  If you post the same 900 number 100
times from [email protected] and then 100 times from [email protected]
it'll be as effective as if it came from [email protected].

---

<a href="mailto:[email protected]">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps