Analyzing AT&T's Anti-Anti-Spam Patent

An anonymous reader writes "Dan Gillmor is reporting in his eJournal taken, in turn, from Gregory Aharonian: AT&T has apparently been awarded a patent for circumventing certain spam filters, thereby providing slimeball spammers with yet a bigger hammer!" The patent covers "A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.)", although it's unclear exactly what AT&T want it for.

Hey! Shortsighted people!

Has it occured to anyone that by patenting an anti-anti-spam technique, AT&T can legally forbid spammers from using that technique?'

Yay AT&T. I applaud you.

Re:Hey! Shortsighted people!

See, that occurred to me. But I sorta doubt they'll use it to track down spammers and sue them for patent infringement, considering that spammers are already very often violating state laws, violating their ISP AUP, and peddling illegal scams and therefore make themselves hard to find.

But on the other hand, I doubt ATT will be selling circumvention technology. Now, a fair guess would be that they won't sue the spammers for infringement, but may sue those who sell software used for spamming (who are generally a bit more findable).

Re:Hey! Shortsighted people!

> International patent law, however, is another matter.

The matter being that unless sizeable amounts of money are involved, nothing gets enforced.

Re:Hey! Shortsighted people!

spammers are already very often violating state laws, violating their ISP AUP, and peddling illegal scams and therefore make themselves hard to find

Hey, I hope this doesn't get me modded flamebait but I've had this thought for awhile and this seems like the ideal article to raise it in. Disclaimer: I am not endorsing or defending SPAM or the people behind it.

Has anyone else thought that the most effective way to combat SPAM would be with education not filters/lawsuits/etc?

It would seem logical to me to assume that at least a large number of (if not a vast majority of?) spammers are ignorant as to why it's a bad idea. They don't know much about the Internet, and some idiot with a spam-software outfit approaches them and tells them about this "Great Marketing Idea", sells them some software (that may or may not do various bad things like hiding headers/etc), and off they go!

My boss approached me once with some literature he received from one of these software companies. After my initial "WTF??? You aren't serious???" reaction I sat down with him and explained some of the history behind spamming, why it's a bad idea, would piss off our existing customers/alienate new ones, etc etc etc. Based on this experience it would seem to me that the most logical solution would be to educate the companies behind the spamming as to why it's a "Bad Idea".

Of course, this theory doesn't hold any water when you look at pornographic spam, Nigerian bank fraud spam (my personal favorite), pyramid schemes, etc etc. But it probably would be a better approach when dealing with the idiots who have been duped into thinking that unsolicited e-mail is a legitimate marketing tool. At the very least it can't hurt any.

Just a thought I've had for awhile now.

Re:Hey! Shortsighted people!

Or, instead of trying to educate the spammers, how about trying to educate the people who respond to spam?

Just do a mass spam once a month, or even once a week, to every email address you can find. Do a few spams: one selling Viagra, a few pushing different types of porn, etc. Cover the basic list of things that get spammed for on a regular basis.

Make the offers believable, and direct the recipient to an appropriately believable web site. Take their credit card details (but don't actually charge the card), do the whole lot. Right at the end, though, put up a page and say "hey, this is a scam site. Lucky we didn't really take your money!"

This will make all of those people that actually buy from these emails actually think twice the next time they go to purchase.

I wouldn't mind getting these "spams" as often as other spam if only for the fact that because the goal of these emails is to educate, there would be no reason to try and break through Bayesian filtering (or any other form). That is to say that they would be very easy for me to filter and never see, and hopefully at the same time we would see a reduction in other types of spam as people are educated about the problems associated with it (as it would drive sales down).

Having said that, I know there is no limit to stupidity, so maybe the market will always be big enough...

Re:Hey! Shortsighted people!

My boss approached me once with some literature he received from one of these software companies. After my initial "WTF??? You aren't serious???" reaction I sat down with him and explained some of the history behind spamming, why it's a bad idea, would piss off our existing customers/alienate new ones, etc etc etc.

I'm astounded at your self-control. I'd have slapped him sillty.

-jcr

Wrong numbers

Those numbers are very wrong. Spammers count returns in sales per MILLION emails, because the rate is so low. It's profitable because they send huge quantities of spam, so even a very low sale rate is quite profitable.

On the other hand real email marketing (done by a well known legitimate business, targetted to specific peoples who agreed to receive it) can get much better results.

ATT will be selling circumvention

1980...
Remember being charged for an unlisted number?

1990...
AT&T sells us caller-id, and then sells caller-id avoidance devices to marketeers, then sells us next-gen caller id to thwart their devices...etc...etc.

AT&T has been playing the middle for years...I see no reason for them to stop now. Patents just mean more money, faster.

Re:ATT will be selling circumvention

2005...

