>>
>> iHateSpam: A community voting scheme to determine what is and is not
>> spam. Spam is identified too late by the community for those that
>> often poll their mailboxes.
>>
>> I was going to say that iHateSpam is yet another attempt to use
>> users to vote on spam; i.e., use humans instead of blocklists,
>> bayesian filters, DCC (how many received the same mail),
>> greylisting, and other methods. I was also going to say that is very
>> much like Cloudmark's SpamNet (renamed to Desktop after they yanked
>> away the free version from all their users that helped them test and
>> debug their app) but then I saw the following article which says
>> that iHateSpam is just a different front-end to Cloudmark:
>>
>>
http://www.pcmag.com/article2/0,1895,2280345,00.asp
>>
>> Community voting of spam sounds great as described but it doesn't
>> work if you grab your e-mails almost as soon as they show up in your
>> mailbox. The idea is that users vote on the spam (by marking it as
>> spam) and a hash value (fingerprint) gets sent to their server to
>> get updates to other users. If they receive the spam and if they
>> have gotten a database update then the spam gets identified. If you
>> poll your mailbox at long enough intervals and if enough other users
>> have voted on the message as spam and if you have gotten a database
>> update then you won't see the spam. A lot of if's.
>>
>> The voting scheme is very similar to use DCC to determine if an
>> e-mail is spam or not. A hash of the message is sent to their
>> server to record how many recipients got that message. The idea is
>> that you can set a threshold, say 20 or 50, after which if more than
>> that many recipients got that e-mail. What it really does is
>> provide a measure of whether or not an e-mail is bulk e-mail without
>> it identifying itself as such (by using the "Precedence: Bulk"
>> header). Cloudmark takes it a step further by having users vote on
>> whether or not a message is spam to record the hash for that message
>> so others that get that same message (and the same hash) might know
>> it was voted as spam. Why do you think those spammers adds
>> paragraphs of nonense to their spam? Because changing just one word
>> will generate a different hash. Some of their spam source will spew
>> the same message and you might block that one that has already been
>> voted on sufficiently to identify it as spam, but the same spam from
>> a different spam source has a few words changed to change the hash
>> value. It's like when the captain on the Enterprise says to rotate
>> frequencies of their shields to thwart the Borg: the spammer just
>> rotates frequencies by generating a different hash for their same
>> turds that they're firing at you.
>>
>> If you poll your mailbox at, say, 5- or 10-minute intervals, no one
>> else (or few others) have yet voted on the spam that just got
>> started in spewing out from the spam sources. There are no votes,
>> or not enough of them, to identify the message as spam. You haven't
>> yet gotten an update from their server so the message won't be
>> identified as spam.
>>
>> I participated in the SpamNet testing. When spam was fresh, oh joy,
>> I got to vote on it so *others* could take advantage of my voting to
>> not see that spam. I still saw it, though. So if you poll your
>> mailbox every hour, or longer, then you get to ride on the coattails
>> of the other users that voted the message was spam. But obviously
>> those folks that voted had to actually see the spam so the scheme
>> obviously didn't help them to get rid of the spam in their mailbox.
>> Because I was polling my accounts at under 15-minute intervals,
>> almost all the spam got through because no one had voted on it yet
>> except me and maybe a few others that just got the freshly spewed
>> turd dumped in the mailbox.
>>
>> Another big problem with community-driven "intelligence" in
>> identifying spam is that a large majority of users will claim
>> something is spam when it does meet the qualifications of UCE or
>> UBE. They say something is spam simply because it is e-mail that
>> they don't want.
>>
>> So if you use Cloudmark (via iHateSpam) then don't poll your mailbox
>> very often. Otherwise, you will see the spam and get the joy of
>> voting on it so *others* won't see it.
Yep, every 10 minutes. Actually I have a monitor program checking my
e-mail accounts and run Outlook only when I want to receive those
e-mails. The monitor program would grab the spam from my mailbox every
10 minutes and the fresh spam shows up (which means it didn't get
identified as spam yet) even if enough people later vote on that message
being spam (because the copy of the message as retrieved originally
wasn't yet marked as spam).
If you read the v5 manual on "Statistics and your rating", you'll see
Sunbelt allude to the "community" and your rating (which relies on you
hitting the IsSpam button when you *do* see fresh spam to help other
users but not you, and that sends info to Sunbelt/Cloudmark to update
their database).
Apparently Sunbelt decided to not bother with upgrading and improving
the code branch for which they were allowed to keep (with Microsoft
getting a code branch to use in Windows Defender), they decided to
abandon that code branch and go with being a front-end to Cloudmark's
service. See
http://www.sunbelt-software.com/Press/releases/?id=103.
> Interesting. I have to admit that I did not even know that iHateSpam
> had this feature.
