Wanted: Spam trap extension for Mozilla Thunderbird

June 16th, 2006

I'd like to see someone write a spam-trap extension for Mozilla Thunderbird that would simply delete any messages that match messages from a spam-only account. I'd be willing to pay for such an extension.


I first saw this idea in use on unstable.nl. At the bottom of the page was this puzzling declaration:

spam-trap@unstable.nl - Please send spam.
Humans may write to andreas@unstable.nl

I presume that Andreas has programmed his mail client or retriever to delete from andreas@ any messages that are identical or similar to messages that appear on spam-trap@. I later contacted him on Jabber, and he validated my suspicions, adding that he only sees one piece of spam per week. I was impressed.


A Mozilla Thunderbird plugin could easily implement this concept. Have the user specify an address they don't use, but own, such as an outdated Hotmail account. Then delete any similar or identical messages that arrive on other accounts. Defining "similar" is the hard part, of course, but I have some ideas:

  • Compute a quick hash of each embedded attachment (otherwise may have disproportionate effect on filtering)
  • Use the diff function on textual areas
  • Strip query strings from URLs and embedded forms (query strings may have hashed copy of email address embedded)
  • Compare some email headers


I don't know much about email headers or routing, so I don't know how same-session spam messages are similar or different. Research into this would be necessary. Perhaps public data on this already exists.


This technique of filtering may be circumvented if spammers start sending out messages with more randomization and scrambling. Additionally, if this filtering technique were to become popular, unforeseen loopholes would undoubtedly arise. In both cases, however, I am certain that spammers would be required to use more processing power, and therefore incur more cost to themselves.


This is a cool enough idea to warrant a bounty, especially if research is required. I would be willing to pay $50 out of my own pocket for the first successful solution, and I'm sure others would be willing to contribute. Alternatively, if someone can find a fatal flaw in the idea before any serious work is done, I am willing to pay that person $5-10 dollars. (I might pay more if they devise a new specification that is not vulnerable to the same flaw.)

A "successful solution" is defined as open source/free software, cross-platform, reasonably non-buggy, and able to implement at least the core feature of the request (here, deletion of mail on one account upon receipt of a similar message in another.) A "fatal flaw" is defined as a reasonably easy concept or proof-of-concept which, if implemented, would defeat any reasonable solution.

Please, if you plan to implement this idea, leave a note here so that people are not duplicating efforts. If there is a change in status, I will notify every person who leaves a comment, unless they request otherwise. (Yeah, I know, opt-out emailing...)

Are you willing to pledge bounty money for an implementation? Leave a note here to motivate potential developers. (Your pledge isn't binding, even though mine is.)

Arbitrary code execution – why?

May 4th, 2006

I find the current state of affairs in programming deplorable. As it is, a single tiny system program with an unchecked buffer size can often be exploited by an attacker to execute arbitrary code on the system. (Let that sink in for a second.) Your operating system (whatever it is) is so fragile that a single coding error, a typo, could allow anyone to do anything they wanted to on your machine. That's unacceptable. And all too common.

Read full entry »

Edit the web

April 16th, 2006

What if web surfers could edit any page on a website? What if webmasters could get webcorrections from users? What if readers could fix typos in blog posts, without leaving nitpicky comments? I've got a plan...

Read full entry »

Google redirection on public WiFi

April 5th, 2006

Just a quick thought: Imagine if I set up an unsecured WiFi point near a coffee shop, and modified people's Google search results to include my own advertisements.

Or what if I started an advertisement referral program? People with unsecured WiFi points could install a program that would refer Google searches to my company's servers, which would modify the results. People would get a kickback for the number of referrals they got, as measured by my servers.

You could even use the same kickback system that adware companies currently use.

I think this underscores the importance of using secure protocols like HTTPS.

Outsourcing the mind

July 20th, 2005

Until recently, I thought my memory was going. Now I realize that it is simply being outsourced.

As Jason Kottke points out, we technophiles are becoming more reliant on data-management systems to track our information. (PDAs, address books, personal wikis, password managers, keyrings, bookmark tagging systems, search engines, et hoc genus omne.) As information access becomes ubiquitous, I will have less distance to reach to find the next relevent piece of information. Each time I rely on an external databank to prop up my memory, my ability to recall that information diminishes — a worrisome prospect. But is this outsourcing of the memory necessarily a bad thing? I'll explore the issue from several angles: philosophical, psychological, societal, technological, and spiritual (a little bit).

Philosophically, this is no different than any other type of augmentation that humans have practiced in the past. I recall saying to a coworker the other day, I'll be the first in line to get a USB port installed in my brain — so I can plug in my 512MB USB drive. The prospect of becoming a "distributed cyborg" somehow has me reacting differently. From a practical perspective, I lose some control over my data by using decentralized recall. But from a philosophical standpoint, there is no essential difference when one ignores the implementation and details. Apparently, I already have the equivalent of a USB drive stuck in my head, which I had already decided would be a good idea.

Psychologically, we are transforming literal memory to procedural memory. Ever since I started a corporate wiki at my workplace, I've become forgetful of certain commands and parameters that I use frequently, even weekly. But when I need them, I know where to look and how the information is categorized. What used to be nodes filled with data have become references to search terms or hooks into well-known procedures. I have mapped my internal databanks into external data banks — this is a process we have evolved to do quite well.

Societally, we already have a similar system. In the EEA, we remembered who had this skill or that bit of knowledge, and the tribe members would assist each other in areas requiring expertise. Instead of division of labor, division of knowledge.

Technologically speaking, there is no problem. A common thread throughout the history of computing has been the storage, organization, and retrieval of information. Not just any information, but information that otherwise would have been stored, organized, and retrieved by humans. The recent mass adoption of folksonomies has provided a major breakthrough in the classification and structuring of information. Ubiquitous information access is moving towards a reality, with the adoption of peer-to-peer networking and wireless connectivity. No problems here.

Spiritual matters might be relevant as well, not in any earth-shattering way, but in some subtle changes to the structure of our relationships to humanity as a whole (I'm a humanist, so that's as far as I'm going to go with the spiritual side of this topic.) Look to the more distant future, when our minds become more distributed and interconnected, and wonder just how far this distributive intelligence might go. Could we one day be inseperable from the community we live in? What does that say about personhood? What about the distinction between individual and group? Those are questions I don't have the information to answer, but I keep them in the back of my mind.

But, ready or not, here it comes.