ATT sells their spam circumvention patents to SCO, who, dying from their fight with IBM, seeks to build a new business providing software tools for the spam community.

PRECISELY!

Now, instead of being well-nigh untouchable due to spam's precarious placement as little more than a highly undesireable activity, AT&T can go after spammers IN COURT on grounds of PATENT INFRINGEMENT.

And going to court over something like this takes megabucks. Especially against a company the size of AT&T. Even if the spammers somehow weasel out on technicalities (like they didn't actually infringe on the patent directly), they're still going to be out so much money that their great grandkids aren't even going to be able to go to any educational institution after public high school.

Re:PRECISELY!

Looking at my inbox, they appear to be mainly in Korea. I don't think AT&T has much litigation influence there, but I could be wrong.

Re:Hey! Shortsighted people!

Or it occurred to them that they can make a mint by selling/licensing the technology to "spammers" or slightly more legitimate advertisers. It's probably just perception, but I think that a good chunk of the dinner-time phone-spam, and a large portion of the direct mail I used to get was from the Death Star.. oops.. I mean good ole Ma' Bell.

Re:Hey! Shortsighted people!

Please someone with some money, patent all possible future DRM techniques.

Re:Hey! Shortsighted people!

by patenting an anti-anti-spam technique, AT&T can legally forbid spammers from using that technique

Which would make it an anti-anti-anti-spam technique

Re:Hey! Shortsighted people!

Has it occured to anyone that by patenting an anti-anti-spam technique, AT&T can legally forbid spammers from using that technique?

True, though it's unfortunate that the government hasn't already done so on the grounds that circumventing an anti-spam filter is a form of cracking.

Re:Hey! Shortsighted people!

Has it occured to anyone that by patenting an anti-anti-spam technique, AT&T can legally forbid spammers from using that technique?'

If the technique is well-known and utilized prior the patent as well as extensively discussed in public forums (like nearly all ways of bypassing the spam filters are), then the patent can be nullified. In other words:

• If the spammers have been using this patented method, the patent is void
• If the spammers haven't been using this patented method, the patent has very little effect on spam

Re:Hey! Shortsighted people!

This patent describes the simple use of hash-busting characters in email messages.

System and method for counteracting message filtering

Abstract

A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.) An address on a list is assigned to one of m sublists, where m is an integer that is greater than one. A set of m different messages are created. A different message from the set of m different messages is sent to the addresses on each sublist. In this way, spam countermeasures based upon duplicate detection schemes are foiled.

This isn't "providing slimeball spammers with yet a bigger hammer". It's a bread-and-butter spamming technique. Almost all the spam I get is salted with random letters or dictionary words in the address or message body to change the hash (and is therefore infringing on AT&T's new patent). We just saw a story a few days ago where spammers were sprinkling fraudulent scam emails with hash-busting characters [securityfocus.com] to get past filters.

One of the nice things about spammers is that (unlike their opponents) they rarely patent the circumvention mechanisms they use, leaving their bag of tricks open for intellectual property land grabs like this one. Compared to laws against spam, which for the most part hardly exist, patent law rests on sound international footing and gives AT&T much greater leverage against spammers who are now patent infringers. Good for AT&T. I wish I'd thought of it first.

It's lunacy to assume that AT&T secured this patent for any other reason- like productizing this stupid patent. Are they going to sell a new software suite for spamming? Spammers aren't an ideal software market by any reasonable standard. There's only 180 of them. AT&T would sell one copy, it would get pirated 179 times, everyone with a copy would start spamming warez versions of it, and that would be the end of it. Assuming that spammers cared about using patent-encumbered software at all- which they don't. And AT&T would alienate its customers in all the other markets they're in. It would be like a Christian bookstore opening a bondage videos section. It makes no sense. I can't understand how anyone could possibly take the outrage in this article at face value.

What is really amazing about this patent is what it says about the research done by the USPTO. I bet the USPTO examiner received a dozen examples of prior art in his own inbox the very day he approved this patent, and he approved it anyway!

Re:No, not hash-busting characters. Read the paten

If you read the patent, you'll see it has nothing to do with "random letters or dictionary words" to break hashing detectors.

Yes it does. Note that while they describe many ways to alter a message, the specific method used is not central to their claim, which is merely that m different versions are created somehow, that recipients are assigned to sublists in which the same ISP does not appear twice, and each sublist gets a different version. While it doesn't mention them specifically, any technique using n random letters in a message will infringe, since it effectively divides all users into m=26^n sublists and sends the same message to all users in a sublist. Use of enough random characters effectively generates such a large m that each recipient lands in their own sublist. Therefore there is no need to "determine if the selected address is substantially similar to an address on the selected sublist" since there are no addresses already in the sublist. Nobody gets the same message, so you don't need to worry about two copies of one version going to users at the same ISP. It is algorithmically equivalent to what they're claiming.

The patent goes on to describe many ways that a message might be altered, like reordering paragraphs, etc. In general many of the techniques they describe are subtle and do not allow as many permutations as you can get from a bunch of random characters, and so they stipulate (as a part of the claim) that care must to be taken that no sublist contains two "similar" email addresses. Meaning, don't send two copies of the same version to two recipients at the same ISP, who will notice the identical message hash. Duh. Any spammer could figure that out for himself. And like I said, if you use a large enough m this part of the patent is irrelevant since you don't need to worry about this problem. All the messages are unique.

If you are too lazy to read the entire patent, and insist on only reading a small part, how about also reading what the claims section says instead of just the abstract?

Yeah, what in the claims section do you think I missed?

Sometimes, you know, patents are allowed that don't actually have prior art, or at least aren't as obvious as the abstract makes them sound.

While true, that's irrelevant in this case because this is an obvious patent with plenty of prior art.

That gives me an idea!

Now all I need is an anti-patent patent and we can end all the stupid patent nightmares once and for all!

Up next..

A patent on bank robbery!

Obvious value

If you look back, at the time AT&T would have been filing the patent they were in the consumer ISP business.

Odds are it was filed as an offensive tool to use against spammers.

A patent such as this could be used as a hammer against spammers using filter evasion approaches. The value of that for an ISP of the size of AT&T far exceeds the cost of filing a patent.

(AT&T are pretty clueless on many levels, but this looks like it was a smart move. It'll be interestng to see what, if anything, they do with it.)

Wait a minute ...

1) Patents are a way of restricting rights to certain ideas/methods/etc.
2) AT&T can prevent anyone else from circumventing anti-spam filtering software with this patent
3) Ergo, AT&T are the good guys

...

wait a minute, I thought they were the bad guys [slashdot.org]

...

I'm confused now ...

Re:Wait a minute ...

The patent is not for sending multiple messages with the same text. It's for altering messages to fool hashes. I hadn't seen that technique employed by spammers until at least 2001 or 2002.

Then again, I suppose I'm lucky that I block only 200 spam messages a day, with only about 5 getting through.

Pink contracts

AT&T have the ability to use this patent for good by killing spammers with it.

What I suspect that they will do is allow it for their Pink contract holders and go after anyone else.

Wouldn't that be illegal in the US anyway?

Couldn't you use the DMCA to stop circumvention of mail security software?

That's a question, not a statement.

Maybe AT&T is just disorganized

Maybe this isn't part of a master plan -- maybe it's more random.

I could see a guy inside of AT&T working on something, and having to justify his time to his bosses. The lawyers who filed the patent probably work directly for AT&T, and so they gave it to them, and asked if it could be patented. The patent lawyers filed it, because they're patent lawyers, and that's what they do.

I tend to assume that this situation would fit right into a dilbert storyline. I don't think it's part of a grand strategy.

I can't imagine that AT&T would sell spam technology, because it would be a public relations nightmare. And I can't imagine that they'd try to sue spammers for patent infringment, because that would be expensive, and they wouldn't get anything out of it.

Re:Maybe AT&T is just disorganized

I can't imagine that AT&T would sell spam technology, because it would be a public relations nightmare.

You don't think they'd sell it under the "AT&T" brand name, do you?

Several distinct companies operate under the AT&T brand name; I'm sure AT&T owns several companies that operate under different brand names as well.

How many normal people do you suppose make a connection between Bugs Bunny, WinAmp, Mapquest and CNN? They wouldn't make the connection between AT&T and whatever subsidiary sold the spam software either.

THey've patented something... illegal?

Okay. I can work with that. Now I shall patent a method to circumvent systems that use visual inspections to detect and block illegal quantities of cocaine from entering national and/or state jurisdictions.

Forget trying to wrest money out of some crummy /spammers/.

A victory for anti-spam

After reading through the comments, I'm surprised at the number of people who can't see the obvious: this patent is a huge boon for the anti-spamming community. The author of the article is one of those people too, unfortunately. RTFA, but think it through, too.

With the patent, AT&T can sue the makers of spamming software for patent infringement, unless SpamCo (or whatever company) makes sure that their mass e-mailer doesn't use any of AT&T's patented methods for avoiding filters. Of course, this will result in a crippled program: AntiSpamCo (or whatever company) knows exactly what SpamCo is not allowed to do, so their anti-spam filters will actually work.

So why is AT&T doing this? One, it could be good PR for them once AntiSpamCo et al. realize the implications. Two, (this is for all you conspiracy freaks out there) the government may have asked them do to it. Governmental agencies cannot hold patents. Only individuals and corporations hold patents.

I'm not trying to claim that AT&T is some benevolent corporation, though. It's entirely possible that, in addition to suing SpamCo, AT&T could also try to sue AntiSpamCo. They might not have as strong a case, but AntiSpamCo would still be using pieces of AT&T patent in their filtering software.

Despite that troublesome possibility, it'll be good to see SpamCo get what's coming to it. A lot (perhaps most) of SpamCos are rather or the sleazy, shoddy side; I'm sure there will be patent infringement. It will be interesting too see how soon and how vigorously AT&T will defend their patent in court.

The next big patents?

Can Slashdot patent anti-anti-anti-spam?
And recursively more anti- as well?

AT&T has cornered the market

AT&T recently got in trouble for violating the no-call list, because they were telephone "spamming." Also, I've gotten more telemarketing calls from AT&T than any other company, despite the fact that I've asked to be removed from their lists many times. It seems to me that AT&T will use this to spam with e-mail now, since the telephone is no longer working. I don't imagine they'll be violating their ISP's regulations if they do start spamming, either.

I sure hope AT&T don't enforce this patent

How will I achieve the longer, thicker penis that drive women wild while I'm talking on my newly range-enhanced cellphone to my stock broker that just found a great new company in Nigeria that is a sure bet?

I'll chime in on the anti-patent side

Since slashdotters seem to hate spam so much all reason gets abandoned when it's involved, I thought I'd point out why this is so awful. Basically, it's a math algorythm. Like Quick Sort. Now stop and think about what computing would be like if Quick Sort was patented. The same sytem that allows this to be patented would also allow Quick Sort to be. We're fortunate that most of the ground work for computing was layed before this mess started. Anyways, I just wanted to make the point that there's no such thing as a good software patent.

probably just a fluke

Actually, this whole thing is probably blown out of proportion. The patent summary looks a lot like a paper [nec.com] by Robert J. Hall. I expect that ATT has a policy of patenting everything any of their researchers works on, regardless of what it is. The paper itself is mainly mathematics with the spam theme thrown in to make it interesting.

The reason why...

The patent covers "A system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam.)", although it's unclear exactly what AT&T want it for.

If they cannot call you [nypost.com] to get you to change your long distance service, maybe they are doing to "telemarket" to your inbox. The Federal 'Do Not Call List' is changing the way a lot of traditional telemarketers are doing their business. Since they are now being fined for calling you, they need another way to invade your life and bombard you with offers. Having a technology that can circumvent spam blocking would be a step up on the competition.

useless patent

having actually just read the patent it would appear to be useless as it describes a means of avoiding a rather poor spam detection mechanism which I've never actually seen deployed.

Modern spam detection which uses statistical methods applied to the spam content would be unaffected by the techniques described in the patent.

get the spam tool makers

Up until now, all anti spam tech was aimed at the individual spammer, but this can be aimed at the much smaller pool of people who write the tools to spam. This could cripple spamers.

A world of AT&T only spam?

As mentioned in a few other posts, this could mean AT&T can go after spammers for patent infringment. Now this seems unlikely, but if I got only one spam a day and it was from AT&T and I knew that they had hordes of lawyers tracking down "infringers" I would not only switch to AT&T, I would print out the daily message and admire it during the time I've previously allotted to hitting "D" a few hundred times...

Infinite Loop?

1) Slashdot links to article
2) Article links to Slashdot discussion
3) Slashdot links back to article
4) Article links back to Slashdot discussion

repeat...

What's good for the goose

Remember, everyone on the 'net is affected negatively by spam - including the Death Star themselves. As such, if they patent this, they make it harder for spammers to deal with circumventing filters.

That AT&T came out and did this, frankly, rocks. Good show, guys.

The only concern I have is that there is prior art, which will come up as a double-edge sword again. Prior art will protect the good guys from frivolous patent filings (Amazon, anybody?), but as such I'm concerned that the spammers will pull the prior art card against AT&T. On the other hand, AT&T's interest - protecting their network - and the fact that they probably have infinitely larger amounts of money than your spammers just might put an end to them for now.

useless patent # 3,454,343

It doesn't really matter. Content-filtering based spam controls will never, ever be effective, because as soon as someone figures out a way to circumvent the spam filter, the spam filters get updated. It's a never-ending cycle, and AT&T can create all the goofball patents they want. Relay blacklisting is still the most effective method of controlling spam. The more blacklisting that occurs, the more spammers are forced to congregate in smaller areas of the net and be more ethical in their practices.

Re:Just going from the summary...

The DMCA only covers protection mechanisms designed to protect access to a copyrighted work, not just any protection mechanism. The Computer Fraud and Abuse Act is probably more applicable to spam, although you'd still need to get a judge to agree with you on that one.